beautypg.com

Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Page 420

background image

420

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 14

Configuring RADIUS and TACACS+ Servers

When a session is terminated, the RADIUS server sends a disconnect message to
the Network Access Server (NAS); an access point or WDS. For 802.11 sessions,
the Calling-Station-ID [31] RADIUS attribute (the MAC address of the client)
must be supplied in the Pod request. The access point or WDS attempts to
disassociate the relevant session and then sends a disconnect response message
back to the RADIUS server. The message types are as follows:

40—Disconnect-Request
41—Disconnect—ACK
42—Disconnect—NAK

Beginning in privileged EXEC mode, follow these steps to configure a PoD:

1. Enter global configuration mode.

configure terminal

2. Enables user sessions to be disconnected by requests from a RADIUS

server when specific session attributes are presented.

port

port number

—(Optional) The UDP port where the access

point listens for PoD requests. The default value is 1700.

auth-type

This parameter is not supported for 802.11 sessions.

clients

(Optional)—Up to four RADIUS servers can be nominated as clients.
If this configuration is present and a PoD request originates from a
device that is not on the list, it is rejected.

ignore

(Optional)—When set to

server_key

, the shared secret is not

validated when a PoD request is received.

session-key

Not supported for 802.11 sessions.

server-key

Configures the shared-secret text string.

TIP

Refer to your RADIUS server application documentation for instructions on

how to configure PoD requests.

The access point does not block subsequent attempts by the client to

reassociate. It is the responsibility of the security administrator to disable
the client account before issuing a PoD request.

When WDS is configured, direct PoD requests to the WDS. The WDS

forwards the disassociation request to the parent access point and then
purges the session from its own internal tables.

PoD is supported on the Cisco CNS Access Registrar (CAR) RADIUS server,

but not on the Cisco Secure ACS Server, v4.0 and earlier.

See also other documents in the category Rockwell Automation Equipment: