Manualshelf

User's Manual

ManualsBrandsCisco Systems ManualsElectronics4.9 GHz WMIC Mini PCI Module
81828384858687888990
3-34
Cisco 3200 Series Wireless MIC Software Configuration Guide
OL-7734-02
Chapter 3 Administering the WMIC
Configuring and Enabling RADIUS
server. Using information from its user database, the RADIUS server creates its own response and
compares that to the response from the non-root bridge. When the RADIUS server authenticates the
non-root bridge, the process repeats in reverse, and the non-root bridge authenticates the RADIUS
server.
When mutual authentication is complete, the RADIUS server and the non-root bridge determine a WEP
key that is unique to the non-root bridge and provides the non-root bridge with the appropriate level of
network access, thereby approximating the level of security in a wired switched segment to an individual
desktop. The non-root bridge loads this key and prepares to use it for the logon session.
During the logon session, the RADIUS server encrypts and sends the WEP key, called a session key, over
the wired LAN to the root bridge. The root bridge encrypts its broadcast key with the session key and
sends the encrypted broadcast key to the non-root bridge, which uses the session key to decrypt it. The
non-root bridge and the root bridge activate WEP and use the session and broadcast WEP keys for all
communications during the remainder of the session.
There is more than one type of EAP authentication, but the root bridge behaves the same way for each
type: it relays authentication messages from the non-root bridge to the RADIUS server and from the
RADIUS server to the non-root bridge. See the Assigning Authentication Types to an SSID” section on
page 8-6 for instructions on setting up authentication using a RADIUS server.
Controlling WMIC Access with RADIUS
This section describes how to control administrator access to the WMIC using RADIUS.
RADIUS provides detailed accounting information and flexible administrative control over
authentication and authorization processes. RADIUS is facilitated through AAA and can be enabled only
through AAA commands. RADIUS and AAA are disabled by default.
At a minimum, the host or hosts that run the RADIUS server software must be identified and the method
lists for RADIUS authentication must be defined. Optionally, method lists for RADIUS authorization
and accounting can be defined.
A method list defines the sequence and methods to be used to authenticate, to authorize, or to keep
accounts on a non-root bridge. Method lists are used to designate one or more security protocols to be
used, thus ensuring a backup system if the initial method fails. The software uses the first method listed
to authenticate, to authorize, or to keep accounts on non-root bridges; if that method does not respond,
the software selects the next method in the list. This process continues until there is successful
communication with a listed method or the method list is exhausted.
You must have access to and should configure a RADIUS server before configuring RADIUS features.
These sections describe RADIUS configuration:
Identifying the RADIUS Server Host
Configuring RADIUS Login Authentication
Defining AAA Server Groups
Configuring RADIUS Authorization for User Privileged Access and Network Services
Starting RADIUS Accounting
Configuring Settings for All RADIUS Servers
Configuring the Bridge to Use Vendor-Specific RADIUS Attributes
Configuring the Bridge for Vendor-Proprietary RADIUS Server Communication
Displaying the RADIUS Configuration