Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual
Page 420
420
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
Chapter 14
Configuring RADIUS and TACACS+ Servers
When a session is terminated, the RADIUS server sends a disconnect message to
the Network Access Server (NAS); an access point or WDS. For 802.11 sessions,
the Calling-Station-ID [31] RADIUS attribute (the MAC address of the client)
must be supplied in the Pod request. The access point or WDS attempts to
disassociate the relevant session and then sends a disconnect response message
back to the RADIUS server. The message types are as follows:
• 40—Disconnect-Request
• 41—Disconnect—ACK
• 42—Disconnect—NAK
Beginning in privileged EXEC mode, follow these steps to configure a PoD:
1. Enter global configuration mode.
configure terminal
2. Enables user sessions to be disconnected by requests from a RADIUS
server when specific session attributes are presented.
port
port number
—(Optional) The UDP port where the access
point listens for PoD requests. The default value is 1700.
•
auth-type
This parameter is not supported for 802.11 sessions.
•
clients
(Optional)—Up to four RADIUS servers can be nominated as clients.
If this configuration is present and a PoD request originates from a
device that is not on the list, it is rejected.
•
ignore
(Optional)—When set to
server_key
, the shared secret is not
validated when a PoD request is received.
•
session-key
Not supported for 802.11 sessions.
•
server-key
Configures the shared-secret text string.
TIP
• Refer to your RADIUS server application documentation for instructions on
how to configure PoD requests.
• The access point does not block subsequent attempts by the client to
reassociate. It is the responsibility of the security administrator to disable
the client account before issuing a PoD request.
• When WDS is configured, direct PoD requests to the WDS. The WDS
forwards the disassociation request to the parent access point and then
purges the session from its own internal tables.
• PoD is supported on the Cisco CNS Access Registrar (CAR) RADIUS server,
but not on the Cisco Secure ACS Server, v4.0 and earlier.