beautypg.com

Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Page 412

background image

412

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 14

Configuring RADIUS and TACACS+ Servers

Beginning in privileged EXEC mode, follow these steps to configure per-server
RADIUS server communication. This procedure is required.

1. Enter global configuration mode.

configure terminal

2. Enable AAA.

aaa new-model

3. Specify the IP address or host name of the remote RADIUS server host.

(Optional) For

auth-port

port-number

, specify the UDP

destination port for authentication requests.

(Optional) For

acct-port

port-number

, specify the UDP

destination port for accounting requests.

(Optional) For

timeout

seconds

, specify the time interval that the

access point waits for the RADIUS server to reply before
retransmitting. The range is 1…1000.

This setting overrides the

radius-server timeout

global

configuration command setting. If no timeout is set with the

radius-

server host

command, the setting of the

radius-server

timeout

command is used.

(Optional) For

retransmit

retries

, specify the number of times

a RADIUS request is resent to a server if that server is not responding
or responding slowly. The range is 1…1000.

If no retransmit value is set with the

radius-server host

command, the setting of the

radius-server retransmit

global

configuration command is used.

(Optional) For

key

string

, specify the authentication and

encryption key used between the access point and the RADIUS
daemon running on the RADIUS server.

To configure the access point to recognize more than one host entry associated
with a single IP address, enter this command as many times as necessary, making
sure that each UDP port number is different. The access point software searches
for hosts in the order that you specify them. Set the timeout, retransmit, and
encryption key values to use with the specific RADIUS host.

radius-server host {hostname | ip-address} [auth-

port port-number] [acct-port port-number] [timeout

seconds] [retransmit retries] [key string]

4. Enter SSID configuration mode for an SSID when you need to enable

accounting.

TIP

The key is a text string that must match the encryption key used on the RADIUS
server. Always configure the key as the last item in the radius-server host
command. Leading spaces are ignored, but spaces within and at the end of the
key are used. If you use spaces in your key, don’t enclose the key in quotation
marks unless the quotation marks are part of the key.

See also other documents in the category Rockwell Automation Equipment: