Cisco 2100 Series Configuration Manual page 201
Wireless lan controller
Hide thumbs
Also See for 2100 Series:
- Configuration manual (50 pages) ,
- Quick start manual (12 pages) ,
- Configuration manual (406 pages)
Table of Contents
Advertisement
Chapter 5
Configuring Security Solutions
config radius acct ipsec authentication {hmac-md5 | hmac-sha1} index—Configures the
•
authentication protocol to be used for IP security.
•
config radius acct ipsec encryption {3des | aes | des | none} index—Configures the IP security
encryption mechanism.
•
config radius acct ipsec ike dh-group {group-1 | group-2 | group-5} index—Configures the IKE
Diffie Hellman group.
config radius acct ipsec ike lifetime interval index—Configures the timeout interval for the
•
session.
config radius acct ipsec ike phase1{aggressive | main} index—Configures the Internet Key
•
Exchange (IKE) protocol.
config radius acct {enable | disable} index—Enables or disables a RADIUS accounting server.
•
config radius acct delete index—Deletes a previously added RADIUS accounting server.
•
To configure the RADIUS server fallback behavior, enter this command:
Step 4
config radius fallback-test mode {off | passive | active} where
•
Off disables RADIUS server fallback.
•
Passive causes the controller to revert to a server with a lower priority from the available backup
servers without using extraneous probe messages. The controller simply ignores all inactive servers
for a time period and retries later when a RADIUS message needs to be sent.
Active causes the controller to revert to a server with a lower priority from the available backup
•
servers by using RADIUS probe messages to proactively determine whether a server that has been
marked inactive is back online. The controller simply ignores all inactive servers for all active
RADIUS requests. Once the primary server receives a response from the recovered ACS server, the
active fallback RADIUS server no longer sends probe messages to the server requesting the active
probe authentication.
If you enabled Active mode in
Step 5
config radius fallback-test username username—Specifies the name to be sent in the inactive
•
server probes. You can enter up to 16 alphanumeric characters for the username parameter.
config radius fallback-test interval interval—Specifies the probe interval value (in seconds).
•
To save your changes, enter this command:
Step 6
save config
Step 7
To configure the order of authentication when multiple databases are configured, enter this command:
config aaa auth mgmt AAA_server_type AAA_server_type
where AAA_server_type is local, radius, or tacacs.
To see the current management authentication server order, enter this command:
show aaa auth
Information similar to the following appears:
Management authentication server order:
1......................................... local
2...................................... radius
Use these commands to see RADIUS statistics:
Step 8
show radius summary—Shows a summary of RADIUS servers and statistics.
•
show radius auth statistics—Shows the RADIUS authentication server statistics.
•
OL-17037-01
Step
4, enter these commands to configure additional fallback parameters:
Cisco Wireless LAN Controller Configuration Guide
Configuring RADIUS
5-13
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
