User's Manual

ManualsBrandsCisco Systems ManualsElectronics4.9 GHz WMIC Mini PCI Module

3-33

Cisco 3200 Series Wireless MIC Software Configuration Guide

OL-7734-02

Chapter 3 Administering the WMIC

Configuring and Enabling RADIUS

• Networks already using RADIUS. You can add a Cisco bridge containing a RADIUS client to the

network.

• Networks that require resource accounting. You can use RADIUS accounting independently of

RADIUS authentication or authorization. The RADIUS accounting functions allow data to be sent

at the start and end of services, showing the amount of resources (such as time, packets, bytes, and

so forth) used during the session. An Internet service provider might use a freeware-based version

of RADIUS access control and accounting software to meet special security and billing needs.

RADIUS is not suitable in these network security situations:

• Multiprotocol access environments. RADIUS does not support AppleTalk Remote Access (ARA),

NetBIOS Frame Control Protocol (NBFCP), NetWare Asynchronous Services Interface (NASI), or

X.25 PAD connections.

• Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication.

RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device

requires authentication.

• Networks using a variety of services. RADIUS generally binds a user to one service model.

RADIUS Operation

When a non-root bridge attempts to authenticate to a bridge whose access is controlled by a RADIUS

server, authentication to the network occurs in the steps shown in Figure 3-2:

Figure 3-2 Sequence for EAP Authentication

In Steps 1 through 9 in Figure 3-2, a non-root bridge and a RADIUS server on the wired LAN use 802.1x

and EAP to perform a mutual authentication through the root bridge. The RADIUS server sends an

authentication challenge to the non-root bridge. The non-root bridge uses a one-way encryption of the

user-supplied password to generate a response to the challenge and sends that response to the RADIUS

88901

Switch on

LAN 1

1. Authentication request

Authentication

server

Non-Root

Bridge

Root Bridge

2. Identity request

3. Username

(Relay to non-root bridge)

5. Authentication response

(Relay to non-root bridge)

7. Authentication challenge

(Relay to non-root bridge)

9. Authentication success

(Relay to server)

4. Authentication challenge

(Relay to server)

6. Authentication success

(Relay to server)

8. Authentication response

(Relay to server)