Configuring External Authentication And Authorization Using A Radius Server - Cisco aironet 1522 Design And Deployment Manual

1520, 1130, 1240 series wireless mesh access points

Hide thumbs Also See for aironet 1522:

Deployment manual (276 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

Table of Contents

Connecting the Cisco 1520 Series Mesh Access Point to Your Network

Configuring External Authentication and Authorization Using a RADIUS Server

External authorization and authentication of mesh access points using a RADIUS server such as Cisco

ACS (4.1 and later) is supported in release 5.2 and later. The RADIUS server must support the client

authentication type of EAP-FAST with certificates.

Before you employ external authentication within the mesh network, you must make these changes:

•

Configuring RADIUS Servers

Follow these steps to install and trust the CA certificates on the RADIUS server:

Using Internet Explorer, download the CA certificates for Cisco Root CA 2048:

Step 1

•

Install the certificates:

Step 2

Configure the external RADIUS servers to trust the CA certificate.

Step 3

Cisco Aironet 1520, 1130, 1240 Series Wireless Mesh Access Points, Design and Deployment Guide, Release 6.0

Configure the RADIUS server to be used as an AAA server must be configured on the controller.

The controller must also be configured on the RADIUS server.

Add the mesh access point configured for external authorization and authentication to the user list

of the RADIUS server.

For additional details, refer to the

–

page

69.

Configure EAP-FAST on the RADIUS server and install the certificates. EAP-FAST authentication

is required if mesh access points are connected to the controller using an 802.11a interface; the

external RADIUS servers need to trust Cisco Root CA 2048. For information on installing and

trusting the CA certificates, see the

Note

If mesh access points connect to a the controller using a Fast Ethernet or Gigabit Ethernet

interface, only MAC authorization is required.

This feature also supports local EAP and PSK authentication on the controller.

Note

http://www.cisco.com/security/pki/certs/crca2048.cer

http://www.cisco.com/security/pki/certs/cmca.cer

From the CiscoSecure ACS main menu, click, click System Configuration > ACS Certificate

Setup > ACS Certification Authority Setup.

In the CA certificate file box, type the CA certificate location (path and name). For example:

c:\Certs\crca2048.cer.

Click Submit.

From the CiscoSecure ACS main menu, choose System Configuration > ACS Certificate Setup >

Edit Certificate Trust List. The Edit Certificate Trust List appears.

Check the check box next to the Cisco Root CA 2048 (Cisco Systems) certificate name.

Click Submit.

To restart ACS, choose System Configuration > Service Control, and then click Restart.

"Adding a Username to a RADIUS Server" section on

"Configuring RADIUS Servers" section on page

68.

OL-20213-01

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Aironet 1240 Aironet 1520 Aironet 1524sb Aironet 1524ps Aironet 1242 Air-lap1522ag-x-k9 ... Show all

Configuring External Authentication And Authorization Using A Radius Server - Cisco aironet 1522 Design And Deployment Manual

Configuring External Authentication and Authorization Using a RADIUS Server

Hide quick links:

Related Manuals for Cisco aironet 1522

Related Content for Cisco aironet 1522

This manual is also suitable for:

Table of Contents