Defining Aaa Server Groups - Allen-Bradley Stratix 5100 User Manual

Defining AAA Server Groups

You can configure the wireless device to use AAA server groups to group existing
server hosts for authentication. You choose a subset of the configured server hosts
and use them for a particular service. The server group is used with a global
server-host list, that lists the IP addresses of the selected server hosts.
Server groups also can include multiple host entries for the same server if each
entry has a unique identifier (the combination of the IP address and UDP port
number), letting different ports to be individually defined as RADIUS hosts
providing a specific AAA service. If you configure two different host entries on
the same RADIUS server for the same service (such as accounting), the second
configured host entry acts as a fail-over backup to the first one.
You use the group server configuration command to associate a
server
particular server with a defined group server. You can either identify the server by
its IP address or identify multiple host instances or entries by using the optional
and
auth-port acct-port
Beginning in privileged EXEC mode, follow these steps to define the AAA server
group and associate a particular RADIUS server with it:
1. Enter global configuration mode.
configure terminal
2. Enable AAA.
aaa new-model
3. Specify the IP address or host name of the remote RADIUS server host.
radius-server host {hostname | ip-address} [auth-
port port-number] [acct-port port-number] [timeout
seconds] [retransmit retries] [key string]
• (Optional) For
destination port for authentication requests.
• (Optional) For
destination port for accounting requests.
• (Optional) For
wireless device waits for the RADIUS server to reply before
retransmitting. The range is 1...1000. This setting overrides the
radius-server timeout
If no timeout is set with the
setting of the
radius-server timeout
• (Optional) For
a RADIUS request is resent to a server if that server is not responding
or responding slowly. The range is 1...1000. If no retransmit value is set
with the
radius-server host
radius-server retransmit
used.
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
Administering the WAP Access
keywords.
auth-port port-number
acct-port port-number
, specify the time interval that the
timeout seconds
global configuration command setting.
radius-server host
retransmit retries
command, the setting of the
global configuration command is
Chapter 6
, specify the UDP
, specify the UDP
command, the
command is used.
, specify the number of times
211