Specifications

ManualsBrandsCisco ManualsComputer equipmentAironet 700 Series

141

142

143

144

145

146

147

148

149

150

8-7

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-5260-01

Chapter 8 Configuring an Access Point as a Local Authenticator

Configuring a Local Authenticator

Unblocking Locked Usernames

You can unblock usernames before the lockout time expires, or when the lockout time is set to infinite.

In Privileged Exec mode on the local authenticator, enter this command to unblock a locked username:

AP# clear radius local-server user username

Viewing Local Authenticator Statistics

In privileged exec mode, enter this command to view statistics collected by the local authenticator:

AP# show radius local-server statistics

This example shows local authenticator statistics:

Successes : 0 Unknown usernames : 0

Client blocks : 0 Invalid passwords : 0

Unknown NAS : 0 Invalid packet from NAS: 0

NAS : 10.91.6.158

Successes : 0 Unknown usernames : 0

Client blocks : 0 Invalid passwords : 0

Corrupted packet : 0 Unknown RADIUS message : 0

No username attribute : 0 Missing auth attribute : 0

Shared key mismatch : 0 Invalid state attribute: 0

Unknown EAP message : 0 Unknown EAP auth type : 0

Username Successes Failures Blocks

nicky 0 0 0

jones 0 0 0

jsmith 0 0 0

The first section of statistics lists cumulative stats from the local authenticator. The second section lists

stats for each access point (NAS) authorized to use the local authenticator. The third section lists stats

for individual users. If a user is blocked and the lockout time is set to infinite, blocked appears at the end

of the stat line for that user. If the lockout time is not infinite, Unblocked in x seconds appears at the end

of the stat line for that user.

Use this privileged exec mode command to reset local authenticator statistics to zero:

AP# clear radius local-server statistics

Using Debug Messages

In privileged exec mode, enter this command to control the display of debug messages for the local

authenticator:

AP# debug radius local-server { packets | error | client }

Use the command options to display this debug information:

• Use the packets option to turn on display of the content of RADIUS packets sent and received.

• Use the error option to display error messages related to the local authenticator.

• Use the client option to display error messages related to failed client authentications.