Separation of SM authentication and User Authentication

RADIUS AAA is a server that provides authentication, authorization, and accounting services.

Minimum Software Version: 15.1  

This feature allows configuration of user authentication servers separate from SM authentication servers.

Further use cases of this feature are:

  • SM authentication set as “Disabled” and User Authentication with RADIUS AAA can be configured seperately.
  • SM authentication set as “Pre-shared key” and User Authentication with RADIUS AAA can be configured seperately.
  • SM authentication set as “Authentication server” and User Authentication with RADIUS AAA can be configured seperately.
  • Different Authentication servers can be configured for SM authentication and User authentication.
  • This feature is also available on PTP radios.

Default behaviour will use SM authentication server until User authentication is configured.

If one or above User authentication server(s) are configured then these server(s) are used for all Authorization request and Accounting messages.

User Authentication on Accounts tab of AP:

Additionally EAP-PEAP-MSCHAPv2 authentication method is added in all the radios.

Cambium provides two additional certificates for EAP-PEAP-MSCHAPv2 authentication method on the radios for the USER auth.

Totally, there are four certificates on SM ,two for SM Authentication and two for User authentication.

And there are two certificates on BHM/BHS/AP for user authentication.

Cambium allows user to upload their certificates through “RADIUS Certificate settings”.

Press the button “Choose File” and select the certificate file.

Press “Import Certificate” button to import the file to the radio.

Use “Use Default Certificates” button to retrieve the Cambium certificates.

Note:

One need to delete the existing certificates of cambium before uploading new certificates. As radio allows only two certificates at a time.

Below are the two user authentication certificates of radio.

USER CERTS.JPG

Below are MIB values for User authentication page:

Below are the configuration file values for User authentication Page:

#User Authentication mode (0-Local , 1-Remote,2 –Remote than Local ).

"whispWebUserAccessMode": 1,

#User Authentication Method (0-EAP-MD5, 1- EAP-PEAP-MSCHAPv2)

"whispUsrAuth": 1,     

#User Authentication Server DNS Usage (0-disable , 1-enable)

"userAuthDomainNameAppend": 1,        

Below are the links for additional info on RADIUS:

http://community.cambiumnetworks.com/t5/PMP-450/SM-ADMIN-User-privilege-level-for-radius-server-based/m-p/76145

 

http://community.cambiumnetworks.com/t5/PMP-Configuration-Examples/Using-RADIUS-Server-with-PMP-450/m-p/52305/highlight/true#M22

 

http://community.cambiumnetworks.com/t5/PMP-Configuration-Examples/How-to-configure-WISP-Toolbox-for-PMP-450-100-AP-Web-UI/m-p/52748/highlight/true#M25

6 Likes