Chapter 7 Configuring RADIUS Servers

Configuring and Enabling RADIUS

Selecting the CSID Format

You can select the format for MAC addresses in Called-Station-ID (CSID) and Calling-Station-ID attributes in RADIUS packets. Use the dot11 aaa csid global configuration command to select the CSID format. Table 7-1lists the format options with corresponding MAC address examples.

 

 

Table 7-1

CSID Format Options

 

 

 

 

 

 

 

 

Option

 

MAC Address Example

 

 

 

 

 

 

 

 

default

 

0007.85b3.5f4a

 

 

 

 

 

 

 

 

ietf

 

00-07-85-b3-5f-4a

 

 

 

 

 

 

 

 

unformatted

 

000785b35f4a

 

 

 

 

 

 

 

To return to the default CSID format, use the no form of the dot11 aaa csid command, or enter

 

 

dot11 aaa csid default.

 

 

 

 

 

Note

You can also use the aaa csid command to select the CSID format.

 

 

 

 

 

 

Configuring Settings for All RADIUS Servers

Beginning in privileged EXEC mode, follow these steps to configure global communication settings between the access point and all RADIUS servers:

 

 

Command

Purpose

 

Step 1

 

 

 

configure terminal

Enter global configuration mode.

 

Step 2

 

 

 

radius-server key string

Specify the shared secret text string used between the access point and all

 

 

 

RADIUS servers.

 

 

 

Note The key is a text string that must match the encryption key used on

 

 

 

the RADIUS server. Leading spaces are ignored, but spaces within

 

 

 

and at the end of the key are used. If you use spaces in your key, do

 

 

 

not enclose the key in quotation marks unless the quotation marks

 

 

 

are part of the key.

 

Step 3

 

 

 

radius-server retransmit retries

Specify the number of times the access point sends each RADIUS request

 

 

 

to the server before giving up. The default is 3; the range 1 to 1000.

 

Step 4

 

 

 

radius-server timeout seconds

Specify the number of seconds an access point waits for a reply to a

 

 

 

RADIUS request before resending the request. The default is 5 seconds; the

 

 

 

range is 1 to 1000.

 

Step 5

 

 

 

radius-server deadtime minutes

Use this command to cause the Cisco IOS software to mark as “dead” any

 

 

 

RADIUS servers that fail to respond to authentication requests, thus

 

 

 

avoiding the wait for the request to time out before trying the next

 

 

 

configured server. A RADIUS server marked as dead is skipped by

 

 

 

additional requests for the duration of minutes that you specify, up to a

 

 

 

maximum of 1440 (24 hours).

 

 

 

Note If you set up more than one RADIUS server, you must configure the

 

 

 

RADIUS server deadtime for optimal performance.

 

 

 

 

 

 

 

 

 

Cisco Wireless ISR and HWIC Access Point Configuration Guide

 

 

 

 

 

 

 

 

 

 

 

 

 

OL-6415-04

 

 

7-13

 

 

 

 

 

Page 119
Image 119
Cisco Systems OL-6415-04 manual Selecting the Csid Format, Configuring Settings for All Radius Servers