Table of Contents
Advertisement
Administering the WMIC
In this example, the bridge is configured to recognize two different RADIUS group servers (group1 and
group2). Group1 has two different host entries on the same RADIUS server configured for the same
services. The second host entry acts as a failover backup to the first entry.
bridge(config)# aaa new-model
bridge(config)# radius-server host 172.20.0.1 auth-port 1000 acct-port 1001
bridge(config)# radius-server host 172.10.0.1 auth-port 1645 acct-port 1646
bridge(config)# aaa group server radius group1
bridge(config-sg-radius)# server 172.20.0.1 auth-port 1000 acct-port 1001
bridge(config-sg-radius)# exit
bridge(config)# aaa group server radius group2
bridge(config-sg-radius)# server 172.20.0.1 auth-port 2000 acct-port 2001
bridge(config-sg-radius)# exit
Configuring RADIUS Authorization for User Privileged Access and Network Services
AAA authorization limits the services available to a user. When AAA authorization is enabled, the
bridge uses information retrieved from the user profile, which is in the local user database or on the
security server, to configure the user's session. The user is granted access to a requested service only if
the information in the user profile allows it.
You can use the aaa authorization command in global configuration mode with the radius keyword to
set parameters that restrict a user's network access to privileged EXEC mode.
The aaa authorization exec radius local command sets these authorization parameters:
•
•
Note
Authorization is bypassed for authenticated users who log in through the CLI even if authorization has
been configured.
To specify RADIUS authorization for privileged EXEC access and network services, follow these steps,
beginning in privileged EXEC mode:
Command
Step 1
configure terminal
Step 2
aaa authorization network radius
Step 3
aaa authorization exec radius
Step 4
end
Step 5
show running-config
Step 6
copy running-config startup-config
To disable authorization, use the no aaa authorization {network | exec} method1 command in global
configuration mode.
Use RADIUS for privileged EXEC access authorization if authentication was performed by using
RADIUS.
Use the local database if authentication was not performed by using RADIUS.
Purpose
Enters global configuration mode.
Configures the bridge for user RADIUS authorization for all
network-related service requests.
Configures the bridge for user RADIUS authorization and determines if
the user has privileged EXEC access.
The exec keyword might return user profile information (such as
autocommand information).
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Cisco 3200 Series Wireless MIC Software Configuration Guide
Configuring and Enabling RADIUS
27
Hide quick links:
Advertisement
Table of Contents
