Configuring An Authority Id; Configuring Server Keys - Allen-Bradley Stratix 5100 User Manual
Wireless access point/workgroup bridge
Hide thumbs
Also See for Stratix 5100:
- Product information (8 pages) ,
- Product information (8 pages) ,
- Product information (8 pages)
Table of Contents
Advertisement
Use this command to generate a PAC manually:
AP# radius local-server pac-generate filename
username [password password] [expiry days]
When you enter the PAC filename, enter the full path to where the local
authenticator writes the PAC file (such as tftp://172.1.1.1/test/user.pac). The
password is optional and, if not specified, a default password understood by the
CCX client is used. Expiry is also optional and, if not specified, the default
period is one day.
In this example, the local authenticator generates a PAC for the username joe,
password-protects the file with the password
days, and writes the PAC file to the TFTP server at 10.0.0.5:
AP# radius local-server pac-generate tftp://
10.0.0.5 joe password bingo expiry 10
Configuring an Authority ID
All EAP-FAST authenticators are identified by an authority identity (AID). The
local authenticator sends its AID to an authenticating client, and the client
checks its database for a matching AID. If the client does not recognize the AID,
it requests a new PAC.
Use these commands to assign an AID to the local authenticator:
AP(config-radserv)# [no] eapfast authority id
identifier
AP(config-radserv)# [no] eapfast authority info
identifier
The eapfast authority id command assigns an AID that the client device uses
during authentication.
Configuring Server Keys
The local authenticator uses server keys to encrypt PACs that it generates and to
decrypt PACs when authenticating clients. The server maintains two keys, a
primary key and a secondary key, and uses the primary key to encrypt PACs. By
default, the server uses a default value as the primary key but does not use a
secondary key unless you configure one.
When the local authenticator receives a client PAC, it attempts to decrypt the
PAC with the primary key. If decryption fails with the primary, the authenticator
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
Configure an Access Point as a Local Authenticator
, sets the PAC to expire in 10
bingo
Chapter 10
337
Advertisement
Table of Contents
Related Manuals for Allen-Bradley Stratix 5100
Related Products for Allen-Bradley Stratix 5100
- Allen-Bradley Kinetix 5100 2198-E1004-ERS
- Allen-Bradley Kinetix 5100 2198-E1007-ERS
- Allen-Bradley Kinetix 5100 2198-E1020-ERS
- Allen-Bradley Kinetix 5100 2198-E1015-ERS
- Allen-Bradley Kinetix 5100 2198-E2030-ERS
- Allen-Bradley Kinetix 5100 2198-E2055-ERS
- Allen-Bradley Kinetix 5100 2198-E2075-ERS
- Allen-Bradley Kinetix 5100 2198-E2150-ERS