Configuring Radius Authorization For User Privileged Access And Network Services - Allen-Bradley Stratix 5100 User Manual

In this example, the wireless device is configured to recognize two different
RADIUS group servers (group1 and group2). Group1 has two different host
entries on the same RADIUS server configured for the same services. The second
host entry acts as a fail-over backup to the first entry.
AP(config)# aaa new-model
AP(config)# radius-server host 172.20.0.1 auth-port
1000 acct-port 1001
AP(config)# radius-server host 172.10.0.1 auth-port
1645 acct-port 1646
AP(config)# aaa group server radius group1
AP(config-sg-radius)# server 172.20.0.1 auth-port
1000 acct-port 1001
AP(config-sg-radius)# exit
AP(config)# aaa group server radius group2
AP(config-sg-radius)# server 172.20.0.1 auth-port
2000 acct-port 2001
AP(config-sg-radius)# exit
Configuring RADIUS Authorization for User Privileged Access and
Network Services
AAA authorization limits the services available to a user. When AAA
authorization is enabled, the wireless device uses information retrieved from the
user profile, that is in the local user database or on the security server, to configure
the user session. The user is granted access only to a requested service if the
information in the user profile permits it.
You can use the
aaa authorization
keyword to set parameters that restrict a user network access to
radius
privileged EXEC mode.
The
aaa authorization exec radius local
authorization parameters:
• Use RADIUS for privileged EXEC access authorization if authentication
was performed by using RADIUS.
• Use the local database if authentication was not performed by using
RADIUS.
Authorization is bypassed for authenticated users who log in through CLI even
TIP
if authorization has been configured.
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
Administering the WAP Access
global configuration command with the
command sets these
Chapter 6
213