Manualshelf

User Manual User guide

ManualsBrandsRockwell Automation ManualsEquipment1783-WAPxxx Stratix 5100 Wireless Access Point
411412413414415416417418419420
416 Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
Chapter 14 Configuring RADIUS and TACACS+ Servers
Defining AAA Server Groups
You can configure the access point to use AAA server groups to group existing
server hosts for authentication. You select a subset of the configured server hosts
and use them for a particular service. The server group is used with a global
server-host list. The list contains the IP addresses of the selected server hosts.
Server groups also can include multiple host entries for the same server if each
entry has a unique identifier (the combination of the IP address and UDP port
number), allowing different ports to be individually defined as RADIUS hosts
providing a specific AAA service. If you configure two different host entries on
the same RADIUS server for the same service (such as accounting), the second
configured host entry acts as a fail-over backup to the first one.
You use the server group server configuration command to associate a particular
server with a defined group server. You can either identify the server by its IP
address or identify multiple host instances or entries by using the optional
authport and acct-port keywords.
Beginning in privileged EXEC mode, follow these steps to define the AAA server
group and associate a particular RADIUS server with it:
1. Enter global configuration mode.
configure terminal
2. Enable AAA.
aaa new-model
3. Specify the IP address or host name of the remote RADIUS server host.
(Optional)
For auth-port port-number, specify the UDP
destination port for authentication requests.
(Optional) For
acct-port port-number, specify the UDP
destination port for accounting requests.
(Optional) For
timeout seconds, specify the time interval that the
access point waits for the RADIUS server to reply before
retransmitting.
The range is 1…1000. This setting overrides the
radius-server
timeout
global configuration command setting. If no timeout is set
with the
radius-server host command, the setting of the
radius-server timeout command is used.
(Optional) For
retransmit retries, specify the number of times a
RADIUS request is resent to a server if that server is not responding or
responding slowly.
The range is 1…1000. If no retransmit value is set with the
radius-
server hostp
command, the setting of the radius-server
retransmit
global configuration command is used.