Cisco 2100 Series Configuration Manual page 234
Wireless lan controller
Hide thumbs
Also See for 2100 Series:
- Configuration manual (50 pages) ,
- Quick start manual (12 pages) ,
- Quick start manual (49 pages)
Table of Contents
Advertisement
Configuring Local EAP
To specify the order in which user credentials are retrieved from the local and/or LDAP databases, enter
Step 4
this command:
config local-auth user-credentials {local | ldap}
Note
To specify values for the local EAP timers, enter these commands:
Step 5
config local-auth active-timeout timeout—Specifies the amount of time (in seconds) in which the
•
controller attempts to authenticate wireless clients using local EAP after any pair of configured
RADIUS servers fails. The valid range is 1 to 3600 seconds, and the default setting is 100 seconds.
config advanced eap identity-request-timeout timeout—Specifies the amount of time (in seconds)
•
in which the controller attempts to send an EAP identity request to wireless clients using local EAP.
The valid range is 1 to 120 seconds, and the default setting is 30 seconds.
•
config advanced eap identity-request-retries retries—Specifies the maximum number of times
that the controller attempts to retransmit the EAP identity request to wireless clients using local
EAP. The valid range is 1 to 20 retries, and the default setting is 20 retries.
config advanced eap key-index index—Specifies the key index used for dynamic wired equivalent
•
privacy (WEP). The default setting is 0.
config advanced eap request-timeout timeout—Specifies the amount of time (in seconds) in which
•
the controller attempts to send an EAP request to wireless clients using local EAP. The valid range
is 1 to 120 seconds, and the default setting is 30 seconds.
config advanced eap request-retries retries—Specifies the maximum number of times that the
•
controller attempts to retransmit the EAP request to wireless clients using local EAP. The valid
range is 1 to 120 retries, and the default setting is 20 retries.
•
config advanced eap eapol-key-timeout timeout—Specifies the amount of time (in seconds) in
which the controller attempts to send an EAP key over the LAN to wireless clients using local EAP.
The valid range is 1 to 5 seconds, and the default setting is 1 second.
config advanced eap eapol-key-retries retries—Specifies the maximum number of times that the
•
controller attempts to send an EAP key over the LAN to wireless clients using local EAP. The valid
range is 0 to 4 retries, and the default setting is 2 retries.
config advanced eap max-login-ignore-identity-response {enable | disable}—When enabled,
•
this command limits the number of devices that can be connected to the controller with the same
username. You can log in up to eight times from different devices (PDA, laptop, IP phone, and so
on) on the same controller. The default value is enabled.
Step 6
To create a local EAP profile, enter this command:
config local-auth eap-profile add profile_name
Note
Cisco Wireless LAN Controller Configuration Guide
5-46
If you enter config local-auth user-credentials ldap local, local EAP attempts to authenticate
clients using the LDAP backend database and fails over to the local user database if the LDAP
servers are not reachable. If the user is not found, the authentication attempt is rejected. If you
enter config local-auth user-credentials local ldap, local EAP attempts to authenticate using
only the local user database. It does not fail over to the LDAP backend database.
Do not include spaces within the profile name.
Chapter 5
Configuring Security Solutions
OL-17037-01
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
