User guide

ManualsBrandsCisco ManualsComputer equipmentCisco Wireless LAN Controller 4100

141

142

143

144

145

146

147

148

149

150

6-6

Cisco WLAN Controller Web Interface User Guide

OL-7416-04

Chapter 6 Security Menu Bar Selection

RADIUS Authentication Servers

RADIUS Authentication Servers > Edit

Use SECURITY > AAA > RADIUS Authentication then click Edit to navigate to this page.

This page allows you to change the following parameters on an existing Remote Authentication Dial-In

User Server:

• Server Index (Priority) - Index of the RADIUS server.

• Shared Secret Format - Set the format of the shared secret to either ASCII or Hexadecimal.

• Server Shared Secret/Confirm Shared Secret - RADIUS server login Shared Secret.

• Port Number - Communication port number for the interface protocols.

• Server Status - Set the RADIUS Authentication server to enabled or disabled.

• Support for RFC 3576 - Select this check box to enable or disable support for RFC 3576.RFC 3576

is an extension to the Remote Authentication Dial In User Service (RADIUS) protocol, allows

dynamic changes to a user session. This includes support for disconnecting users and changing

authorizations applicable to a user session, that is - provide support for Disconnect and

Change-of-Authorization (CoA) messages. Disconnect messages cause a user session to be

terminated immediately, whereas CoA messages modify session authorization attributes such as

data filters.

• Retransmit Timeout - Specify the time in seconds after which the RADIUS authentication request

will timeout and a retransmission will be taken up by the controller. You can specify a value between

2 to 30 seconds.

• Network User - Enable or disable network user authentication. If this option is enabled, this entry is

considered as the RADIUS authenticating server for the network user.

• Management - Enable or disable management authentication. If this option is enabled, this entry is

considered as the RADIUS authenticating server for management user.

• IP sec - Check this check box to enable or disable the IP Security mechanism. If you enable this

option, the IP Security Parameters fields will be displayed.

Note IPSec option is displayed only if a crypto card is installed on the controller.

–

IP sec Authentication: Set the IP security authentication protocol to be used. Options are:

• HMAC-SHA1

• HMAC-MD5

• None

Message Authentication Codes (MAC) are used between two parties that share a secret key to

validate information transmitted between them. HMAC (Hash MAC) is a mechanism based on

cryptographic hash functions. HMAC can be used in combination with any iterated cryptographic

hash function. HMAC-MD5 and HMAC-SHA-1 are two constructs of the HMAC using the MD5

hash function and the SHA-1hash function. HMAC also uses a secret key for calculation and

verification of the message authentication values.

–

IP sec Encryption: Set the IP security encryption mechanism to be used. Options are:

• DES - Data Encryption Standard is a method of data encryption using a private (secret) key.

DES applies a 56-bit key to each 64-bit block of data.

• Triple DES - Data Encryption Standard that applies three keys in succession.