Configuring RADIUS
config radius auth keywrap add {ascii | hex} kek mack index—Configures the AES key wrap
•
attributes where
–
–
–
•
config radius auth rfc3576 {enable | disable} index—Enables or disables RFC 3576, which is an
extension to the RADIUS protocol that allows dynamic changes to a user session. RFC 3576
includes support for disconnecting users and changing authorizations applicable to a user session
and supports disconnect and change-of-authorization (CoA) messages). Disconnect messages cause
a user session to be terminated immediately whereas CoA messages modify session authorization
attributes such as data filters.
config radius auth retransmit-timeout index timeout—Configures the retransmission timeout
•
value for a RADIUS authentication server.
•
config radius auth network index {enable | disable}—Enables or disables network user
authentication. If you enable this feature, this entry is considered the RADIUS authentication server
for network users. If you did not configure a RADIUS server entry on the WLAN, you must enable
this option for network users.
config radius auth management index {enable | disable}—Enables or disables management
•
authentication. If you enable this feature, this entry is considered the RADIUS authentication server
for management users, and authentication requests go to the RADIUS server.
config radius auth ipsec {enable | disable} index—Enables or disables the IP security mechanism.
•
config radius auth ipsec authentication {hmac-md5 | hmac-sha1} index—Configures the
•
authentication protocol to be used for IP security.
config radius auth ipsec encryption {3des | aes | des | none} index—Configures the IP security
•
encryption mechanism.
config radius auth ipsec ike dh-group {group-1 | group-2 | group-5} index—Configures the IKE
•
Diffie Hellman group.
•
config radius auth ipsec ike lifetime interval index—Configures the timeout interval for the
session.
•
config radius auth ipsec ike phase1{aggressive | main} index—Configures the Internet Key
Exchange (IKE) protocol.
•
config radius auth {enable | disable} index—Enables or disables a RADIUS authentication server.
•
config radius auth delete index—Deletes a previously added RADIUS authentication server.
Step 3
Use these commands to configure a RADIUS accounting server:
config radius acct add index server_ip_address port# {ascii | hex} shared_secret—Adds a
•
RADIUS accounting server.
•
config radius acct server-timeout index timeout—Configures the retransmission timeout value for
a RADIUS accounting server.
•
config radius acct network index {enable | disable}—Enables or disables network user
accounting. If you enable this feature, this entry is considered the RADIUS accounting server for
network users. If you did not configure a RADIUS server entry on the WLAN, you must enable this
option for network users.
config radius acct ipsec {enable | disable} index—Enables or disables the IP security mechanism.
•
Cisco Wireless LAN Controller Configuration Guide
5-12
kek specifies the 16-byte Key Encryption Key (KEK).
mack specifies the 20-byte Message Authentication Code Key (MACK).
index specifies the index of the RADIUS authentication server on which to configure the AES
key wrap.
Chapter 5
Configuring Security Solutions
OL-17037-01