Configuring Settings For All Radius Servers; Configuring The Access Point To Use Vendor-Specific Radius Attributes - Cisco Aironet 1100 Series Installation And Configuration Manual
Hide thumbs
Also See for Aironet 1100 Series:
- Hardware installation manual (116 pages) ,
- Hardware installation manual (122 pages)
Table of Contents
Advertisement
Chapter 11
Configuring RADIUS Servers
Configuring Settings for All RADIUS Servers
Beginning in privileged EXEC mode, follow these steps to configure global communication settings
between the access point and all RADIUS servers:
Command
Step 1
configure terminal
Step 2
radius-server key string
Step 3
radius-server retransmit retries
Step 4
radius-server timeout seconds
Step 5
radius-server deadtime minutes
Step 6
radius-server attribute 32
include-in-access-req format %h
Step 7
end
Step 8
show running-config
Step 9
copy running-config startup-config
To return to the default setting for the retransmit, timeout, and deadtime, use the no forms of these
commands.
Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating
vendor-specific information between the access point and the RADIUS server by using the
vendor-specific attribute (attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their
own extended attributes not suitable for general use. The Cisco RADIUS implementation supports one
vendor-specific option by using the format recommended in the specification. Cisco's vendor-ID is 9,
and the supported option has vendor-type 1, which is named cisco-avpair. The value is a string with this
format:
protocol : attribute sep value *
OL-2851-01
Purpose
Enter global configuration mode.
Specify the shared secret text string used between the access point and all
RADIUS servers.
The key is a text string that must match the encryption key used on
Note
the RADIUS server. Leading spaces are ignored, but spaces within
and at the end of the key are used. If you use spaces in your key, do
not enclose the key in quotation marks unless the quotation marks
are part of the key.
Specify the number of times the access point sends each RADIUS request
to the server before giving up. The default is 3; the range 1 to 1000.
Specify the number of seconds an access point waits for a reply to a
RADIUS request before resending the request. The default is 5 seconds; the
range is 1 to 1000.
Specify the number of minutes the access point waits for a response from a
RADIUS server before skipping to the next server, thus avoiding the wait
for the request to timeout before trying the next configured server. The
default is 0; the range is 1 to 1440 minutes.
If you set up more than one RADIUS server, you must configure the
Note
RADIUS server deadtime for optimal performance.
Configure the access point to send its system name in the NAS_ID attribute
for authentication.
Return to privileged EXEC mode.
Verify your settings.
(Optional) Save your entries in the configuration file.
Cisco Aironet 1100 Series Access Point Installation and Configuration Guide
Configuring RADIUS
11-13
Hide quick links:
Advertisement
Table of Contents
