Specifications

ManualsBrandsCisco ManualsComputer equipmentAironet 700 Series

141

142

143

144

145

146

147

148

149

150

8-4

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-5260-01

Chapter 8 Configuring an Access Point as a Local Authenticator

Configuring a Local Authenticator

Step 4

nas ip-address key shared-key Add an access point to the list of units that use the local

authenticator. Enter the access point’s IP address and the shared

key used to authenticate communication between the local

authenticator and other access points. You must enter this shared

key on the access points that use the local authenticator. If your

local authenticator also serves client devices, you must enter the

local authenticator access point as a NAS.

Note Leading spaces in the key string are ignored, but spaces

within and at the end of the key are used. If you use spaces

in your key, do not enclose the key in quotation marks

unless the quotation marks are part of the key.

Repeat this step to add each access point that uses the local

authenticator.

Step 5

group group-name (Optional) Enter user group configuration mode and configure a

user group to which you can assign shared settings.

Step 6

vlan vlan (Optional) Specify a VLAN to be used by members of the user

group. The access point moves group members into that VLAN,

overriding other VLAN assignments. You can assign only one

VLAN to the group.

Step 7

ssid ssid (Optional) Enter up to 20 SSIDs to limit members of the user

group to those SSIDs. The access point checks that the SSID that

the client used to associate matches one of the SSIDs in the list.

If the SSID does not match, the client is disassociated.

Step 8

reauthentication time seconds (Optional) Enter the number of seconds after which access points

should reauthenticate members of the group. The

reauthentication provides users with a new encryption key. The

default setting is 0, which means that group members are never

required to reauthenticate.

Step 9

lockout count count

time { seconds | infinite }

(Optional) To help protect against password guessing attacks, you

can lock out group members for a length of time after a set

number of incorrect passwords.

• count—The number of failed passwords that triggers a

lockout of the user name.

• time—The number of seconds the lockout should last. If you

enter infinite, an administrator must manually unblock the

locked user name. See the “Unblocking Locked Usernames”

section on page 8-7 for instructions on unblocking client

devices.

Step 10

exit Exit group configuration mode and return to authenticator

configuration mode.

Command Purpose