User Guide
Table Of Contents
- Cisco Wireless ISR and HWIC Access Point Configuration Guide
- Contents
- Preface
- Overview
- Configuring Radio Settings
- Enabling the Radio Interface
- Roles in Radio Network
- Configuring Network or Fallback Role
- Universal Client Mode
- Configuring Universal Client Mode
- Configuring Radio Data Rates
- Configuring Radio Transmit Power
- Configuring Radio Channel Settings
- Enabling and Disabling World Mode
- Enabling and Disabling Short Radio Preambles
- Configuring Transmit and Receive Antennas
- Disabling and Enabling Access Point Extensions
- Configuring the Ethernet Encapsulation Transformation Method
- Enabling and Disabling Reliable Multicast to Workgroup Bridges
- Enabling and Disabling Public Secure Packet Forwarding
- Configuring Beacon Period and DTIM
- Configuring RTS Threshold and Retries
- Configuring Maximum Data Retries
- Configuring Fragmentation Threshold
- Enabling Short Slot Time for 802.11g Radios
- Performing a Carrier Busy Test
- Configuring Multiple SSIDs
- Configuring an Access Point as a Local Authenticator
- Understand Local Authentication
- Configure a Local Authenticator
- Guidelines for Local Authenticators
- Configuration Overview
- Configuring the Local Authenticator Access Point
- Configuring Other Access Points to Use the Local Authenticator
- Configuring EAP-FAST Settings
- Limiting the Local Authenticator to One Authentication Type
- Unblocking Locked Usernames
- Viewing Local Authenticator Statistics
- Using Debug Messages
- Configuring Encryption Types
- Configuring Authentication Types
- Configuring RADIUS Servers
- Configuring and Enabling RADIUS
- Understanding RADIUS
- RADIUS Operation
- Configuring RADIUS
- Default RADIUS Configuration
- Identifying the RADIUS Server Host
- Configuring RADIUS Login Authentication
- Defining AAA Server Groups
- Configuring RADIUS Authorization for User Privileged Access and Network Services
- Starting RADIUS Accounting
- Selecting the CSID Format
- Configuring Settings for All RADIUS Servers
- Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
- Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
- Configuring WISPr RADIUS Attributes
- Displaying the RADIUS Configuration
- RADIUS Attributes Sent by the Access Point
- Configuring and Enabling RADIUS
- Configuring VLANs
- Configuring QoS
- Channel Settings
- Protocol Filters
- Supported MIBs
- Error and Event Messages
- Glossary
- Index
7-12
Cisco Wireless ISR and HWIC Access Point Configuration Guide
OL-6415-04
Chapter 7 Configuring RADIUS Servers
Configuring and Enabling RADIUS
Beginning in privileged EXEC mode, follow these steps to specify RADIUS authorization for privileged
EXEC access and network services:
To disable authorization, use the no aaa authorization {network | exec} method1 global configuration
command.
Starting RADIUS Accounting
The AAA accounting feature tracks the services that users are accessing and the amount of network
resources that they are consuming. When AAA accounting is enabled, the access point reports user
activity to the RADIUS security server in the form of accounting records. Each accounting record
contains accounting attribute-value (AV) pairs and is stored on the security server. This data can then be
analyzed for network management, client billing, or auditing. See the
“RADIUS Attributes Sent by the
Access Point” section on page 7-18 for a complete list of attributes sent and honored by the access point.
Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco
IOS privilege level and for network services:
To disable accounting, use the no aaa accounting {network | exec} {start-stop} method1... global
configuration command.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
aaa authorization network radius Configure the access point for user RADIUS authorization for all
network-related service requests.
Step 3
aaa authorization exec radius Configure the access point for user RADIUS authorization to determine if
the user has privileged EXEC access.
The exec keyword might return user profile information (such as
autocommand information).
Step 4
end Return to privileged EXEC mode.
Step 5
show running-config Ve ri fy y o ur ent rie s .
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
aaa accounting network start-stop
radius
Enable RADIUS accounting for all network-related service requests.
Step 3
ip radius source-interface bvi1 Configure the access point to send its BVI IP address in the
NAS_IP_ADDRESS attribute for accounting records.
Step 4
aaa accounting update periodic minutes Enter an accounting update interval in minutes.
Step 5
end Return to privileged EXEC mode.
Step 6
show running-config Ver if y you r en tr ie s.
Step 7
copy running-config startup-config (Optional) Save your entries in the configuration file.