User Manual User guide

ManualsBrandsRockwell Automation ManualsEquipment1783-WAPxxx Stratix 5100 Wireless Access Point

401

402

403

404

405

406

407

408

409

410

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014 407

Chapter 14

Configuring RADIUS and TACACS+ Servers

This chapter describes how to enable and configure the Remote Authentication

Dial-In User Service (RADIUS) and Terminal Access Controller Access Control

System Plus (TACACS+), that provides detailed accounting information and

flexible administrative control over authentication and authorization processes.

RADIUS and TACACS+ are facilitated through AAA and can be enabled only

through

AAA commands.

For complete syntax and usage information for the commands used in this

chapter, see the Cisco IOS Security Command Reference for Release 12.3

Configuring and Enabling

RADIUS

RADIUS is a distributed client/server system that secures networks against

unauthorized access. RADIUS clients run on supported Cisco devices and send

authentication requests to a central RADIUS server, that contains all user

authentication and network service access information. The RADIUS host is

normally a multiuser system running RADIUS server software from Cisco

Secure Access Control Server version 3.0), Livingston, Merit, Microsoft, or

another software provider. For more information, refer to the RADIUS server

documentation.

Use RADIUS in these network environments that require access security.

• Networks with multiple-vendor access servers, each supporting RADIUS.

For example, access servers from several vendors use a single RADIUS

server-based security database. In an IP-based network with multiple

vendors’ access servers, dial-in users are authenticated through a RADIUS

server that is customized to work with the Kerberos security system.

Topic Page

Configuring and Enabling RADIUS 407

Configuring the Access Point to Use Vendor-specific RADIUS Attributes 424

Configuring the Access Point for Vendor-proprietary RADIUS Server Communication 425

Configuring and Enabling TACACS+ 431

TIP

You can configure your access point as a local authenticator to provide a back-

up for your main server or to provide authentication service on a network

without a RADIUS server. Configuring Authentication Types

on page 351 for

detailed instructions on configuring your access point as a local authenticator.