Infinet Wireless: Technical Documentation
Page tree

Versions Compared

Old Version 28

changes.mady.by.user Unknown User (msirbu)

Saved on

compared with

New Version 29

changes.mady.by.user Unknown User (msirbu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Anchor
mgmt
mgmt
Device management

Unauthorized The unauthorized access to the device's management interface is a serious threat that can lead to a violation of all the basic data properties, measures . Measures to ensure the information security and to reduce the potential risks should be elaborated carefully.

...

Warning
titleCAUTION

By default, one user is added to the configuration with administrative rights and with the following login values:

  • login: any nonempty string;
  • password: any nonempty string.

Since the default authentication settings allows a high probability of unauthorized access, change the username and password during initial setup.

A company can have several lines of technical support: in such a scheme, some problems that do not require wireless devices device reconfiguration can be solved by the first line of technical support. Thus, trivial tasks can be solved without qualified employees of the second and third lines of technical support. To implement this scenario, a guest account can be added to the device's configuration. A user which has access to the management interface using a guest account can use the utilities tools and view interface statistics, but he it is not allowed to make configuration changes.

It is recommended to use a centralized account storage for networks with a large number of devices. This allows to avoid errors when blocking accounts, provide a single password policy and have a single interface for accounts account management. Infinet devices support the RADIUS protocol, which is intended for centralized authentication, authorization and account management in networks. Depending on the capabilities and on the scale of the network, the database for the RADIUS operation can be deployed on a separate device, or combined with other network elements.

Expand
titleRADIUS Server Usage Algorithm

The algorithm for a RADIUS server usage is the following (Figure 8):

  1. Request to access the device's management interface: the user tries to access the device's management interface using one of the protocols (see below), by forming a request with username and password.
  2. Forming a request to the RADIUS server: the device receives a request from the user and generates a request to the server in accordance with the RADIUS protocol.
  3. RADIUS server reply: the RADIUS server receives the request and checks for the presence and rights allocated to the user whose credentials are passed in the request. The server can answer in two ways:
    1. Access is allowed: the account is present in the database and it is allowed access to the Slave device management interface (Figure 8a).
    2. Access is denied: the account is absent in the database, or access to the Slave management interface is denied for this user (Figure 8b).
  4. Device decision making: the device receives a response from the RADIUS server and makes a decisions about the user authorization. In case of successful authorization, the user will go further to the device management interface (Figure 8a), otherwise, the user connection is reset and an information message is displayed.
Center

Figure 8a - An example of successful RADIUS authentication

Figure 8b - An example of unsuccessful RADIUS authentication

...