Configuring External Authentication And Authorization Using A Radius Server - Cisco Mesh Access Points Deployment Manual

Connecting the Cisco 1500 Series Mesh Access Points to the Network
Information similar to the following appears for the show advanced backup-controller command:
AP primary Backup Controller .................... controller1 10.10.10.10
AP secondary Backup Controller ............... 0.0.0.0
Information similar to the following appears for the show advanced timers command:
Authentication Response Timeout (seconds)........ 10
Rogue Entry Timeout (seconds).................... 1300
AP Heart Beat Timeout (seconds).................. 30
AP Discovery Timeout (seconds)................... 10
AP Primary Discovery Timeout (seconds)........... 120
Information similar to the following appears for the show mesh config command:
Mesh Range....................................... 12000
Backhaul with client access status............... disabled
Background Scanning State........................ enabled
Mesh Security
Security Mode................................. EAP
External-Auth................................. disabled
Use MAC Filter in External AAA server......... disabled
Force External Authentication................. disabled
Mesh Alarm Criteria
Max Hop Count................................. 4
Recommended Max Children for MAP.............. 10
Recommended Max Children for RAP.............. 20
Low Link SNR.................................. 12
High Link SNR................................. 60
Max Association Number........................ 10
Association Interval.......................... 60 minutes
Parent Change Numbers......................... 3
Parent Change Interval........................ 60 minutes
Mesh Multicast Mode.............................. In-Out
Mesh Full Sector DFS............................. enabled
Mesh Ethernet Bridging VLAN Transparent Mode..... enabled

Configuring External Authentication and Authorization Using a RADIUS Server

External authorization and authentication of mesh access points using a RADIUS server such as Cisco ACS
(4.1 and later) is supported in release 5.2 and later releases. The RADIUS server must support the client
authentication type of EAP-FAST with certificates.
Before you employ external authentication within the mesh network, ensure that you make these changes:
• The RADIUS server to be used as an AAA server must be configured on the controller.
• The controller must also be configured on the RADIUS server.
OL-27593-01
Configuring External Authentication and Authorization Using a RADIUS Server
Cisco Mesh Access Points, Design and Deployment Guide, Release 7.3
109