Configuring radius, Default radius configuration, Identifying the radius server host – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual
Page 410
410
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
Chapter 14
Configuring RADIUS and TACACS+ Servers
There is more than one type of EAP authentication, but the access point behaves
the same way for each type: it relays authentication messages from the wireless
client device to the RADIUS server and from the RADIUS server to the wireless
client device. See
Assigning Authentication Types to an SSID on page 359
for
instructions on setting up client authentication by using a RADIUS server.
Configuring RADIUS
This section describes how to configure your access point to support RADIUS.
At a minimum, you must identify the host or hosts that run the RADIUS server
software and define the method lists for RADIUS authentication. You can
optionally define method lists for RADIUS authorization and accounting.
A method list defines the sequence and methods to be used to authenticate, to
authorize, or to keep accounts on a user. You can use method lists to designate
one or more security protocols to be used, thus ensuring a back-up system if the
initial method fails. The software uses the first method listed to authenticate, to
authorize, or to keep accounts on users; if that method does not respond, the
software selects the next method in the list. This process continues until there is
successful communication with a listed method or the method list is exhausted.
You can access and configure a RADIUS server before configuring RADIUS
features on your access point.
Default RADIUS Configuration
RADIUS and AAA are disabled by default. To prevent a lapse in security, you
cannot configure RADIUS through a network management application. When
enabled, RADIUS can authenticate users accessing the access point through CLI.
Identifying the RADIUS Server Host
Access point-to-RADIUS-server communication involves several components:
• Host name or IP address
• Authentication destination port
• Accounting destination port
• Key string
• Timeout period
• Retransmission value
TIP
The RADIUS server CLI commands are disabled until you enter the
aaa
new-model
command.