Home > Motorola > Wireless > Motorola Wing 5 Manual

Motorola Wing 5 Manual

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual Motorola Wing 5 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 249 Motorola manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 1128
    Add page 931 to Favourites
    image text
    Enable zoom 
    							RADIUS-POLICY 18 - 15
18.2.4 ldap-server
radius-server-policy
Configures LDAP server parameters. Configuring LDAP server allows users to login and authenticate from anywhere on the 
network.
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6511
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
ldap-server [dead-period|primary|secondary]
ldap-server [dead-period ]
ldap-server [primary|secondary] host  port  login  
bind-dn  base-dn  passwd [0 |2 |] passwd-attr  group-attr  group-filter 
 group-membership  {net-timeout }]
Parameters
• ldap-server [dead-period ]
• ldap-server [primary|secondary] host  port  login  bind-dn 
 base-dn  passwd [0 |2 |] 
passwd-attr  group-attr  group-filter  group-membership  
{net-timeout }]
dead-period  Sets the dead period the RADIUS server will not contact the LDAP server after finding it 
unavailable. This is valid only when redundant LDAP servers are configured.
  – Sets a value from 0 - 600 seconds
ldap primary Configures primary LDAP server settings
ldap secondary Configures secondary LDAP server settings
host  Specifies the LDAP host IP address
  – Sets the LDAP server’s IP address
port  Configures the LDAP server port
  – Sets a port between 1 - 65535
    Add page 932 to Favourites
    image text
    Enable zoom 
    							18 - 16 WiNG CLI Reference Guide
Examples
rfs7000-37FABE(config-radius-server-policy-test)#ldap-server primary host 
172.16.10.19 port 162 login symbol bind-dn bind-dn1 base-dn base-dn1 passwd 0 
motorola1 passwd-attr moto123 group-attr grop1 group-filter gropfilter1 group-
membership gropmember
ship1 net-timeout 2
rfs7000-37FABE(config-radius-server-policy-test)#ldap-server secondary host 
172.16.10.2 port 2 login word bind-dn word1 base-
dn word2 passwd 0 word4 passwd-attr word4 group-attr word5 group-filter word6 group-
membership word8 net-timeout 3
rfs7000-37FABE(config-radius-server-policy-test)#
rfs7000-37FABE(config-radius-server-policy-test)#show context
radius-server-policy test
 authentication data-source ldap
 crl-check
 ldap-server primary host 172.16.10.19 port 162 login symbol bind-dn bind-dn1 base-dn 
base-dn1 passwd 0 motorola1 passwd-attr moto123 group-attr grop1 group-filter 
gropfilter1 group-membership gropmembership1 net-timeout 2
rfs7000-37FABE(config-radius-server-policy-test)#
Related Commands
login  Configures the login ID of a user to access the LDAP server
  – Sets a 127 characters maximum login ID
bind-dn  Configures a distinguished bind name
  – The bind name should not exceed 127 characters
base-dn  Configures a distinguished base name
  – Sets the distinguished base name
passwd [0 |
2 |]Sets the LDAP server password
 0  – Sets an UNENCRYPTED password
 2  – Sets an ENCRYPTED password
  – Sets the LDAP server bind password, specified UNENCRYPTED, with a 
maximum size of 31 characters
passwd-attr  Specify a name to configure the LDAP server password attribute (should not exceed 63 
characters)
group-attr  Specify a name to configure group attributes (should not exceed 31 characters)
group-filter  Specify a name for the group filter attribute (should not exceed 255 characters)
group-membership 
Specify a name for the group membership attribute (should not exceed 63 characters)
net-time  Select a value from 1 - 10 to configure network timeout (number of seconds to wait for 
response from the server)
noDisables the LDAP server parameters
    Add page 933 to Favourites
    image text
    Enable zoom 
    							RADIUS-POLICY 18 - 17
18.2.5 local
radius-server-policy
Configures a local RADIUS realm on this RADIUS server policy
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6511
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
local realm 
Parameters
• local realm 
Examples
