Configuring The Access Point For Local Authentication And Authorization - Cisco M10-RM Software Manual

Chapter 5 Administering the Access PointWireless Device Access
Configuring the Access Point for Local Authentication and
Authorization
You can configure AAA to operate without a server by configuring the wireless device to implement
AAA in local mode. The wireless device then handles authentication and authorization. No accounting
is available in this configuration.
You can configure the wireless device as a local authenticator for 802.1x-enabled client devices to
Note
provide a backup for your main server or to provide authentication service on a network without a
RADIUS server. See
instructions on configuring the wireless device as a local authenticator.
Beginning in privileged EXEC mode, follow these steps to configure the wireless device for local AAA:
Command
Step 1 configure terminal
Step 2 aaa new-model
Step 3 aaa authentication login default local
Step 4 aaa authorization exec local
Step 5 aaa authorization network local
Step 6 username name [privilege level]
{password encryption-type password}
Step 7 end
Step 8
show running-config
Step 9 copy running-config startup-config
OL-14209-01

Configuring the Access Point for Local Authentication and Authorization

Chapter 9, "Configuring an Access Point as a Local Authenticator,"
Purpose
Enter global configuration mode.
Enable AAA.
Set the login authentication to use the local username database. The
default keyword applies the local user database authentication to all
interfaces.
Configure user AAA authorization to determine if the user is allowed to
run an EXEC shell by checking the local database.
Configure user AAA authorization for all network-related service
requests.
Enter the local database, and establish a username-based authentication
system.
Repeat this command for each user.
For name, specify the user ID as one word. Spaces and quotation
•
marks are not allowed.
(Optional) For level, specify the privilege level the user has after
•
gaining access. The range is 0 to 15. Level 15 gives privileged EXEC
mode access. Level 0 gives user EXEC mode access.
For encryption-type, enter 0 to specify that an unencrypted password
•
follows. Enter 7 to specify that a hidden password follows.
For password, specify the password the user must enter to gain access
•
to the wireless device. The password must be from 1 to 25 characters,
can contain embedded spaces, and must be the last option specified
in the username command.
Characters TAB, ?, $, +, and [ are invalid characters for
Note
passwords.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
for detailed
5-19