13-18
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter13 Configuring RADIUS and TACACS+ Servers
Configuring and Enabling RADIUS
To delete the vendor-proprietary RADIUS host, use the no radius-server host {hostname | ip-address}
non-standard global configuration command. To disable the key, use the no radius-server key global
configuration command.
This example shows how to specify a vendor-proprietary RADIUS host and to use a secret key of rad124
between the access point and the server:
AP(config)# radius server Myserver
AP(config-radius-server)# address ipv4 172.20.30.15
AP(config-radius-server)# key 0 rad1234
AP(config-radius-server)# non-standard
Configuring WISPr RADIUS Attributes
The Wi-Fi Alliance’s WISPr Best Current Practices for Wireless Internet Service Provider Roaming, and
its updated Annex D published in 2010 by the Wireless Broadband Alliance under the name WISPv2 lists
RADIUS attributes that access points must send with RADIUS accounting and authentication requests.
The access point currently supports only the WISPr location-name and the ISO and International
Telecommunications Union (ITU) country and area codes attributes. Use the snmp-server location and
the dot11 location isocc commands to configure these attributes on the access point.
The WISPr and WISPv2 Best Current Practices for Wireless Internet Service Provider Roaming (WISPr)
document also requires the access point to include a class attribute in RADIUS authentication replies
and accounting requests. The access point includes the class attribute automatically and does not have
to be configured to do so.
You can find a list of ISO and ITU country and area codes at the ISO and ITU websites. Cisco IOS
software does not check the validity of the country and area codes that you configure on the access point.
Step3 radius-server key string Specify the shared secret text string used between the
access point and the vendor-proprietary RADIUS
server. The access point and the RADIUS server use
this text string to encrypt passwords and exchange
responses.
Note The key is a text string that must match the
encryption key used on the RADIUS server.
Leading spaces are ignored, but spaces within
and at the end of the key are used. If you use
spaces in your key, do not enclose the key in
quotation marks unless the quotation marks
are part of the key.
Step4 end Return to privileged EXEC mode.
Step5 show running-config Verify your settings.
Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose