beautypg.com

Configuring radius, Default radius configuration, Identifying the radius server host – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Page 410

background image

410

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 14

Configuring RADIUS and TACACS+ Servers

There is more than one type of EAP authentication, but the access point behaves
the same way for each type: it relays authentication messages from the wireless
client device to the RADIUS server and from the RADIUS server to the wireless
client device. See

Assigning Authentication Types to an SSID on page 359

for

instructions on setting up client authentication by using a RADIUS server.

Configuring RADIUS

This section describes how to configure your access point to support RADIUS.
At a minimum, you must identify the host or hosts that run the RADIUS server
software and define the method lists for RADIUS authentication. You can
optionally define method lists for RADIUS authorization and accounting.

A method list defines the sequence and methods to be used to authenticate, to
authorize, or to keep accounts on a user. You can use method lists to designate
one or more security protocols to be used, thus ensuring a back-up system if the
initial method fails. The software uses the first method listed to authenticate, to
authorize, or to keep accounts on users; if that method does not respond, the
software selects the next method in the list. This process continues until there is
successful communication with a listed method or the method list is exhausted.

You can access and configure a RADIUS server before configuring RADIUS
features on your access point.

Default RADIUS Configuration

RADIUS and AAA are disabled by default. To prevent a lapse in security, you
cannot configure RADIUS through a network management application. When
enabled, RADIUS can authenticate users accessing the access point through CLI.

Identifying the RADIUS Server Host

Access point-to-RADIUS-server communication involves several components:

Host name or IP address
Authentication destination port
Accounting destination port
Key string
Timeout period
Retransmission value

TIP

The RADIUS server CLI commands are disabled until you enter the

aaa

new-model

command.

See also other documents in the category Rockwell Automation Equipment: