Configuring External Authentication And Authorization Using A Radius Server - Cisco 2100 Series Configuration Manual

Chapter 8 Controlling Mesh Access Points
In the Description field, enter a description of the access point. The text that you enter identifies the mesh
Step 5
access point on the controller.
Note
From the Interface Name drop-down box, choose the controller interface to which the access point is to
Step 6
connect.
Click Apply to commit your changes. The access point now appears in the list of MAC filters on the
Step 7
MAC Filtering page.
Click Save Configuration to save your changes.
Step 8
Repeat this procedure to add the MAC addresses of additional access points to the list.
Step 9
Using the CLI to Add MAC Addresses of Mesh Access Points to the Controller Filter List
Using the controller CLI, follow these steps to add a MAC filter entry for the access point on the
controller.
To add the MAC address of an access point to the controller filter list, enter this command:
Step 1
config macfilter add ap_mac wlan_id interface [description]
A value of zero (0) for the wlan_id parameter specifies any WLAN, and a value of zero (0) for the
interface parameter specifies none. You can enter up to 32 characters for the optional description
parameter.
To save your changes, enter this command:
Step 2
save config

Configuring External Authentication and Authorization Using a RADIUS Server

Controller software release 5.2 supports external authorization and authentication of mesh access points
using a RADIUS server such as Cisco ACS (4.1 and later). The RADIUS server must support the client
authentication type of EAP-FAST with certificates.
Before you employ external authentication within the mesh network, you must make these changes:
•
•
•
•
OL-17037-01
You might want to include an abbreviation of its name and the last few digits of the MAC
address, such as ap1522:62:39:10. You can also note details on its location, such as roof top or
pole top or its cross streets.
Configure the RADIUS server to be used as an AAA server on the controller.
Configure the controller on the RADIUS server.
Add the mesh access point configured for external authorization and authentication to the user list
of the RADIUS server. For additional details, refer to the
section on page 8-14.
Configure EAP-FAST on the RADIUS server and install the certificates.
This feature also supports local EAP and PSK authentication on the controller.
Note
Adding Mesh Access Points to the Mesh Network
"Adding a Username to a RADIUS Server"
Cisco Wireless LAN Controller Configuration Guide
8-13