Online Help for Cisco IOS Release 12.3(02)JA
Home
Express Setup
Express Security
Network Map
Association
Network Interfaces
Security
Services
System Software
Event Log

 

  
Home: Configuring/Enabling Authentication using RADIUS Server
 

You must first configure the SSID. Complete the following steps to configure the SSID.

  1. From the navigation menu, click Security to go to the Security Summary page.
  2. From the expanded Security menu, click SSID Manager to go the SSID Manager page.


  3. In the Current SSID list, select the SSID for which MAC authentication will be used. If you need to create a new SSID, continue to Step 4. Otherwise, skip to Step 7.
  4. Select <NEW> from the Current SSID list.
  5. Provide the SSID name in the SSID text field.
  6. At the VLAN list, select the VLAN to be used for this SSID. Select <NONE> if VLANs are not enabled.
  7. Under Authentication Methods Accepted, select the authentication type to use on this SSID.
  8. Use the drop-down menu to choose MAC authentication only, or you can also select MAC and EAP authentication or MAC or EAP authentication.
  9. Determine how you are going to use specific RADIUS servers on this SSID. In the EAP and MAC Authentication Server sections, you can choose to use the defaults or customize the priority by using the drop-down menu. If you click to enable the use of the defaults, click the Define Defaults link to move into the Server Manager window.
  10. Click Apply to create the SSID.

Now that the SSID is configured, you can add the RADIUS or TACACS+ server. Complete the following steps to add the RADIUS server.

  1. From the navigation menu, click Security to go the Security Summary page.
  2. From the expanded Security menu, click Server Manager to go to the Server Manager screen.
  3. In the Current Server List, select the server to be used for EAP authentication. If you need to create a new server, continue to Step 4. Otherwise, skip to Step 10.
  4. Select <NEW> from the Current Server List.
  5. Enter the server host name or IP address in the Server text field.
  6. Use the drop-down menu to select RADIUS server as the server type.
  7. In the Shared Secret text field, enter the shared secret used by your specified server that matches the one on the device.
  8. Enter the port number your server uses for authentication in the Authentication Port parameter. The port setting for the Cisco RADIUS server (the Access Control Server [ACS]) is 1645, and the port setting for many RADIUS servers is 1812.
  9. Use drop-down menus in the Default Server Priorities section to determine which level of priority you want to assign to each server. Select Priority 1, 2, or 3 for this server.
  10. Click the Apply button to add the server.
  11. Steps 11 through 16 are optional tasks and can be skipped to expedite setup. Click the Global Properties tab. Specify the interval at which the accounting updates should be performed in the Accounting Updates Interval field.
  12. In the TACACS+ Server Timeout field, specify the number of seconds an access point waits for a reply to a TACACS+ request before resending the request.
  13. In the RADIUS Server Timeout field, specify the number of seconds an access point waits for a reply to a RADIUS request before resending the request.
  14. In the RADIUS Server Retransmit Retries field, specify the number of times the access point sends each RADIUS request to the server before giving up.
  15. If more than one RADIUS server is configured for EAP authentication, enable the Dead Server List option. Specify how long unresponsive RADIUS servers should be skipped over when the access point is attempting RADIUS server authentication. Enter this amount in the Server remains on list for text field.
  16. Click Apply in the Global Server Properties section.

 

 

 
   
Copyright (c) 2004 by Cisco Systems, Inc.