Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

423

Configuring RADIUS and TACACS+ Servers

Chapter 14

4. Specify the number of seconds an access point waits for a reply to a

RADIUS request before resending the request.

The default is 5 seconds; the range is 1…1000.

radius-server timeout seconds

5. Use this command to cause the Cisco IOS software to mark as “dead” any

RADIUS servers that fail to respond to authentication requests, thus
avoiding the wait for the request to time out before trying the next
configured server.

A RADIUS server marked as dead is skipped by additional requests for the
duration of minutes that you specify, up to a maximum of 1440 (24 hours).

radius-server deadtime minutes

6. Configure the access point to send its system name in the NAS_ID

attribute for authentication.

radius-server attribute 32 include-in-access-req

format %h

7. Return to privileged EXEC mode.

end

8. Verify your settings.

show running-config

9. (Optional) Save your entries in the configuration file.

copy running-config startup-config

This example shows how to set up two main servers and a local authenticator
with a server deadtime of 10 minutes:

AP(config)# aaa new-model

AP(config)# radius-server host 172.20.0.1 auth-port

1000 acct-port 1001 key 77654

AP(config)# radius-server host 172.10.0.1 auth-port

1645 acct-port 1646 key 77654

AP(config)# radius-server host 10.91.6.151 auth-

port 1812 acct-port 1813 key 110337

AP(config)# radius-server deadtime 10

To return to the default setting for retransmit, timeout, and deadtime, use
the no forms of these commands.

TIP

This command is required configuration when multiple RADIUS servers are
defined. If not configured, client authentication does not occur. When one
RADIUS server is defined, this command is optional.