We have mostly PTP 800 series radios and would like to use Microsoft RADIUS to authenticate. When I attempt to configure the radio, the RADIUS status shows "Invalid AAA Server (VSA or Service-Type mismatch). Does anyone have experience setting this up?
Have you tried this?
http://www.cambiumnetworks.com/resources/radius/
(It contains details on implementing end-to-end RADIUS security on Cambium Networks equipment.)
I hope this helps!
Dave
Yes - unfortunately, the article does not provide enough info on the Microsoft RADIUS configuration.
Hi,
It looks like your VSA are not supported. Do you know we have these VSAs?
#
# Cambium vendor-specific attributes.
#
BEGIN-VENDOR Cambium
ATTRIBUTE Auth-Role 26 integer #Role of authorized user
VALUE Auth-Role Invalid 0
VALUE Auth-Role ReadOnly 1
VALUE Auth-Role SystemAdmin 2
VALUE Auth-Role SecurityOfficer 3
END-VENDOR Cambium
I was able to get the RADIUS configuration working. The VSA (Vendor Specific Attribute) was the problem. On a Microsoft RADIUS server, you have to create a "Network Policy" that includes Vendor Specific information. There are four tabs listed for the Network Policy (Overview, Conditions, Constraints, and Settings). Select the Settings tab and then select "Vendor Specific." Add an atrribute based on the Vendor: "RADIUS Standard" and Name: "Vendor-Specific" (which is attribute number 26). Click Add again - enter vendor code 17713, select "Yes, It conforms" and select "OK." Enter the following information on the next screen: Vendor-Assigned attribute number: 1, Attribute format: Decimal, and attribute value: (depends on what level of permissions you want), we used 3. Everything else is the standard Windows RADIUS configuration.
Hooray!