13-22
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 13 Configuring Hybrid REAPWireless Device Access
Configuring Hybrid-REAP Groups
Using the CLI to Configure Hybrid-REAP Groups
Follow these steps to configure hybrid-REAP groups using the controller CLI.
Step 1 To add or delete a hybrid-REAP group, enter this command:
config hreap group group_name {add | delete}
Step 2 To configure a primary or secondary RADIUS server for the hybrid-REAP group, enter this command:
config hreap group group_name radius server {add | delete} {primary | secondary} server_index
Step 3 To add an access point to the hybrid-REAP group, enter this command:
config hreap group group_name ap {add | delete} ap_mac
Step 4 To configure local authentication for a hybrid-REAP group, follow these steps:
a. Make sure that a primary and secondary RADIUS server are not configured for the hybrid-REAP
group.
b. To enable or disable local authentication for this hybrid-REAP group, enter this command:
config hreap group group_name radius ap {enable | disable}
c. To enter the username and password of a client that you want to be able to authenticate using LEAP
or EAP-FAST, enter this command:
config hreap group group_name radius ap user add username password password
Note You can add up to 100 clients.
d. To allow a hybrid-REAP access point to authenticate clients using LEAP or to disable this behavior,
enter this command:
config hreap group group_name radius ap leap {enable | disable}
e. To allow a hybrid-REAP access point to authenticate clients using EAP-FAST or to disable this
behavior, enter this command:
config hreap group group_name radius ap eap-fast {enable | disable}
f. Enter one of the following commands, depending on how you want PACs to be provisioned:
• config hreap group group_name radius ap server-key key—Specifies the server key used to
encrypt and decrypt PACs. The key must be 32 hexadecimal characters.
• config hreap group group_name radius ap server-key auto—Allows PACs to be sent
automatically to clients that do not have one during PAC provisioning.
g. To specify the authority identifier of the EAP-FAST server, enter this command:
config hreap group group_name radius ap authority id id
where id is 32 hexadecimal characters.
h. To specify the authority identifier of the EAP-FAST server in text format, enter this command:
config hreap group group_name radius ap authority info info
where info is up to 32 hexadecimal characters.
To Next Page
Loading...
