Cisco Systems IOS Releases 15.2(4)JA Universal Remote User Manual


 
5-12
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Chapter 5 Administering the Access Point
Controlling Access Point Access with RADIUS
RADIUS provides detailed accounting information and flexible administrative control over
authentication and authorization processes. RADIUS is facilitated through AAA and can be enabled only
through AAA commands.
Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS
Security Command Reference for Release 12.3.
These sections describe RADIUS configuration:
Default RADIUS Configuration, page 5-12
Configuring RADIUS Login Authentication, page 5-12 (required)
Defining AAA Server Groups, page 5-14 (optional)
Configuring RADIUS Authorization for User Privileged Access and Network Services, page 5-16
(optional)
Displaying the RADIUS Configuration, page 5-17
Default RADIUS Configuration
RADIUS and AAA are disabled by default.
To prevent a lapse in security, you cannot configure RADIUS through a network management
application. When enabled, RADIUS can authenticate users accessing the wireless device through the
CLI.
Configuring RADIUS Login Authentication
To configure AAA authentication, you define a named list of authentication methods and then apply that
list to various interfaces. The method list defines the types of authentication to be performed and the
sequence in which they are performed; it must be applied to a specific interface before any of the defined
authentication methods are performed. The only exception is the default method list (which, by
coincidence, is named default). The default method list is automatically applied to all interfaces except
those that have a named method list explicitly defined.
A method list describes the sequence and authentication methods to be queried to authenticate a user.
You can designate one or more security protocols to be used for authentication, thus ensuring a backup
system for authentication in case the initial method fails. The software uses the first method listed to
authenticate users; if that method fails to respond, the software selects the next authentication method in
the method list. This process continues until there is successful communication with a listed
authentication method or until all defined methods are exhausted. If authentication fails at any point in
this cycle—meaning that the security server or local username database responds by denying the user
access—the authentication process stops, and no other authentication methods are attempted.
Beginning in privileged EXEC mode, follow these steps to configure login authentication. This
procedure is required.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
aaa new-model Enable AAA.