Chapter 8 Security Setup

Setting Up Backup Authentication Servers

Table 8-10 Attributes Sent in Accounting-Request (stop) Packets

Attribute ID

Description

 

 

1

User-Name

 

 

4

NAS-IP-Address

 

 

5

NAS-Port

 

 

41

Acct-Delay-Time

 

 

42

Acct-Input-Octets

 

 

43

Acct-Output-Octets

 

 

44

Acct-Session-Id

 

 

45

Acct-Authentic

 

 

46

Acct-Session-Time

 

 

47

Acct-Input-Packets

 

 

48

Acct-Output-Packets

 

 

49

Acct-Terminate-Cause

 

 

Setting Up Backup Authentication Servers

You can configure up to four servers for authentication services on the Authenticator Configuration page, so you can set up backup authenticators. If you set up more than one server for the same service, the server first in the list is the primary server for that service, and the other servers are used in list order when the previous server times out. If a backup server responds after the primary server fails, the access point continues to use the backup server for new transactions.

Follow these steps to set up a backup authentication server:

Step 1 Complete the steps in the “Setting Up EAP Authentication” section on page 8-15or the “Setting Up MAC-Based Authentication” section on page 8-21to set up your primary authentication server.

Step 2 On the Authenticator Configuration page, enter information about your backup server in one of the entry field groups under the completed entry fields for your primary server:

a.Enter the name or IP address of the backup server in the Server Name/IP entry field.

b.Enter the port number the server uses for authentication. The default setting, 1812, is the port setting for Cisco’s RADIUS server, the Cisco Secure Access Control Server (ACS), and for many other RADIUS servers. Check your server’s product documentation to find the correct port setting.

c.Enter the shared secret used by the server in the Shared Secret entry field. The shared secret on the bridge must match the shared secret on the server.

d.Enter the number of seconds the the access point should wait before authentication fails.

e.Enter the number of times the access point should attempt to contact the server before giving up.

f.Select the same authentication methods as those selected on the primary server.

Step 3 Click OK. You return automatically to the Setup page. Figure 8-13shows a primary authentication server and a backup server configured on the Authenticator Configuration page.

Cisco Aironet 1200 Series Access Point Software Configuration Guide

 

OL-2159-05

8-31

 

 

 

Page 193
Image 193
Cisco Systems DL-2159-05 manual Setting Up Backup Authentication Servers, Acct-Terminate-Cause