User's Manual

ManualsBrandsCisco Systems ManualsWelding SystemCisco Systems IOS Software 0L-11350-01

111

112

113

114

115

116

117

118

119

120

5-19

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-11350-01

Chapter 5 Administering the Access PointWireless Device Access

Configuring the Access Point for Local Authentication and Authorization

Configuring the Access Point for Local Authentication and

Authorization

You can configure AAA to operate without a server by configuring the wireless device to implement

AAA in local mode. The wireless device then handles authentication and authorization. No accounting

is available in this configuration.

Note You can configure the wireless device as a local authenticator for 802.1x-enabled client devices to

provide a backup for your main server or to provide authentication service on a network without a

RADIUS server. See Chapter 9, “Configuring an Access Point as a Local Authenticator,” for detailed

instructions on configuring the wireless device as a local authenticator.

Beginning in privileged EXEC mode, follow these steps to configure the wireless device for local AAA:

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

aaa new-model Enable AAA.

Step 3

aaa authentication login default local Set the login authentication to use the local username database. The

default keyword applies the local user database authentication to all

interfaces.

Step 4

aaa authorization exec local Configure user AAA authorization to determine if the user is allowed to

run an EXEC shell by checking the local database.

Step 5

aaa authorization network local Configure user AAA authorization for all network-related service

requests.

Step 6

username name [privilege level]

{password encryption-type password}

Enter the local database, and establish a username-based authentication

system.

Repeat this command for each user.

• For name, specify the user ID as one word. Spaces and quotation

marks are not allowed.

• (Optional) For level, specify the privilege level the user has after

gaining access. The range is 0 to 15. Level 15 gives privileged EXEC

mode access. Level 0 gives user EXEC mode access.

• For encryption-type, enter 0 to specify that an unencrypted password

follows. Enter 7 to specify that a hidden password follows.

• For password, specify the password the user must enter to gain access

to the wireless device. The password must be from 1 to 25 characters,

can contain embedded spaces, and must be the last option specified

in the username command.

Note Characters TAB, ?, $, +, and [ are invalid characters for

passwords.

Step 7

end Return to privileged EXEC mode.

Step 8

show running-config Verify your entries.

Step 9

copy running-config startup-config (Optional) Save your entries in the configuration file.