C H A P T E R 8

Configuring RADIUS Clients

This chapter describes the following

Overview

Adding RADIUS Clients

Editing RADIUS Clients

Deleting RADIUS Clients

Overview

Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization and accounting) protocol. Cisco NAC Guest Server uses the RADIUS protocol to authenticate and audit guests who login through RADIUS-capable network enforcement devices, such as Cisco Wireless LAN Controllers.

Although the Cisco NAC Appliance uses its own API and a different method for creating accounts and authenticating users, as described in Chapter 7, “Integrating with Cisco NAC Appliance,”it still uses RADIUS Accounting to record user activity and therefore still needs to be configured as a RADIUS client.

When a guest authenticates against a RADIUS client, such as the Wireless LAN Controller, the RADIUS client uses RADIUS authentication to ask the Cisco NAC Guest Server whether the user authentication is valid. If the guest authentication is valid, the Cisco NAC Guest Server returns a message stating that the user is valid and the amount of time remaining before the user session expires. The RADIUS client must honor the session-timeout attribute to remove the guest when the guest account time expires.

Note The Cisco Wireless LAN Controller needs to be specifically configured to Allow AAA Override. This

enables it to honor the session-timeout attribute returned to it by the Cisco NAC Guest Server.

In addition to authentication, the RADIUS client device reports details to the Cisco NAC Guest Server, such as the time the session started, time session ended, user IP address, and so on. This information is transported over the RADIUS Accounting protocol.

Tip If there is a Firewall between the Cisco NAC Guest Server and the RADIUS client, you will need to allow traffic from UDP Port 1812 (RADIUS authentication) and UDP Port 1813 (RADIUS accounting) to pass.

Cisco NAC Guest Server Installation and Configuration Guide

 

OL-15986-01

8-1

 

 

 

Page 79
Image 79
Cisco Systems OL-15986-01 manual Configuring Radius Clients, Overview

OL-15986-01 specifications

Cisco Systems OL-15986-01 refers to a specific online training course offered by Cisco, primarily focusing on the implementation and configuration of Cisco routers and switches. This course is part of the larger Cisco Networking Academy program, designed to equip individuals with the necessary skills to enter and succeed in the networking field.

One of the main features of OL-15986-01 is its comprehensive curriculum that covers a wide range of networking concepts including IP addressing, routing protocols, switching technologies, and network management. The coursework emphasizes practical, hands-on experience, allowing students to work with various Cisco technologies, whether through simulations or actual equipment. This aligns with Cisco's commitment to experiential learning, enabling students to apply theoretical knowledge in real-world scenarios.

The course also incorporates advanced technologies and methodologies. For example, it delves into IPv6 addressing and its significance in modern networking, alongside traditional IPv4. Routing protocols such as OSPF, EIGRP, and BGP are discussed in detail, providing learners with insights into how data is routed efficiently across different networks. Additionally, the course covers switching technologies, including VLANs, STP, and EtherChannel, which are essential for configuring robust and efficient local area networks (LANs).

Another noteworthy characteristic of OL-15986-01 is its focus on network security. Students learn about the vulnerabilities that networks face and how to implement security measures to protect network infrastructure. Topics include secure access methods, firewall configurations, and the use of VPNs for secure remote access.

Furthermore, the course emphasizes troubleshooting techniques, empowering students with the skills to identify and resolve network issues effectively. Practical lab sessions and assessments allow learners to demonstrate their comprehension of networking principles and their ability to apply them in various situations.

Ultimately, Cisco Systems OL-15986-01 is designed for individuals seeking to boost their networking knowledge and skillset, paving the way for careers in IT infrastructure management, network engineering, and other technology-related fields. By completing this course, participants gain a solid foundation in networking that can lead to valuable Cisco certifications, enhancing their professional credibility in a competitive job market.