User guide

ManualsBrandsCisco ManualsComputer equipmentCisco Wireless LAN Controller 4100

151

152

153

154

155

156

157

158

159

160

6-9

Cisco WLAN Controller Web Interface User Guide

OL-7416-04

Chapter 6 Security Menu Bar Selection

RADIUS Accounting Servers

RADIUS Accounting Servers > New

Use SECURITY > AAA > RADIUS Accounting then click New to navigate to this page.

This page allows you to add a new Remote Accounting Dial-In User Server. The following information

is required:

• Server Index (Priority) - Index of the RADIUS server. The controller tries Index 1 first, then Index

2 through 17, in an ascending order. Set to 1 if your network is using only one Accounting server.

• Server IP Address - IP address of the RADIUS server.

• Shared Secret Format - ASCII of Hex.

• Shared Secret/Confirm Shared Secret - RADIUS server login Shared Secret.

• Port Number - Port number for the interface protocols.

Note DO NOT assign the Port Number to one used by another application. Use the default (1813) or any other

port unused by any other application.

• Server Status - Set the RADIUS Accounting server to enabled or disabled.

• Retransmit Timeout - Specify the time in seconds after which the RADIUS authentication request

will timeout and a retransmission will be taken up by the controller. You can specify a value between

2 to 30 seconds.

• Network User - Enable or disable network user authentication. If this option is enabled, this entry is

considered as the RADIUS authenticating server for the network user.

• IP sec - Select this check box to enable or disable the IP Security mechanism. If you enable this

option, the IP Security Parameters fields will be displayed.

–

IP sec Authentication: Set the IP security authentication protocol to be used. Options are:

• HMAC-SHA1

• MAC-MD5

• None

Message Authentication Codes (MAC) are used between two parties that share a secret key to

validate information transmitted between them. HMAC (Hash MAC) is a mechanism based on

cryptographic hash functions. HMAC can be used in combination with any iterated

cryptographic hash function. HMAC-MD5 and HMAC-SHA-1 are two constructs of the HMAC

using the MD5 hash function and the SHA-1hash function. HMAC also uses a secret key for

calculation and verification of the message authentication values.

–

IP sec Encryption: Set the IP security encryption mechanism to be used. Options are:

• DES - Data Encryption Standard is a method of data encryption using a private (secret) key.

DES applies a 56-bit key to each 64-bit block of data.

• Triple DES - Data Encryption Standard that applies three keys in succession.

• AES 128 CBC - Advanced Encryption Standard uses keys with a length of 128, 192, or 256 bits

to encrypt blocks with a length of 128, 192, or 256 bits. AES 128 CBC uses 128 bit data path

in Cipher Clock Chaining (CBC) mode.

–

IKE Authentication: Not an editable field.