307
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Administering the Wireless Device
Controlling Access Point Access with RADIUS
To disable AAA, use the no aaa new-model command in global command mode. To disable AAA
authentication, use the no aaa authentication login {default | list-name} method1 [method2...]
command in global command mode. To either disable RADIUS authentication for logins or to return to
the default value, use the no login authentication {default | list-name} command in line configuration
mode.
Defining AAA Server Groups
You can configure the wireless device to use AAA server groups to group existing server hosts for
authentication. You select a subset of the configured server hosts and use them for a particular service.
The server group is used with a global server-host list, which lists the IP addresses of the selected server
hosts.
Server groups can also include multiple host entries for the same server if each entry has a unique
identifier (the combination of the IP address and UDP port number), allowing different ports to be
individually defined as RADIUS hosts providing a specific AAA service. If you configure two different
host entries on the same RADIUS server for the same service (such as accounting), the second
configured host entry acts as a failover backup to the first one.
You use the server group server configuration command to associate a particular server with a defined
group server. You can either identify the server by its IP address or identify multiple host instances or
entries by using the optional auth-port and acct-port keywords.
To define the AAA server group and associate a particular RADIUS server with it, follow these steps,
beginning in privileged EXEC mode.
SUMMARY STEPS
1. configure terminal
2. aaa new-model
3. radius-server host {hostname | ip-address} [auth-port port-number] [acct-port port-number]
[timeout seconds] [retransmit retries] [key string]
4. aaa group server radius group-name
5. server ip-address
6. end
7. show running-config
Step 5
login authentication {default |
list-name}
Applies the authentication list to a line or set of lines.
• If you specify default, use the default list that you created with the
aaa authentication login command.
• For list-name, specify the list that you created with the aaa
authentication login command.
Step 6
end Returns to privileged EXEC mode.
Step 7
show running-config Verifies your entries.
Step 8
copy running-config startup-config (Optional) Saves your entries in the configuration file.
Command Purpose
To Next Page
Loading...
