Table of Contents
Advertisement
Controlling WMIC Access with TACACS+
Configuring TACACS+ Login Authentication
To configure AAA authentication, you define a named list of authentication methods and then apply that
list to various interfaces. The method list defines the types of authentication to be performed and the
sequence in which they are performed; the list must be applied to a specific interface before any of the
defined authentication methods are performed. The only exception is the default method list (which is
named default).
The default method list is automatically applied to all interfaces except those for which a named method
list is explicitly defined. A defined method list overrides the default method list.
A method list describes the sequence and authentication methods to be queried to authenticate a user.
You can designate one or more security protocols to be used for authentication, to ensure a backup
system for authentication if the initial method fails. The software uses the first method listed to
authenticate users; if that method fails, the software selects the next authentication method in the method
list. This process continues until there is successful communication with a listed authentication method
or until all defined methods are exhausted. If authentication fails—that is, the security server or local
username database responds by denying the user access— the authentication process stops, and no
further authentication methods are attempted.
Identifying the TACACS+ Server Host and Setting the Authentication Key
You can configure the WMIC to use a single server or to use AAA server groups to group existing server
hosts for authentication. You can group servers to select a subset of the configured server hosts and use
them for a particular service. The server group is used with a global server-host list and contains the list
of IP addresses of the selected server hosts.
To identify the IP host or host maintaining TACACS+ server and optionally set the encryption key, follow
these steps, beginning in privileged EXEC mode:
Command
Step 1
configure terminal
Step 2
tacacs-server host hostname [port
integer] [timeout integer] [key string]
Step 3
aaa new-model
Step 4
aaa group server tacacs+ group-name
Cisco 3200 Series Wireless MIC Software Configuration Guide
34
Purpose
Enters global configuration mode.
Identifies the IP host or hosts maintaining a TACACS+ server. Enter this
command multiple times to create a list of preferred hosts. The software
searches for hosts in the order in which you specify them.
For hostname, specify the name or IP address of the host.
•
(Optional) For port integer, specify a server port number. The default
•
is port 49. The range is from 1 to 65535.
(Optional) For timeout integer, specify a time, in seconds, that the
•
WMIC waits for a response from the daemon before it times out and
declares an error. The default is 5. The range is from 1 to 1000.
(Optional) For key string, specify the encryption key for encrypting
•
and decrypting all traffic between the WMIC and the TACACS+
daemon. For encryption to be successful, you must configure the
same key on the TACACS+ daemon.
Enables AAA.
(Optional) Defines the AAA server-group with a group name.
This command puts the WMIC in a server group subconfiguration mode.
Administering the WMIC
Hide quick links:
Advertisement
Table of Contents