rfs7000-37FABE(config-radius-server-policy-test)#local realm realm1
rfs7000-37FABE(config-radius-server-policy-test)#
rfs7000-37FABE(config-radius-server-policy-test)#show context
radius-server-policy test
 authentication eap-auth-type tls
 crl-check
 local realm realm1
 ldap-server dead-period 600
rfs7000-37FABE(config-radius-server-policy-test)#
Related Commands
realm 
Configures a local RADIUS realm
  – Sets a local RADIUS realm name (a string not exceeding 50 
characters)
noRemoves RADIUS local realm
    Add page 934 to Favourites
    image text
    Enable zoom 
    							18 - 18 WiNG CLI Reference Guide
18.2.6 nas
radius-server-policy
Configures the key sent to a RADIUS client
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6511
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
nas  secret [0|2|]
nas  secret [0 |2 |]
Parameters
• nas  secret [0 |2|]
Examples
rfs7000-37FABE(config-radius-server-policy-test)#nas 172.16.10.10/24 secret 0 
wirelesswell
rfs7000-37FABE(config-radius-server-policy-test)#
rfs7000-37FABE(config-radius-server-policy-test)#show context
radius-server-policy test
 authentication eap-auth-type tls
 crl-check
 nas 172.16.10.10/24 secret 0 wirelesswell
 local realm realm1
 ldap-server dead-period 600
rfs7000-37FABE(config-radius-server-policy-test)#
Related Commands
 Sets the RADIUS client’s IP address
  – Sets the RADIUS client’s IP address in the A.B.C.D/M format
secret 
[0 |2 |
]Sets the RADIUS client’s shared secret. Use one of the following options:
 0  – Sets an UNENCRYPTED secret
 2  – Sets an ENCRYPTED secret
  – Defines the secret (client shared secret) up to 32 characters
noRemoves a RADIUS server’s client on a RADIUS server policy
    Add page 935 to Favourites
    image text
    Enable zoom 
    							RADIUS-POLICY 18 - 19
18.2.7 no
radius-server-policy
Negates a command or reverts back to default settings. When used with in the config RADIUS server policy mode, the no 
command removes settings, such as crl-check, LDAP group verification, RADIUS client etc.
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6511
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
no [authentication|clr-check|ldap-group-verification|ldap-server|local|
nas|proxy|session-resumption|use]
no authentication [data-source|eap configuration]
no [clr-check|ldap-group-verification|nas |session-resumption]
no local realm [|all]
no proxy [realm |retry-count|retry-delay]
no ldap-server [dead-period|primary|secondary]
no use [radius-group [|all]|radius-user-pool-policy 
[|all]]
Parameters
• no authentication [data-source|eap configuration]]
• no [clr-check|ldap-group-verification|nas |session-resumption]
no authentication Removes RADIUS authentication settings
data-source Removes configured data source
eap configuration Resets EAP authentication to the default mode
no crl-check Removes the CRL check
no ldap-group-
verificationDisables a RADIUS server’s LDAP group verification settings
    Add page 936 to Favourites
    image text
    Enable zoom 
    							18 - 20 WiNG CLI Reference Guide
• no local realm [|all]
• no proxy [realm |retry-count|retry-delay]
• no ldap-server [dead-period|primary|secondary]]
• no use [radius-group [|all]|radius-user-pool-policy [|all]]
Examples
rfs7000-37FABE(config-radius-server-policy-test)#no use server-trustpoint
rfs7000-37FABE(config-radius-server-policy-test)#
rfs7000-37FABE(config-radius-server-policy-test)#no no local realm all
rfs7000-37FABE(config-radius-server-policy-test)#
no nas Removes a RADIUS server’s client
  – Sets the IP address of the RADIUS client in the A.B.C.D/M format
no session-resumption Disables a RADIUS server’s session resumption settings
no local Removes a RADIUS server’s local realm
realm 
Specify the realm name
no proxy Removes a RADIUS proxy server
realm 
Removes a RADIUS proxy server’s realm name
  – Specify the realm name
retry-count Removes a proxy server retry count
retry-delay Removes a proxy server retry delay count
no ldap-server Disables the LDAP server parameters
dead-period Sets the dead period as the duration the RADIUS server will not contact the LDAP server after 
finding it unavailable.
