DSA-3200 Wireless Service Gateway User Manual

40

Trans Full Name:

Select whether or not the DSA-3200 will transfer the entire

username or a partial username to the RADIUS server for authentication.

Enable:

ID and postfix will transfer to RADIUS server for authentication.

Disable:

Only ID will transfer to RADIUS server for authentication.

Server IP:

Enter the appropriate IP Address or Fully Qualified Domain Name of the

RADIUS server to be used to authenticate user accounts.

Authentication Port:

The TCP Port that will be used to authenticate users through the

RADIUS server.

Accounting Port:

The TCP Port that will be used to communicate accounting

information to the RADIUS server.

Secret Key:

This shared secret should be configured on both the RADIUS server and

RADIUS client (DSA-3200). The shared secret assures only the RADIUS server and

client can decipher each message.

Accounting Service:

Enabling this feature tells the DSA-3200 to report account

usage statistics to the RADIUS server for each authenticated user that is connected to

the DSA-3200.

Authentication Method:

Choose between CHAP or PAP as the authentication

protocol between the RADIUS Server and Client. In general CHAP is more secure.

Layer 2 Authentications

:

±

Disable:

All authentications will be performed at Layer 3, after the client has

already joined the network.

DSA-3200 Wireless Service Gateway User Manual

41

±

802.1x:

Clients will be unable to join the network until they have been granted

access via successful completion of the 802.1x authentication and accounting

mechanism.

Authentication Server IP:

IP address or FQDN of the server performing User

Authentication Services (can consist of username/password, TLS, etc.).

Authentication Port:

The TCP Port that will be used to authenticate users through the

Authentication server.

Secret Key (Authentication Server):

This shared secret should be configured on

both the Authentication server and Authenticator client (DSA-3200). The shared secret

assures only the Authentication server and client can decipher each message.

Accounting Service:

Click to enable the accounting service.

DSA-3200 Wireless Service Gateway User Manual

42

Accounting Server IP:

Enter the appropriate IP Address or Fully Qualified Domain

Name of the Authentication server to be used to authenticate potential users.

Accounting Port:

The TCP Port that will be used to communicate accounting

information to the Accounting server.

Secret Key (Accounting Server):

This shared secret should be configured on both

the Accounting server and Accounting client (DSA-3200).

Assign to Group:

Users that are authenticated through 802.1x will be assigned the

permissions of the selected group.

±

WPA w/802.1x:

Also known as WPA-EAP, this is a wireless extension of 802.1x

Port Based Authentication.

Group Re-key Time:

Time interval for re-keying broadcast/multicast keys in seconds.

Caution:

Layer 2 authentication mechanisms override any Layer 3 (local user or

RADIUS) mechanisms already configured making them null and void

.

DSA-3200 Wireless Service Gateway User Manual

43

±

WPA-PSK:

Supports WPA-Personal, only requiring users to provide a PSK.

PSK (Pre Shared Key):

This key should be a random sequence of Hexadecimal

characters (upper or lowercase letters and numbers) 64 Characters in length.

Pass-phrase:

Alternatively the Administrator may choose a pass-phrase that will be

used to generate the Pre-Shared Key making user configurations much more

manageable. Enter anywhere from 8 to 63 Alphanumeric characters (including

symbols and white space) to be used by clients to join the network.

DSA-3200 Wireless Service Gateway User Manual

44

4.2.2 Group Configuration

The DSA-3200 provides the ability to configure 2 separate user groups enabling

separate permissions to be assigned to the same user pool. Each user group may be

assigned a specific Firewall profile, time schedule profile, and/or bandwidth maximum.

These permissions will apply to all users assigned to the corresponding group number.

Group Name:

Friendly name to help identify the privileges of the associated user.

Firewall Profile:

A specific firewall profile may be assigned to a user group to allow

differentiated access privileges between groups.

Click the Edit Hyperlink to manage

the Firewall Profiles after all other changes have been applied.

Schedule Profile:

A specific Schedule profile may be assigned to a user group to

allow differentiated timed access privileges between groups.

Click the Edit Hyperlink

to manage the Schedule Profiles after all other changes have been applied.

Bandwidth:

Select the maximum Bandwidth that the corresponding user group will be

able to utilize. Keep in mind that this configures the Ceiling Bandwidth.

±

Firewall Profiles - Edit

The DSA-3200 provides a single Global and 2 custom firewall profiles. The Global

policy will affect all users, whereas the other policies will only affect those user groups

to which they are assigned.