Configuring Radius On The Acs - Cisco 2100 Series Configuration Manual
Wireless lan controller
Hide thumbs
Also See for 2100 Series:
- Configuration manual (50 pages) ,
- Quick start manual (12 pages) ,
- Configuration manual (40 pages)
Table of Contents
Advertisement
Configuring RADIUS
RADIUS uses User Datagram Protocol (UDP) for its transport. It maintains a database and listens on
UDP port 1812 for incoming authentication requests and UDP port 1813 for incoming accounting
requests. The controller, which requires access control, acts as the client and requests AAA services from
the server. The traffic between the controller and the server is encrypted by an algorithm defined in the
protocol and a shared secret key configured on both devices.
You can configure up to 17 RADIUS authentication and accounting servers each. For example, you may
want to have one central RADIUS authentication server but several RADIUS accounting servers in
different regions. If you configure multiple servers of the same type and the first one fails or becomes
unreachable, the controller automatically tries the second one, then the third one if necessary, and so on.
If multiple RADIUS servers are configured for redundancy, the user database must be identical in all the
Note
servers for the backup to work properly.
The primary RADIUS server (the server with lowest server index) is assumed to be the most preferable
server for the controller. If the primary server becomes unresponsive, the controller switches to the next
active backup server (the server with the next lowest server index). The controller continues to use this
backup server forever, unless you configure the controller to fall back to the primary RADIUS server
when it recovers and becomes responsive or to a more preferable server from the available backup
servers.
You must configure RADIUS on both your CiscoSecure Access Control Server (ACS) and your
controller. You can configure the controller through either the GUI or the CLI.
Configuring RADIUS on the ACS
Follow these steps to configure RADIUS on the ACS.
RADIUS is supported on CiscoSecure ACS version 3.2 and greater. The instructions and illustrations in
Note
this section pertain to ACS version 4.1 and may vary for other versions. Refer to the CiscoSecure ACS
documentation for the version you are running.
Click Network Configuration on the ACS main page.
Step 1
Step 2
Click Add Entry under AAA Clients to add your controller to the server. The Add AAA Client page
appears (see
Cisco Wireless LAN Controller Configuration Guide
5-4
Figure
5-1).
Chapter 5
Configuring Security Solutions
OL-17037-01
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
