13-13
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter13 Configuring RADIUS and TACACS+ Servers
Configuring and Enabling RADIUS
Note When WDS is configured, PoD requests should be directed to the WDS. The WDS forwards the
disassociation request to the parent access point and then purges the session from its own internal tables.
Beginning in privileged EXEC mode, follow these steps to configure a PoD:
Selecting the CSID Format
You can select the format for MAC addresses in Called-Station-ID (CSID) and Calling-Station-ID
attributes in RADIUS packets.
The Calling-Station-ID [31] RADIUS attribute is the MAC address of the wireless client, and may need
to be communicated to the RADIUS server, for example, for accounting or for the PoD.
Use the dot11 aaa csid global configuration command to select the CSID format. Table13-1 lists the
format options with corresponding MAC address examples.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 aaa pod server [port port number]
[auth-type {any | all | session-key}]
[clients client 1...] [ignore {server-key
string...| session-key }] | server-key
string...]}
Enables user sessions to be disconnected by requests from a RADIUS
server when specific session attributes are presented.
port port number—(Optional) The UDP port on which the access point
listens for PoD requests. The default value is 1700.
auth-type—This parameter is not supported for 802.11 sessions.
clients (Optional)—Up to four RADIUS servers may be nominated as
clients. If this configuration is present and a PoD request originates from
a device that is not on the list, it is rejected.
ignore (Optional)—When set to server_key, the shared secret is not
validated when a PoD request is received.
session-key—Not supported for 802.11 sessions.
server-key—Configures the shared-secret text string.
string—The shared-secret text string that is shared between the network
access server and the client workstation. This shared-secret must be the
same on both systems.
Note Any data entered after this parameter is treated as the shared secret
string.
Step3 end Return to privileged EXEC mode.
Step4 show running-config Verify your entries.
Step5 copy running-config startup-config (Optional) Save your entries in the configuration file.
Table13-1 CSID Format Options
Option MAC Address Example
default 0007.85b3.5f4a