Cisco Systems 0L-11350-01 Starting RADIUS Accounting m

13-13

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-11350-01

Chapter13 Configuring RADIUS and TACACS+ Servers

Configuring and Enabling RADIUS

Note When WDS is configured, PoD requests should be directed to the WDS. The WDS forwards the

disassociation request to the parent access point and then purges the session from its own internal tables.

Note PoD is supported on the Cisco CNS Access Registrar (CAR) RADIUS server, but not on the Cisco

Secure ACS Server, v4.0 and earlier.

Beginning in privileged EXEC mode, follow these steps to configure a PoD:

Starting RADIUS Accounting m

The AAA accounting feature tracks the services that users are accessing and the amount of network

resources that they are consuming. When AAA accounting is enabled, the access point reports user

activity to the RADIUS security server in the form of accounting records. Each accounting record

contains accounting attribute-value (AV) pairs and is stored on the security server. This data can then

be analyzed for network management, client billing, or auditing. See the “RADIUS Attributes Sent by

the Access Point” section on page 13-20 for a complete list of attributes sent and honored by the access

point.

Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco

IOS privilege level and for network services:

Command Purpose

Step1 configure terminal Enter global configuration mode.

Step2 aaa pod server [port port number]

[auth-type {any | all | session-key}]

[clients client 1...] [ignore {server-key

string...| session-key }] | server-key

string...]}

Enables user sessions to be disconnected by requests from a RADIUS

server when specific session attributes are presented.

port port number—(Optional) The UDP port on which the access point

listens for PoD requests. The default value is 1700.

auth-type—This parameter is not supported for 802.11 sessions.

clients (Optional)—Up to four RADIUS servers may be nominated as

clients. If this configuration is present and a PoD request originates from

a device that is not on the list, it is rejected.

ignore (Optional)—When set to server_key, the shared secret is not

validated when a PoD request is received.

session-key—Not supported for 802.11 sessions.

server-key—Configures the shared-secret text string.

string—The shared-secret text string that is shared between the network

access server and the client workstation. This shared-secret must be the

same on both systems.

Note Any data entered after this parameter is treated as the shared

secret string.

Step3 end Return to privileged EXEC mode.

Step4 show running-config Verify your entries.

Step5 copy running-config startup-config (Optional) Save your entries in the configuration file.