Configuring an authority id, Configuring server keys – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Page 337

Advertising
background image

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

337

Configure an Access Point as a Local Authenticator

Chapter 10

Use this command to generate a PAC manually:

AP# radius local-server pac-generate filename

username [password password] [expiry days]

When you enter the PAC filename, enter the full path to where the local
authenticator writes the PAC file (such as tftp://172.1.1.1/test/user.pac). The
password is optional and, if not specified, a default password understood by the
CCX client is used. Expiry is also optional and, if not specified, the default
period is one day.

In this example, the local authenticator generates a PAC for the username

joe,

password-protects the file with the password

bingo

, sets the PAC to expire in 10

days, and writes the PAC file to the TFTP server at 10.0.0.5:

AP# radius local-server pac-generate tftp://

10.0.0.5 joe password bingo expiry 10

Configuring an Authority ID

All EAP-FAST authenticators are identified by an authority identity (AID). The
local authenticator sends its AID to an authenticating client, and the client
checks its database for a matching AID. If the client does not recognize the AID,
it requests a new PAC.

Use these commands to assign an AID to the local authenticator:

AP(config-radserv)# [no] eapfast authority id

identifier

AP(config-radserv)# [no] eapfast authority info

identifier

The eapfast authority id command assigns an AID that the client device uses
during authentication.

Configuring Server Keys

The local authenticator uses server keys to encrypt PACs that it generates and to
decrypt PACs when authenticating clients. The server maintains two keys, a
primary key and a secondary key, and uses the primary key to encrypt PACs. By
default, the server uses a default value as the primary key but does not use a
secondary key unless you configure one.

When the local authenticator receives a client PAC, it attempts to decrypt the
PAC with the primary key. If decryption fails with the primary, the authenticator

Advertising
Popular Brands
Popular manuals