Dell W-Series 324 Instant 6.4.3.1-4.2 User Guide - Page 169
Enabling RADIUS Communication over TLS, Configuring RadSec Protocol, In the UI
![]() |
View all Dell W-Series 324 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 169 highlights
(Instant AP)(LDAP Server )# timeout (Instant AP)(LDAP Server )# retry-count (Instant AP)(LDAP Server )# deadtime (Instant AP)(LDAP Server )# end (Instant AP)# commit apply To configure a TACACS+ server: (Instant AP)(config)# wlan tacacs-server (Instant AP)(TACACS Server )# ip (Instant AP)(TACACS Server )# port (Instant AP)(TACACS Server )# key (Instant AP)(TACACS Server )# timeout (Instant AP)(TACACS Server )# retry-count (Instant AP)(TACACS Server )# deadtime (Instant AP)(TACACS Server )# end To configure a CPPM server used for AirGroup CoA: (Instant AP)(config)# wlan auth-server (Instant AP)(Auth Server )# ip (Instant AP)(Auth Server )# key (Instant AP)(Auth Server # cppm-rfc3576-port (Instant AP)(Auth Server )# cppm-rfc3576-only (Instant AP)(Auth Server )# end (Instant AP)# commit apply Enabling RADIUS Communication over TLS You can configure a W-IAP to use Transport Layer Security (TLS) tunnel and to enable secure communication between the RADIUS server and IAP clients. Enabling RADIUS communication over TLS increases the level of security for authentication that is carried out across the cloud network. When configured, this feature ensures that RadSec protocol is used for safely transmitting the authentication and accounting data between the W-IAP clients and the RADIUS server in cloud. The following configuration conditions apply to RadSec configuration: l When the TLS tunnel is established, RADIUS packets will go through the tunnel and server adds CoA on this tunnel. l By default, the TCP port 2083 is assigned for RadSec. Separate ports are not used for authentication, accounting and dynamic authorization changes. l Instant supports dynamic CoA (RFC 3576) over RadSec and the RADIUS server uses an existing TLS connection opened by the W-IAP to send the request. l For authentication between the W-IAP clients and the TLS server, RadSec certificate must be uploaded to WIAP. For more information on uploading certificates, see Uploading Certificates on page 186. Configuring RadSec Protocol In the UI To configure RadSec protocol in the UI: 1. Navigate to Security>Authentication Servers. The Security window is displayed. 2. To create a new server, click New. A pop-up for specifying details for the new server is displayed. 3. Under RADIUS Server, configure the following parameters: a. Enter the name of the server. b. Enter the host name or the IP address of the server. c. Select Enabled to enable RadSec. d. Ensure that the port defined for RadSec is correct. By default, the port number is set to 2083. 169 | Authentication and User Management Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide
![](/manual_guide/products/dell-wseries-324-instant-643142-user-guide-fd65a7e/169.png)