primary Removes the primary LDAP server
secondary Removes the secondary LDAP server
no use Removes the RADIUS group or a RADIUS user pool policy
radius-group 
Removes a specific RADIUS group or all RADIUS groups
  – Specify the RADIUS group name
 all – Removes all RADIUS groups
radius-user-pool-policy 
[|all]Removes a specific RADIUS user pool or all RADIUS user pools
  – Enter the RADIUS user pool name
 all – Removes all RADIUS user pools
    Add page 937 to Favourites
    image text
    Enable zoom 
    							RADIUS-POLICY 18 - 21
Related Commands
authenticationConfigures RADIUS server authentication parameters
crl-checkEnables a CRL check
ldap-group-verificationEnables LDAP group verification settings
ldap-serverConfigures the LDAP server parameters. Configuring the LDAP server allows users to login 
and authenticate from anywhere on the network
localConfigures a local RADIUS realm on this RADIUS server policy
nasConfigures the key sent to a RADIUS client
proxyConfigures a proxy RADIUS server based on the realm/suffix
session-resumptionEnables session resumption/fast re-authentication by using cached attributes
useDefines settings used with the RADIUS server policy
    Add page 938 to Favourites
    image text
    Enable zoom 
    							18 - 22 WiNG CLI Reference Guide
18.2.8 proxy
radius-server-policy
Configures a proxy RADIUS server based on the realm/suffix. The realm identifies where the RADIUS server forwards AAA 
requests for processing.
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6511
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
proxy [realm|retry-count|retry-delay]
proxy realm  server  port  secret 
[0 |2 |]
proxy retry-count 
proxy retry-delay ]
Parameters
• proxy realm  server  port  secret 
[0 |2 |]
proxy realm Configures the realm name
  – Specify the realm name. The name should not exceed 50 
characters.
server  Configures the proxy server’s IP address
  – Sets the proxy server’s IP address
port  Configures the proxy server’s port
  – Sets the proxy server’s port from 1024 - 65535
secret [0 |
2 |
Sets the proxy server secret string. The options are:
 0  – Sets an UNENCRYPTED password
 2  – Sets an ENCRYPTED password
  – Sets the proxy server shared secret value
    Add page 939 to Favourites
    image text
    Enable zoom 
    							RADIUS-POLICY 18 - 23
• proxy retry-count 
• proxy retry-delay 
Usage Guidelines
Only five RADIUS proxy servers can be configured. The proxy server attempts six retries before it times out. The retry count 
defines the number of times the wireless controller transmits each RADIUS request before giving up. The timeout value 
defines the duration for which the wireless controller waits for a reply to a RADIUS request before retransmitting the 
request.
Examples
rfs7000-37FABE(config-radius-server-policy-test)#proxy realm test1 server 172.16.10.7 
port 1025 secret 0 symbol123
rfs7000-37FABE(config-radius-server-policy-test)#
rfs7000-37FABE(config-radius-server-policy-test)#proxy retry-count 4
rfs7000-37FABE(config-radius-server-policy-test)#
rfs7000-37FABE(config-radius-server-policy-test)#proxy retry-delay 8
rfs7000-37FABE(config-radius-server-policy-test)#
rfs7000-37FABE(config-radius-server-policy-test)#show context
radius-server-policy test
 proxy retry-delay 8
 proxy retry-count 4
 proxy realm test1 server 172.16.10.7 port 1025 secret 0 symbol123
rfs7000-37FABE(config-radius-server-policy-test)#
Related Commands
retry-count  Sets the proxy server retry count
  – Sets a value from 3 - 6
retry-delay  Sets the proxy server retry delay count
  – Sets a value from 5 - 10 seconds
noRemoves the RADIUS proxy server settings
    Add page 940 to Favourites
    image text
    Enable zoom 
    							18 - 24 WiNG CLI Reference Guide
18.2.9 session-resumption
radius-server-policy
Enables session resumption or fast re-authentication by using cached attributes
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6511
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
session-resumption {life-time|max-entries}
session-assumption {life-time []|max-entries []}
Parameters
• session-assumption {life-time []|max-entries []}
Examples
rfs7000-37FABE(config-radius-server-policy-test)#session-resumption lifetime 10 max-
entries 11
rfs7000-37FABE(config-radius-server-policy-test)#
Related Commands
life-time  Optional. Sets the lifetime of cached entries
  – Specify the lifetime period from 1 - 24 hours
max-entries 
Optional. Configures the maximum number of entries in the cache.
  – Sets the maximum number of entries in the cache from 10 - 1024
noDisables session resumption feature on this RADIUS server policy
    All Motorola manuals Comments (0)