5-12
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 5 Configuring Security Solutions
Configuring RADIUS
• config radius auth keywrap add {ascii | hex} kek mack index—Configures the AES key wrap
attributes where
–
kek specifies the 16-byte Key Encryption Key (KEK).
–
mack specifies the 20-byte Message Authentication Code Key (MACK).
–
index specifies the index of the RADIUS authentication server on which to configure the AES
key wrap.
• config radius auth rfc3576 {enable | disable} index—Enables or disables RFC 3576, which is an
extension to the RADIUS protocol that allows dynamic changes to a user session. RFC 3576
includes support for disconnecting users and changing authorizations applicable to a user session
and supports disconnect and change-of-authorization (CoA) messages). Disconnect messages cause
a user session to be terminated immediately whereas CoA messages modify session authorization
attributes such as data filters.
• config radius auth retransmit-timeout index timeout—Configures the retransmission timeout
value for a RADIUS authentication server.
• config radius auth network index {enable | disable}—Enables or disables network user
authentication. If you enable this feature, this entry is considered the RADIUS authentication server
for network users. If you did not configure a RADIUS server entry on the WLAN, you must enable
this option for network users.
• config radius auth management index {enable | disable}—Enables or disables management
authentication. If you enable this feature, this entry is considered the RADIUS authentication server
for management users, and authentication requests go to the RADIUS server.
• config radius auth ipsec {enable | disable} index—Enables or disables the IP security mechanism.
• config radius auth ipsec authentication {hmac-md5 | hmac-sha1} index—Configures the
authentication protocol to be used for IP security.
• config radius auth ipsec encryption {3des | aes | des | none} index—Configures the IP security
encryption mechanism.
• config radius auth ipsec ike dh-group {group-1 | group-2 | group-5} index—Configures the IKE
Diffie Hellman group.
• config radius auth ipsec ike lifetime interval index—Configures the timeout interval for the
session.
• config radius auth ipsec ike phase1{aggressive | main} index—Configures the Internet Key
Exchange (IKE) protocol.
• config radius auth {enable | disable} index—Enables or disables a RADIUS authentication server.
• config radius auth delete index—Deletes a previously added RADIUS authentication server.
Step 3 Use these commands to configure a RADIUS accounting server:
• config radius acct add index server_ip_address port# {ascii | hex} shared_secret—Adds a
RADIUS accounting server.
• config radius acct server-timeout index timeout—Configures the retransmission timeout value for
a RADIUS accounting server.
• config radius acct network index {enable | disable}—Enables or disables network user
accounting. If you enable this feature, this entry is considered the RADIUS accounting server for
network users. If you did not configure a RADIUS server entry on the WLAN, you must enable this
option for network users.
• config radius acct ipsec {enable | disable} index—Enables or disables the IP security mechanism.
To Next Page
Loading...
Need help?
General
