9-9
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter9 Configuring an Access Point as a Local Authenticator
Configuring a Local Authenticator
If your local authenticator does not receive its time setting from an NTP server and it reboots frequently,
PACs generated by the local authenticator might not expire when they should. The access point clock is
reset when the access point reboots, so the elapsed time on the clock would not reach the PAC expiration
time.
Limiting the Local Authenticator to One Authentication Type
By default, a local authenticator access point performs LEAP, EAP-FAST, and MAC-based
authentication for client devices. However, you can limit the local authenticator to perform only one or
two authentication types. Use the no form of the authentication command to restrict the authenticator to
an authentication type:
AP(config-radsrv)# [no] authentication [eapfast] [leap] [mac]
Because all authentication types are enabled by default, you enter the no form of the command to disable
authentication types. For example, if you want the authenticator to perform only LEAP authentication,
you enter these commands:
AP(config-radsrv)# no authentication eapfast
AP(config-radsrv)# no authentication mac
Unblocking Locked Usernames
You can unblock usernames before the lockout time expires, or when the lockout time is set to infinite.
In Privileged Exec mode on the local authenticator, enter this command to unblock a locked username:
AP# clear radius local-server user username
Viewing Local Authenticator Statistics
In privileged exec mode, enter this command to view statistics collected by the local authenticator:
AP# show radius local-server statistics
This example shows local authenticator statistics:
Successes : 0 Unknown usernames : 0
Client blocks : 0 Invalid passwords : 0
Unknown NAS : 0 Invalid packet from NAS: 0
NAS : 10.91.6.158
Successes : 0 Unknown usernames : 0
Client blocks : 0 Invalid passwords : 0
Corrupted packet : 0 Unknown RADIUS message : 0
No username attribute : 0 Missing auth attribute : 0
Shared key mismatch : 0 Invalid state attribute: 0
Unknown EAP message : 0 Unknown EAP auth type : 0
Auto provision success : 0 Auto provision failure : 0
PAC refresh : 0 Invalid PAC received : 0
Username Successes Failures Blocks
nicky 0 0 0
jones 0 0 0
jsmith 0 0 0