Defining aaa server groups, Defining aaa server – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Page 416

Advertising
background image

416

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 14

Configuring RADIUS and TACACS+ Servers

Defining AAA Server Groups

You can configure the access point to use AAA server groups to group existing
server hosts for authentication. You select a subset of the configured server hosts
and use them for a particular service. The server group is used with a global
server-host list. The list contains the IP addresses of the selected server hosts.

Server groups also can include multiple host entries for the same server if each
entry has a unique identifier (the combination of the IP address and UDP port
number), allowing different ports to be individually defined as RADIUS hosts
providing a specific AAA service. If you configure two different host entries on
the same RADIUS server for the same service (such as accounting), the second
configured host entry acts as a fail-over backup to the first one.

You use the server group server configuration command to associate a particular
server with a defined group server. You can either identify the server by its IP
address or identify multiple host instances or entries by using the optional
authport and acct-port keywords.

Beginning in privileged EXEC mode, follow these steps to define the AAA server
group and associate a particular RADIUS server with it:

1. Enter global configuration mode.

configure terminal

2. Enable AAA.

aaa new-model

3. Specify the IP address or host name of the remote RADIUS server host.

(Optional)

For auth-port

port-number, specify the UDP

destination port for authentication requests.

(Optional) For

acct-port

port-number, specify the UDP

destination port for accounting requests.

(Optional) For

timeout

seconds, specify the time interval that the

access point waits for the RADIUS server to reply before
retransmitting.

The range is 1…1000. This setting overrides the

radius-server

timeout

global configuration command setting. If no timeout is set

with the

radius-server host

command, the setting of the

radius-server timeout

command is used.

(Optional) For

retransmit

retries, specify the number of times a

RADIUS request is resent to a server if that server is not responding or
responding slowly.

The range is 1…1000. If no retransmit value is set with the

radius-

server hostp

command, the setting of the

radius-server

retransmit

global configuration command is used.

Advertising
Popular Brands
Popular manuals