Defining aaa server groups – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

211

Administering the WAP Access

Chapter 6

Defining AAA Server Groups

You can configure the wireless device to use AAA server groups to group existing
server hosts for authentication. You choose a subset of the configured server hosts
and use them for a particular service. The server group is used with a global
server-host list, that lists the IP addresses of the selected server hosts.

Server groups also can include multiple host entries for the same server if each
entry has a unique identifier (the combination of the IP address and UDP port
number), letting different ports to be individually defined as RADIUS hosts
providing a specific AAA service. If you configure two different host entries on
the same RADIUS server for the same service (such as accounting), the second
configured host entry acts as a fail-over backup to the first one.

You use the

server

group server configuration command to associate a

particular server with a defined group server. You can either identify the server by
its IP address or identify multiple host instances or entries by using the optional

auth-port

and

acct-port

keywords.

Beginning in privileged EXEC mode, follow these steps to define the AAA server
group and associate a particular RADIUS server with it:

1. Enter global configuration mode.

configure terminal

2. Enable AAA.

aaa new-model

3. Specify the IP address or host name of the remote RADIUS server host.

radius-server host {hostname | ip-address} [auth-

port port-number] [acct-port port-number] [timeout

seconds] [retransmit retries] [key string]

• (Optional) For

auth-port port-number

, specify the UDP

destination port for authentication requests.

• (Optional) For

acct-port port-number

, specify the UDP

destination port for accounting requests.

• (Optional) For

timeout seconds

, specify the time interval that the

wireless device waits for the RADIUS server to reply before
retransmitting. The range is 1…1000. This setting overrides the

radius-server timeout

global configuration command setting.

If no timeout is set with the

radius-server host

command, the

setting of the

radius-server timeout

command is used.

• (Optional) For

retransmit retries

, specify the number of times

a RADIUS request is resent to a server if that server is not responding
or responding slowly. The range is 1…1000. If no retransmit value is set
with the

radius-server host

command, the setting of the

radius-server retransmit

global configuration command is

used.