User's Manual
3-47
Cisco 3200 Series Wireless MIC Software Configuration Guide
OL-7734-02
Chapter 3 Administering the WMIC
Controlling WMIC Access with TACACS+
or until all defined methods are exhausted. If authentication fails at any point in this cycle—meaning that
the security server or local username database responds by denying the user access—the authentication
process stops, and no other authentication methods are attempted.
Identifying the TACACS+ Server Host and Setting the Authentication Key
You can configure the WMIC to use a single server or AAA server groups to group existing server hosts
for authentication. You can group servers to select a subset of the configured server hosts and use them
for a particular service. The server group is used with a global server-host list and contains the list of IP
addresses of the selected server hosts.
Beginning in privileged EXEC mode, follow these steps to identify the IP host or host maintaining
TACACS+ server and optionally set the encryption key:
To remove the specified TACACS+ server name or address, use the no tacacs-server host hostname
global configuration command. To remove a server group from the configuration list, use the no aaa
group server tacacs+ group-name global configuration command. To remove the IP address of a
TACACS+ server, use the no server ip-address server group subconfiguration command.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
tacacs-server host hostname [port
integer] [timeout integer] [key string]
Identify the IP host or hosts maintaining a TACACS+ server. Enter this
command multiple times to create a list of preferred hosts. The software
searches for hosts in the order in which you specify them.
• For hostname, specify the name or IP address of the host.
• (Optional) For port integer, specify a server port number. The default
is port 49. The range is 1 to 65535.
• (Optional) For timeout integer, specify a time in seconds the WMIC
waits for a response from the daemon before it times out and declares
an error. The default is 5 seconds. The range is 1 to 1000 seconds.
• (Optional) For key string, specify the encryption key for encrypting
and decrypting all traffic between the WMIC and the TACACS+
daemon. You must configure the same key on the TACACS+ daemon
for encryption to be successful.
Step 3
aaa new-model Enable AAA.
Step 4
aaa group server tacacs+ group-name (Optional) Define the AAA server-group with a group name.
This command puts the WMIC in a server group subconfiguration mode.
Step 5
server ip-address (Optional) Associate a particular TACACS+ server with the defined server
group. Repeat this step for each TACACS+ server in the AAA server
group.
Each server in the group must be previously defined in Step 2.
Step 6
end Return to privileged EXEC mode.
Step 7
show tacacs Verify your entries.
Step 8
copy running-config startup-config (Optional) Save your entries in the configuration file.