User Guide
Table Of Contents
- Cisco Wireless ISR and HWIC Access Point Configuration Guide
- Contents
- Preface
- Overview
- Configuring Radio Settings
- Enabling the Radio Interface
- Roles in Radio Network
- Configuring Network or Fallback Role
- Universal Client Mode
- Configuring Universal Client Mode
- Configuring Radio Data Rates
- Configuring Radio Transmit Power
- Configuring Radio Channel Settings
- Enabling and Disabling World Mode
- Enabling and Disabling Short Radio Preambles
- Configuring Transmit and Receive Antennas
- Disabling and Enabling Access Point Extensions
- Configuring the Ethernet Encapsulation Transformation Method
- Enabling and Disabling Reliable Multicast to Workgroup Bridges
- Enabling and Disabling Public Secure Packet Forwarding
- Configuring Beacon Period and DTIM
- Configuring RTS Threshold and Retries
- Configuring Maximum Data Retries
- Configuring Fragmentation Threshold
- Enabling Short Slot Time for 802.11g Radios
- Performing a Carrier Busy Test
- Configuring Multiple SSIDs
- Configuring an Access Point as a Local Authenticator
- Understand Local Authentication
- Configure a Local Authenticator
- Guidelines for Local Authenticators
- Configuration Overview
- Configuring the Local Authenticator Access Point
- Configuring Other Access Points to Use the Local Authenticator
- Configuring EAP-FAST Settings
- Limiting the Local Authenticator to One Authentication Type
- Unblocking Locked Usernames
- Viewing Local Authenticator Statistics
- Using Debug Messages
- Configuring Encryption Types
- Configuring Authentication Types
- Configuring RADIUS Servers
- Configuring and Enabling RADIUS
- Understanding RADIUS
- RADIUS Operation
- Configuring RADIUS
- Default RADIUS Configuration
- Identifying the RADIUS Server Host
- Configuring RADIUS Login Authentication
- Defining AAA Server Groups
- Configuring RADIUS Authorization for User Privileged Access and Network Services
- Starting RADIUS Accounting
- Selecting the CSID Format
- Configuring Settings for All RADIUS Servers
- Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
- Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
- Configuring WISPr RADIUS Attributes
- Displaying the RADIUS Configuration
- RADIUS Attributes Sent by the Access Point
- Configuring and Enabling RADIUS
- Configuring VLANs
- Configuring QoS
- Channel Settings
- Protocol Filters
- Supported MIBs
- Error and Event Messages
- Glossary
- Index
4-12
Cisco Wireless ISR and HWIC Access Point Configuration Guide
OL-6415-04
Chapter 4
Configure a Local Authenticator
The second section lists stats for each access point (NAS) authorized to use the local authenticator. The
EAP-FAST statistics in this section include these stats:
• Auto provision success—the number of PACs generated automatically
• Auto provision failure—the number of PACs not generated because of an invalid handshake packet
or invalid username or password
• PAC refres h—the number of PAC s renewed by clien ts
• Invalid PAC received—the number of PACs received that were expired, that the authenticator could
not decrypt, or that were assigned to a client username not in the authenticator’s database
The third section lists stats for individual users. If a user is blocked and the lockout time is set to infinite,
blocked appears at the end of the stat line for that user. If the lockout time is not infinite, Unblocked in
x seconds appears at the end of the stat line for that user.
Use this privileged exec mode command to reset local authenticator statistics to zero:
router# clear radius local-server statistics
Using Debug Messages
In privileged exec mode, enter this command to control the display of debug messages for the local
authenticator:
router# debug radius local-server { client | eapfast | error | packets}
Use the command options to display this debug information:
• Use the client option to display error messages related to failed client authentications.
• Use the eapfast option to display error messages related to EAP-FAST authentication. Use the
sub-options to select specific debugging information:
–
encryption —displays information on the encryption and decryption of received and
transmitted packets
–
events—displays information on all EAP-FAST events
–
pac—displays information on events related to PACs, such as PAC generation and verification
–
pkts—displays packets sent to and received from EAP-FAST clients
• Use the error option to display error messages related to the local authenticator.
• Use the packets option to turn on display of the content of RADIUS packets sent and received.