config radius acct
To configure settings for a RADIUS accounting server for the Cisco wireless LAN controller, use the config radius acct command.
config radius acct{ { add index IP addr port { ascii | hex} secret} | delete index | disable index | enable index | ipsec { authentication { hmac-md5 index | hmac-sha1 index } | disable index | enable index | encryption { 256-aes | 3des | aes | des} index | ike { auth-mode { pre-shared-key index type shared_secret_key | certificate index } | dh-group { 2048bit-group-14 | group-1 | group-2 | group-5} index | lifetime seconds index | phase1 { aggressive | main} index } } | { mac-delimiter { colon | hyphen | none | single-hyphen} } | { network index { disable | enable} } | { region { group | none | provincial} } | retransmit-timeout index seconds | realm { add | delete} index realm-string}
Syntax Description
add |
Adds a RADIUS accounting server (IPv4 or IPv6). |
||
index |
RADIUS server index (1 to 17). |
||
IP addr |
RADIUS server IP address (IPv4 or IPv6). |
||
port |
RADIUS server’s UDP port number for the interface protocols. |
||
ascii |
Specifies the RADIUS server’s secret type: ascii . |
||
hex |
Specifies the RADIUS server’s secret type: hex . |
||
secret |
RADIUS server’s secret. |
||
enable |
Enables a RADIUS accounting server. |
||
disable |
Disables a RADIUS accounting server. |
||
delete |
Deletes a RADIUS accounting server. |
||
ipsec |
Enables or disables IPSec support for an accounting server.
|
||
authentication |
Configures IPSec Authentication. |
||
hmac-md5 |
Enables IPSec HMAC-MD5 authentication. |
||
hmac-sha1 |
Enables IPSec HMAC-SHA1 authentication. |
||
disable |
Disables IPSec support for an accounting server. |
||
enable |
Enables IPSec support for an accounting server. |
||
encryption |
Configures IPSec encryption. |
||
256-aes |
Enables IPSec AES-256 encryption. |
||
3des |
Enables IPSec 3DES encryption. |
||
aes |
Enables IPSec AES-128 encryption. |
||
des |
Enables IPSec DES encryption. |
||
ike |
Configures Internet Key Exchange (IKE). |
||
auth-mode |
Configures IKE authentication method. |
||
pre-shared-key |
Pre-shared key for authentication. |
||
certificate |
Certificate used for authentication. |
||
dh-group |
Configures IKE Diffie-Hellman group. |
||
2048bit-group-14 |
Configures DH group 14 (2048 bits). |
||
group-1 |
Configures DH group 1 (768 bits). |
||
group-2 |
Configures DH group 2 (1024 bits). |
||
group-5 |
Configures DH group 5 (1536 bits). |
||
lifetime seconds |
Configures IKE lifetime in seconds. The range is from 1800 to 57600 seconds and the default is 28800. |
||
phase1 |
Configures IKE phase1 mode. |
||
aggressive |
Enables IKE aggressive mode. |
||
main |
Enables IKE main mode. |
||
mac-delimiter |
Configures MAC delimiter for caller station ID and calling station ID. |
||
colon |
Sets the delimiter to colon (For example: xx:xx:xx:xx:xx:xx). |
||
hyphen |
Sets the delimiter to hyphen (For example: xx-xx-xx-xx-xx-xx). |
||
none |
Disables delimiters (For example: xxxxxxxxxx). |
||
single-hyphen |
Sets the delimiters to single hyphen (For example: xxxxxx-xxxxxx). |
||
network |
Configures a default RADIUS server for network users. |
||
group |
Specifies RADIUS server type group. |
||
none |
Specifies RADIUS server type none. |
||
provincial |
Specifies RADIUS server type provincial. |
||
retransmit-timeout |
Changes the default retransmit timeout for the server. |
||
seconds |
The number of seconds between retransmissions. |
||
realm |
Specifies radius acct realm. |
||
add |
Adds radius acct realm. |
||
delete |
Deletes radius acct realm. |
Command Default
When adding a RADIUS server, the port number defaults to 1813 and the state is enabled .
Usage Guidelines
IPSec is not supported for IPv6.
Command History
Release | Modification |
---|---|
7.6 | This command was introduced in a release earlier than Release 7.6. |
8.0 |
This command supports both IPv4 and IPv6 address formats. |
Examples
The following example shows how to configure a priority 1 RADIUS accounting server at 10.10.10.10 using port 1813 with a login password of admin :
(Cisco Controller) > config radius acct add 1 10.10.10.10 1813 ascii admin
The following example shows how to configure a priority 1 RADIUS accounting server at 2001:9:6:40::623 using port 1813 with a login password of admin :
(Cisco Controller) > config radius acct add 1 2001:9:6:40::623 1813 ascii admin