Table of Contents
Advertisement
Configuring and Enabling RADIUS
Configuring RADIUS Login Authentication
To configure AAA authentication, define a named list of authentication methods and apply that list to
various interfaces. The method list defines the types of authentication to be performed and the sequence
in which they are performed; the list must be applied to a specific interface before any of the defined
authentication methods are performed. The only exception is the default method list (which is named
default). The default method list is automatically applied to all interfaces except those for which a named
method list is explicitly defined.
A method list describes the sequence and authentication methods to be queried to authenticate a user (in
this case, a non-root bridge). Designate one or more security protocols to be used for authentication, to
ensure a backup system for authentication if the initial method fails. The software uses the first method
listed to authenticate users; if that method fails to respond, the software selects the next authentication
method in the method list. This process continues until there is successful communication with a listed
authentication method or until all defined methods are exhausted. If authentication fails at any point in
this cycle; that is, if the security server or local username database responds by denying the user
access—the authentication process stops, and no further authentication methods are attempted.
To configure login authentication, follow these required steps, beginning in privileged EXEC mode:
Command
Step 1
configure terminal
Step 2
aaa new-model
Step 3
aaa authentication login {default |
list-name} method1 [method2...]
Step 4
line [console | tty | vty] line-number
[ending-line-number]
Cisco 3200 Series Wireless MIC Software Configuration Guide
24
Purpose
Enters global configuration mode.
Enables AAA.
Creates a login authentication method list.
•
To create a default list that is used when a named list is not specified
in the login authentication command, use the default keyword
followed by the methods that are to be used in default situations. The
default method list is automatically applied to all interfaces. For more
information on list names, click this link:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/1
22cgcr/fsecur_c/fsaaa/scfathen.htm#xtocid2
For method1..., specify the actual method that the authentication
•
algorithm tries. The additional defined methods of authentication are
used only if the previous method returns an error, not if it fails.
Select one of these methods:
line—Use the line password for authentication. You must define a
•
line password before you can use this authentication method. Use the
password password line configuration command.
local—Use the local username database for authentication. You must
•
enter username information in the database. Use the username
password command in global configuration mode.
•
radius—Use RADIUS authentication. You must configure the
RADIUS server before you can use this authentication method. For
more information, see the
section.
Enters line configuration mode, and configures the lines to apply the
authentication list.
Administering the WMIC
"Identifying the RADIUS Server Host"
Hide quick links:
Advertisement
Table of Contents
