Table of Contents
Advertisement
Administering the WMIC
Command
Step 5
radius-server deadtime minutes
Step 6
radius-server attribute 32
include-in-access-req format %h
Step 7
end
Step 8
show running-config
Step 9
copy running-config startup-config
To return to the default setting for the retransmit, timeout, and deadtime, use the no forms of these
commands.
Configuring the Bridge to Use Vendor-Specific RADIUS Attributes
The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating
vendor-specific information between the bridge and the RADIUS server by using the vendor-specific
attribute (attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their own extended
attributes that are not suitable for general use. The Cisco RADIUS implementation supports one
vendor-specific option by using the format recommended in the specification. Cisco's vendor ID is 9,
and the supported option has vendor type 1, which is named cisco-avpair. The value is a string with this
format:
protocol : attribute sep value *
Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and
value are an appropriate AV pair defined in the Cisco TACACS+ specification, and sep is = for
mandatory attributes and the asterisk (*) for optional attributes. This allows the full set of features
available for TACACS+ authorization to also be used for RADIUS.
For example, the following AV pair activates Cisco's multiple named ip address pools feature during IP
authorization (during Point-to-Point Protocol IP Control Protocol (PPP IPCP) address assignment):
cisco-avpair= "ip:addr-pool=first"
The following example shows how to provide a user logging in from a bridge with immediate access to
privileged EXEC commands:
cisco-avpair= "shell:priv-lvl=15"
Other vendors have their own unique vendor IDs, options, and associated VSAs. For more information
about vendor IDs and VSAs, see RFC 2138, "Remote Authentication Dial-In User Service (RADIUS)."
Purpose
Use this command to cause the Cisco IOS software to mark as "dead" any
RADIUS servers that fail to respond to authentication requests, thus
avoiding the wait for the request to time out before trying the next
configured server. A RADIUS server marked as dead is skipped by
additional requests for the duration of minutes that you specify.
If you set up more than one RADIUS server, you must configure the
Note
RADIUS server deadtime for optimal performance.
Configures the bridge to send its system name in the NAS_ID attribute for
authentication.
Returns to privileged EXEC mode.
Verifies your settings.
(Optional) Saves your entries in the configuration file.
Cisco 3200 Series Wireless MIC Software Configuration Guide
Configuring and Enabling RADIUS
29
Hide quick links:
Advertisement
Table of Contents
