User Manual User guide

ManualsBrandsRockwell Automation ManualsEquipment1783-WAPxxx Stratix 5100 Wireless Access Point

411

412

413

414

415

416

417

418

419

420

420 Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 14 Configuring RADIUS and TACACS+ Servers

When a session is terminated, the RADIUS server sends a disconnect message to

the Network Access Server (NAS); an access point or WDS. For 802.11 sessions,

the Calling-Station-ID [31] RADIUS attribute (the MAC address of the client)

must be supplied in the Pod request. The access point or WDS attempts to

disassociate the relevant session and then sends a disconnect response message

back to the RADIUS server. The message types are as follows:

• 40—Disconnect-Request

• 41—Disconnect—ACK

• 42—Disconnect—NAK

Beginning in privileged EXEC mode, follow these steps to configure a PoD:

1. Enter global configuration mode.

configure terminal

2. Enables user sessions to be disconnected by requests from a RADIUS

server when specific session attributes are presented.

port port number—(Optional) The UDP port where the access

point listens for PoD requests. The default value is 1700.

• auth-type

This parameter is not supported for 802.11 sessions.

• clients

(Optional)—Up to four RADIUS servers can be nominated as clients.

If this configuration is present and a PoD request originates from a

device that is not on the list, it is rejected.

• ignore

(Optional)—When set to server_key, the shared secret is not

validated when a PoD request is received.

• session-key

Not supported for 802.11 sessions.

• server-key

Configures the shared-secret text string.

TIP

• Refer to your RADIUS server application documentation for instructions on

how to configure PoD requests.

• The access point does not block subsequent attempts by the client to

reassociate. It is the responsibility of the security administrator to disable

the client account before issuing a PoD request.

• When WDS is configured, direct PoD requests to the WDS. The WDS

forwards the disassociation request to the parent access point and then

purges the session from its own internal tables.

• PoD is supported on the Cisco CNS Access Registrar (CAR) RADIUS server,

but not on the Cisco Secure ACS Server, v4.0 and earlier.