Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

418

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 14

Configuring RADIUS and TACACS+ Servers

entries on the same RADIUS server configured for the same services. The second
host entry acts as a fail-over backup to the first entry.

AP(config)# aaa new-model

AP(config)# radius-server host 172.20.0.1 auth-port

1000 acct-port 1001

AP(config)# radius-server host 172.10.0.1 auth-port

1645 acct-port 1646

AP(config)# aaa group server radius group1

AP(config-sg-radius)# server 172.20.0.1 auth-port

1000 acct-port 1001

AP(config-sg-radius)# exit

AP(config)# aaa group server radius group2

AP(config-sg-radius)# server 172.20.0.1 auth-port

2000 acct-port 2001

AP(config-sg-radius)# exit

Configuring RADIUS Authorization for User Privileged Access and
Network Services

AAA authorization limits the services available to a user. When AAA
authorization is enabled, the access point uses information retrieved from the
user’s profile, that is in the local user database or on the security server, to
configure the user’s session. The user is granted access to a requested service only
if the information in the user profile allows it.

You can use the

aaa authorization

global configuration command with

the

radius

keyword to set parameters that restrict a user’s network access to

privileged EXEC mode.

The

aaa authorization exec radius local

command sets these

authorization parameters:

• Use RADIUS for privileged EXEC access authorization if authentication

was performed by using RADIUS.

• Use the local database if authentication was not performed by using

RADIUS.

TIP

This section describes setting up authorization for access point administrators,
not for wireless client devices.

TIP

Authorization is bypassed for authenticated users who log in through CLI even
if authorization has been configured.