Description: This document describes the settings to make on LANCOM GS-23xx series switches and LANCOM routers in order to implement MAC-based authentication at the internal RADIUS server of a LANCOM device. Requirements:Procedure:1) Setting up the switch
1.1) Specify the RADIUS server- Open the menu Security → AAA → Configuration → RADIUS authentication server configuration and set one of the entries in the list to Enabled.
- Enter the IP address of the LANCOM RADIUS server.
- Enter a shared secret into the Secret box.
1.2) Set up MAC authentication- Navigate to the menu Security → NAS → Configuration → System configuration and set the Mode to the value Enabled.
- In the Port configuration section, set the Admin state of the necessary ports to the value MAC-based auth.
Then save the configuration of the switch.
2) Setting up LANCOM RADIUS
2.1) Activate the RADIUS server- Open the configuration for the LANCOM router in LANconfig and switch to the menu item RADIUS → Server → RADIUS service.
- In the Authentication port field, enter the value 1812.
2.2) Specify the switch as an IPv4 client- Then click the button IPv4 clients to specify the switch as a new client.
- IP address: IP address of the switch
- Netmask: 255.255.255.255
- Protocols: RADIUS
- Client secret: The same secret as the one entered into the switch
2.3) Add one or more entries to the User table- In the RADIUS server user table, add one or more new entries with the following settings:
- Name / MAC address MAC address of the client in the format xx-xx-xx-xx-xx-xx
- Case-sensitive user name check: Set the checkmark
- Password: The MAC address of the client
- Service type: Framed
- Expiry type: Never
Write the configuration back to the LANCOM router. This concludes the configuration. |
|
