Default radius configuration, Configuring radius login authentication – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Page 209

Advertising
background image

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

209

Administering the WAP Access

Chapter 6

Default RADIUS Configuration

RADIUS and AAA are disabled by default.

To prevent a lapse in security, you cannot configure RADIUS through a network
management application. When enabled, RADIUS can authenticate users
accessing the wireless device through CLI.

Configuring RADIUS Login Authentication

To configure AAA authentication, you define a named list of authentication
methods and then apply that list to various interfaces. The method list defines the
types of authentication and sequence to be performed; it must be applied to a
specific interface before any of the defined authentication methods are
performed. The only exception is the default method list. The default method list
is automatically applied to all interfaces except those that have a named method
list explicitly defined.

A method list describes the sequence and authentication methods to be queried
to authenticate a user. You can designate one or more security protocols to be
used for authentication, thus ensuring a back-up system for authentication in case
the initial method fails. The software uses the first method listed to authenticate
users; if that method fails to respond, the software selects the next authentication
method in the method list.

This process continues until there is successful communication with a listed
authentication method or until all defined methods are exhausted. If
authentication fails at any point in this cycle—meaning that the security server or
local username database responds by denying the user access—the authentication
process stops, and no other authentication methods are attempted.

Beginning in privileged EXEC mode, follow these steps to configure login
authentication. This procedure is required.

1. Enter global configuration mode.

configure terminal

2. Enable AAA.

aaa new-model

3. Create a login authentication method list.

aaa authentication login {default | list-name}

method1 [method2...]

To create a default list that is used when a named list is not specified in

the

login authentication

command, use the

default

keyword

followed by the methods that are to be used in default situations. The
default method list is automatically applied to all interfaces.

Advertising
Popular Brands
Popular manuals