User Manual User guide

ManualsBrandsRockwell Automation ManualsEquipment1783-WAPxxx Stratix 5100 Wireless Access Point

211

212

213

214

215

216

217

218

219

220

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014 211

Administering the WAP Access Chapter 6

Defining AAA Server Groups

You can configure the wireless device to use AAA server groups to group existing

server hosts for authentication. You choose a subset of the configured server hosts

and use them for a particular service. The server group is used with a global

server-host list, that lists the IP addresses of the selected server hosts.

Server groups also can include multiple host entries for the same server if each

entry has a unique identifier (the combination of the IP address and UDP port

number), letting different ports to be individually defined as RADIUS hosts

providing a specific AAA service. If you configure two different host entries on

the same RADIUS server for the same service (such as accounting), the second

configured host entry acts as a fail-over backup to the first one.

You use the

server group server configuration command to associate a

particular server with a defined group server. You can either identify the server by

its IP address or identify multiple host instances or entries by using the optional

auth-port and acct-port keywords.

Beginning in privileged EXEC mode, follow these steps to define the AAA server

group and associate a particular RADIUS server with it:

1. Enter global configuration mode.

configure terminal

2. Enable AAA.

aaa new-model

3. Specify the IP address or host name of the remote RADIUS server host.

radius-server host {hostname | ip-address} [auth-

port port-number] [acct-port port-number] [timeout

seconds] [retransmit retries] [key string]

• (Optional) For auth-port port-number, specify the UDP

destination port for authentication requests.

• (Optional) For

acct-port port-number, specify the UDP

destination port for accounting requests.

• (Optional) For

timeout seconds, specify the time interval that the

wireless device waits for the RADIUS server to reply before

retransmitting. The range is 1…1000. This setting overrides the

radius-server timeout global configuration command setting.

If no timeout is set with the

radius-server host command, the

setting of the

radius-server timeout command is used.

• (Optional) For

retransmit retries, specify the number of times

a RADIUS request is resent to a server if that server is not responding

or responding slowly. The range is 1…1000. If no retransmit value is set

with the

radius-server host command, the setting of the

radius-server retransmit global configuration command is

used.