Chapter 7 Configuring RADIUS Servers

Configuring and Enabling RADIUS

 

Command

Purpose

Step 3

 

 

aaa authentication login {default

Create a login authentication method list.

 

list-name}method1 [method2...]

To create a default list that is used when a named list is not specified

 

 

 

 

in the login authentication command, use the default keyword

 

 

followed by the methods that are to be used in default situations. The

 

 

default method list is automatically applied to all interfaces. For more

 

 

information on list names, click this link:

 

 

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/1

 

 

22cgcr/fsecur_c/fsaaa/scfathen.htm#xtocid2

 

 

For method1..., specify the actual method the authentication

 

 

algorithm tries. The additional methods of authentication are used

 

 

only if the previous method returns an error, not if it fails.

 

 

Select one of these methods:

 

 

line—Use the line password for authentication. You must define a

 

 

line password before you can use this authentication method. Use the

 

 

password password line configuration command.

 

 

local—Use the local username database for authentication. You must

 

 

enter username information in the database. Use the username

 

 

password global configuration command.

 

 

radius—Use RADIUS authentication. You must configure the

 

 

RADIUS server before you can use this authentication method. For

 

 

more information, see the “Identifying the RADIUS Server Host”

 

 

section on page 7-5.

 

 

 

Step 4 line [console tty vty] line-number

Enter line configuration mode, and configure the lines to which you want

 

[ending-line-number]

to apply the authentication list.

Step 5

 

 

login authentication {default

Apply the authentication list to a line or set of lines.

 

list-name}

If you specify default, use the default list created with the aaa

 

 

 

 

authentication login command.

 

 

For list-name, specify the list created with the aaa authentication

 

 

login command.

Step 6

 

 

radius-server attribute 32

Configure the access point to send its system name in the NAS_ID

 

include-in-access-req format %h

attribute for authentication.

Step 7

 

 

end

Return to privileged EXEC mode.

Step 8

 

 

show running-config

Verify your entries.

Step 9

 

 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

 

 

 

To disable AAA, use the no aaa new-modelglobal configuration command. To disable AAA authentication, use the no aaa authentication login {default list-name} method1 [method2...] global configuration command. To either disable RADIUS authentication for logins or to return to the default value, use the no login authentication {default list-name} line configuration command.

Cisco Wireless ISR and HWIC Access Point Configuration Guide

7-8

OL-6415-04

 

 

Page 114
Image 114
Cisco Systems OL-6415-04 Aaa authentication login default, Line console tty vty line-number, Login authentication default