1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Wireless Access Point
  5. ISR
  6. Configuration manual

Cisco ISR Configuration Manual page 117

Wireless isr and hwic access point
Hide thumbs
Table of Contents

Advertisement

Chapter 7
Configuring RADIUS Servers
To remove the specified RADIUS server, use the no radius-server host hostname | ip-address global
configuration command. To remove a server group from the configuration list, use the no aaa group
server radius group-name global configuration command. To remove the IP address of a RADIUS
server, use the no server ip-address server group configuration command.
In this example, the access point is configured to recognize two different RADIUS group servers (group1
and group2). Group1 has two different host entries on the same RADIUS server configured for the same
services. The second host entry acts as a fail-over backup to the first entry.
router(config)# aaa new-model
router(config)# radius-server host 172.20.0.1 auth-port 1000 acct-port 1001
router(config)# radius-server host 172.10.0.1 auth-port 1645 acct-port 1646
router(config)# aaa group server radius group1
router(config-sg-radius)# server 172.20.0.1 auth-port 1000 acct-port 1001
router(config-sg-radius)# exit
router(config)# aaa group server radius group2
router(config-sg-radius)# server 172.20.0.1 auth-port 2000 acct-port 2001
router(config-sg-radius)# exit
Configuring RADIUS Authorization for User Privileged Access and Network Services
AAA authorization limits the services available to a user. When AAA authorization is enabled, the
access point uses information retrieved from the user's profile, which is in the local user database or on
the security server, to configure the user's session. The user is granted access to a requested service only
if the information in the user profile allows it.
This section describes setting up authorization for access point administrators, not for wireless client
Note
devices.
You can use the aaa authorization global configuration command with the radius keyword to set
parameters that restrict a user's network access to privileged EXEC mode.
The aaa authorization exec radius local command sets these authorization parameters:
Authorization is bypassed for authenticated users who log in through the CLI even if authorization has
Note
been configured.
OL-6415-04
Use RADIUS for privileged EXEC access authorization if authentication was performed by using
RADIUS.
Use the local database if authentication was not performed by using RADIUS.
Cisco Wireless ISR and HWIC Access Point Configuration Guide
Configuring and Enabling RADIUS
7-11

Advertisement

Table of Contents
loading

Related Manuals for Cisco ISR

Related Products for Cisco ISR

This manual is also suitable for:

Hwic

Table of Contents