Cisco Systems 15.2(2)JA Manual

A SERVICE OF

next previous

13-4

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-29225-01

Chapter 13 Configuring RADIUS and TACACS+ Servers

Configuring and Enabling RADIUS

A method list defines the sequence and methods to be used to authenticate, to authorize, or to keep

accounts on a user. You can use method lists to designate one or more security protocols to be used, thus

ensuring a backup system if the initial method fails. The software uses the first method listed to

authenticate, to authorize, or to keep accounts on users; if that method does not respond, the software

selects the next method in the list. This process continues until there is successful communication with

a listed method or the method list is exhausted.

You should have access to and should configure a RADIUS server before configuring RADIUS features

on your access point.

This section contains this configuration information:

• Default RADIUS Configuration, page 13-4

• Identifying the RADIUS Server Host, page 13-4 (required)

• Configuring RADIUS Login Authentication, page 13-7 (required)

• Defining AAA Server Groups, page 13-9 (optional)

• Configuring RADIUS Authorization for User Privileged Access and Network Services, page 13-11

(optional)

• Configuring Packet of Disconnect, page 13-12 (optional)

• Starting RADIUS Accounting m, page 13-13 (optional)

• Selecting the CSID Format, page 13-14 (optional)

• Configuring Settings for All RADIUS Servers, page 13-15 (optional)

• Configuring the Access Point to Use Vendor-Specific RADIUS Attributes, page 13-16 (optional)

• Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication, page 13-17

(optional)

• Configuring WISPr RADIUS Attributes, page 13-18 (optional)

Note The RADIUS server CLI commands are disabled until you enter the aaa new-model command.

Default RADIUS Configuration

RADIUS and AAA are disabled by default.

To prevent a lapse in security, you cannot configure RADIUS through a network management

application. When enabled, RADIUS can authenticate users accessing the access point through the CLI.

Identifying the RADIUS Server Host

Access point-to-RADIUS-server communication involves several components:

• Host name or IP address

• Authentication destination port

• Accounting destination port

• Key string

• Timeout period

• Retransmission value