Controlling Access Point Access With Radius; Default Radius Configuration; Configuring Radius Login Authentication - Cisco 1941W Configuration Manual
Cisco 3900 series, cisco 2900 series,
cisco 1900 series
Hide thumbs
Also See for 1941W:
- Hardware installation manual (102 pages) ,
- Installing and upgrading (24 pages)
Table of Contents
Advertisement
Chapter
Administering the Wireless Device
Controlling Access Point Access with RADIUS
This section describes how to control administrator access to the wireless device by using Remote
Authentication Dial-In User Service (RADIUS). For complete instructions on configuring the wireless
device to support RADIUS, see the
Software Configuration Guide for Cisco Aironet Access
RADIUS provides detailed accounting information and flexible administrative control over
authentication and authorization processes. RADIUS is facilitated through authentication, authorization,
and accounting (AAA) and can be enabled only through AAA commands.
For complete syntax and usage information for the commands used in this section, see
Note
Security Command
These sections describe RADIUS configuration:
•
•
•
•
•
Default RADIUS Configuration
RADIUS and AAA are disabled by default.
To prevent a lapse in security, you cannot configure RADIUS through a network management
application. When enabled, RADIUS can authenticate users who are accessing the wireless device
through the command-line interface (CLI).
Configuring RADIUS Login Authentication
To configure AAA authentication, you define a named list of authentication methods and then apply the
list to various interfaces. The method list defines the types of authentication to be performed and the
sequence in which they are performed; it must be applied to a specific interface before any defined
authentication methods are performed. The only exception is the default method list (which is named
default). The default method list is automatically applied to all interfaces except those that have a named
method list explicitly defined.
A method list describes the sequence and authentication methods to be used to authenticate a user. You
can designate one or more security protocols for authentication, thus ensuring a backup system for
authentication in case the initial method fails. The software uses the first method listed to authenticate
users. If that method fails to respond, the software selects the next authentication method in the method
list. This process continues until there is successful communication with a listed authentication method
or until all defined methods are exhausted. If authentication fails at any point in this cycle—that is, the
security server or local username database responds by denying the user access—the authentication
process stops, and no other authentication methods are attempted.
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Reference.
Default RADIUS Configuration, page 305
Configuring RADIUS Login Authentication, page 305
Defining AAA Server Groups, page 307
Configuring RADIUS Authorization for User Privileged Access and Network Services, page 309
(optional)
Displaying the RADIUS Configuration, page 310
"Configuring Radius and TACACS+ Servers" chapter in Cisco IOS
Points.
(required)
(optional)
Controlling Access Point Access with RADIUS
Cisco IOS
305
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
