User guide

ManualsBrandsCisco ManualsComputer equipmentCisco Wireless LAN Controller 4100

141

142

143

144

145

146

147

148

149

150

6-4

Cisco WLAN Controller Web Interface User Guide

OL-7416-04

Chapter 6 Security Menu Bar Selection

RADIUS Authentication Servers

RADIUS Authentication Servers > New

Use SECURITY > AAA > RADIUS Authentication then click New to navigate to this page.

This page allows you to add a new Remote Authentication Dial-In User Server. The following

information is required:

• Server Index (Priority) - Index of the RADIUS server. The controller tries Index 1 first, then Index

2 through 17, in an ascending order. Set the server index to 1 if your network is using only one

authentication server.

Note You can have a maximum of 17 RADIUS authenticating server entries for a single WLAN.

• Server IP Address - IP address of the RADIUS server.

• Shared Secret Format - Set the format of the shared secret to either ASCII or Hexadecimal.

• Shared Secret/Confirm Shared Secret - RADIUS server login Shared Secret.

• Port Number - Communication port number for the interface protocols.

Note DO NOT assign the Port Number to one used by another application. Use the default (1812) or any other

port unused by any other application.

• Server Status - Set the RADIUS Authentication server to Enabled or Disabled.

• Support for RFC 3576 - Select this check box to enable or disable support for RFC 3576.RFC 3576

is an extension to the Remote Authentication Dial In User Service (RADIUS) protocol, allows

dynamic changes to a user session. This includes support for disconnecting users and changing

authorizations applicable to a user session, that is - provide support for Disconnect and

Change-of-Authorization (CoA) messages. Disconnect messages cause a user session to be

terminated immediately, whereas CoA messages modify session authorization attributes such as

data filters.

• Retransmit Timeout - Specify the time in seconds after which the RADIUS authentication request

will timeout and a retransmission will be taken up by the controller. You can specify a value between

2 to 30 seconds.

• Network User - Enable or disable network user authentication. If this option is enabled, this entry is

considered as the RADIUS authenticating server for the network user.

• Management - Enable or disable management authentication. If this option is enabled, this entry is

considered as the RADIUS authenticating server for the management user.

• IP sec - Select this check box to enable or disable the IP Security mechanism. If you enable this

option, the IP Security Parameters fields will be displayed.

Note IPSec option is displayed only if a crypto card is installed on the controller.

–

IPsec Authentication: Set the IP security authentication protocol to be used. Options are:

• HMAC-SHA1

• HMAC-MD5

• None