1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Wireless Access Point
  5. Aironet 1100 Series
  6. Installation and configuration manual

Using A Radius Server To Restrict Ssids - Cisco Aironet 1100 Series Installation And Configuration Manual

Hide thumbs Also See for Aironet 1100 Series:
Table of Contents

Advertisement

Configuring Multiple SSIDs
Command
Step 9
end
Step 10
copy running-config startup-config (Optional) Save your entries in the configuration file.
You use the ssid command's authentication options to configure an authentication type for each SSID.
Note
See
types.
Use the no form of the command to disable the SSID or to disable SSID features.
This example shows how to:
ap1100# configure terminal
ap1100(config)# configure interface dot11radio 0
ap1100(config-if)# ssid batman
ap1100(config-ssid)# accounting accounting-method-list
ap1100(config-ssid)# max-associations 15
ap1100(config-ssid)# vlan 3762
ap1100(config-ssid)# end

Using a RADIUS Server to Restrict SSIDs

To prevent client devices from associating to the access point using an unauthorized SSID, you can
create a list of authorized SSIDs that clients must use on your RADIUS authentication server.
The SSID authorization process consists of these steps:
1.
2.
3.
The allowed list of SSIDs from the RADIUS server are in the form of Cisco VSAs. The Internet
Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific
information between the access point and the RADIUS server by using the vendor-specific attribute
(attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their own extended attributes
not suitable for general use. The Cisco RADIUS implementation supports one vendor-specific option by
Cisco Aironet 1100 Series Access Point Installation and Configuration Guide
8-4
Chapter 10, "Configuring Authentication Types,"
Name an SSID
Configure the SSID for RADIUS accounting
Set the maximum number of client devices that can associate using this SSID to 15
Assign the SSID to a VLAN
A client device associates to the access point using any SSID configured on the access point.
The client begins RADIUS authentication.
The RADIUS server returns a list of SSIDs that the client is allowed to use. The access point checks
the list for a match of the SSID used by the client. There are three possible outcomes:
If the SSID that the client used to associate to the access point matches an entry in the allowed
a.
list returned by the RADIUS server, the client is allowed network access after completing all
authentication requirements.
If the access point does not find a match for the client in the allowed list of SSIDs, the access
b.
point disassociates the client.
If the RADIUS server does not return any SSIDs (no list) for the client, then the administrator
c.
has not configured the list, and the client is allowed to associate and attempt to authenticate.
Purpose
Return to privileged EXEC mode.
for instructions on configuring authentication
Chapter 8
Configuring Multiple SSIDs
OL-2851-01
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco Aironet 1100 Series

Related Content for Cisco Aironet 1100 Series

Table of Contents