User guide

ManualsBrandsCisco ManualsComputer equipmentCisco Wireless LAN Controller 4100

151

152

153

154

155

156

157

158

159

160

6-10

Cisco WLAN Controller Web Interface User Guide

OL-7416-04

Chapter 6 Security Menu Bar Selection

RADIUS Accounting Servers

–

IKE (Internet Key Exchange protocol) is used as a method of distributing the session keys

(encryption and authentication), as well as providing a way for the VPN endpoints to agree on

how the data should be protected. IKE keeps track of connections by assigning a bundle of

Security Associations (SAs), to each connection.

–

IKE Phase 1:Set the Internet Key Exchange protocol (IKE). Options are:

• Aggressive

• Main

IKE Phase-1 is used to negotiate how IKE should be protected. Aggressive mode will pass more

information in fewer packets, with the benefit of slightly faster connection establishment, at the

cost of transmitting the identities of the security gateways in the clear.

–

Lifetime (seconds): Set the timeout interval for the session expiry. Default is 28800 seconds.

–

IKE Diffie Hellman Group: Set the IKE Diffie Hellman Group. Options are:

• Group 1 (768 bits)

• Group 2 (1024 bits)

• Group 5 (1536 bits)

Diffie-Hellman techniques are used by two devices to generate a symmetric key where they can

publicly exchange values and generate the same symmetric key.

Although all the three groups provide security from conventional attacks, Group 5 is considered

more secure because of its larger key size. However, computations involving Group 1 and Group

2 based keys might occur slightly faster because of their smaller prime number size.

Command Buttons

• Back: Return to the previous window.

• Apply: Data is sent to the controller and made to take effect, but not preserved across a power cycle;

these parameters are stored temporarily in volatile RAM.

• Help: Request that the help page be displayed in a new browser window.

RADIUS Accounting Servers > Edit

Use SECURITY > AAA > RADIUS Accounting then click Edit to navigate to this page.

This page allows you to change the following parameters on an existing Remote Accounting Dial-In

User Server:

• Server Index (Priority) - Index of the RADIUS server.

• Shared Secret Format - ASCII of Hex.

• Server Shared Secret/Confirm Shared Secret - RADIUS server login Password.

• Server Status - Set the RADIUS Accounting server to enabled or disabled.

• Port Number - Communication port number for the interface protocols.

• Retransmit Timeout - Specify the time in seconds after which the RADIUS authentication request

will timeout and a retransmission will be taken up by the controller. You can specify a value between

2 to 30 seconds.

• Network User - Enable or disable network user authentication. If this option is enabled, this entry is

considered as the RADIUS authenticating server for the network user.