Manualshelf

user manual

ManualsBrandsCisco Systems ManualsNetwork RouterNetwork Router DL-2159-05
191192193194195196197198199200
8-38
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
Chapter 8 Security Setup
Setting up Centralized Administrator Authentication
If the user entry is not accessed within 5 minutes, the next access causes a new server request to be
sent to the authentication server so the user and new privileges are cached again.
If the response is a rejection, a reject response is issued just as if the local database entry was not found.
the administrator is also rejected in the case where they exist on the the authentication server but do not
have administrative capabilities configured.
Authorization Parameters
The following authentication server attribute value (AV) pair is returned to the access point for an
administrator login request:
This is RADIUS attribute #26, Cisco Vendor ID #9, type #1 --- string.
Cisco:Avpair = aironet:admin-capability=write+snmp+ident+firmware+admin
Any combination of capabilities are returned with this attribute, for example:
Cisco:Avpair = aironet:admin-capability=ident+admin
Cisco:Avpair = aironet:admin-capability=admin
The following is an example of a Livingston RADIUS server users file entry:
User password = aironet
Service-Type = Outbound
cisco-avpair = aironet:admin-capability-ident+admin
The following is an example of a TACACS+ server users file entry:
Service - Aironet
Protocol - Shell
cisco-avpair = aironet:admin-capability=ident+admin
See the Creating a List of Authorized Management System Users section on page 8-33 or click
Help on the Authenticator Configuration page for an explanation of the attributes returned by the server.