×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Configure the Remote Authentication Dial-In User Service (RADIUS) Server on the WAP125

Document

Fri, 06/16/2017 - 00:00
Jun 14th, 2017
User Badges:

Cisco Support Community

Article ID: 5598

Objective

Remote Authentication Dial-In User Service (RADIUS) is a distributed client or server system that secures networks against unauthorized users.

How does RADIUS work?

The RADIUS server can support a variety of methods to authenticate a user. When it is provided with the username and original password given by the user, it can support Point-to-Point Protocol (PPP), Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP), UNIX login, and other authentication mechanisms.

The accounting features of the RADIUS protocol can be used independently of RADIUS authentication or authorization. The RADIUS accounting functions allow data to be sent at the start and end of sessions, indicating the amount of resources (such as time, packets, bytes, and so on) used during the session. An Internet Service Provider (ISP) might use RADIUS access control and accounting software to meet special security and billing needs.

The objective of this document is to show you how to configure the RADIUS server settings on the WAP125.

Applicable Devices

  • WAP125

Software Version

  • 1.0.0.3

Gather the Support Information

Step 1. Log in to the web-based utility and choose System Configuration > Security.

AB_Configure%20RADIUS%20on%20WAP125_06022017_Step%201.PNG

Step 2. In the Server IP Address Type area, choose a radio button for the IP version that the RADIUS server uses. The options are:

  • IPv4 — Internet Protocol version 4 (IPv4) is the commonly used form of IP addressing used to identify hosts on a network and uses a 32-bit format.
  • IPv6 — Internet Protocol version 6 (IPv6) is the next-generation IP address standard intended to replace the IPv4 format. IPv6 solves the address scarcity problem with the use of 128-bit addressing instead of 32-bit addressing which was used in IPv4.

Note: In this example, IPv4 is chosen.

AB_Configure%20RADIUS%20on%20WAP125_06022017_Step%202.PNG

Step 3. n the Server IP Address-1 field, or Server IPv6 Address-1 field, enter either an IPv4 or IPv6 address for the global RADIUS server depending on the address type you chose in Step 2.

Note: In this example, 192.168.2.123 is the IP address of the RADIUS server. You can attribute up to two IP addresses per IP address version.

AB_Configure%20RADIUS%20on%20WAP125_06022017_Step%203.PNG

Step 4. (Optional) Enter the backup or failover IP address in the Server IP Address-2 field.

Note: In this example, 192.168.2.124 is used.

AB_Configure%20RADIUS%20on%20WAP125_06022017_Step%204.PNG

Step 5. In the Key-1 field, enter the shared secret key corresponding to the primary RADIUS server that the WAP uses to authenticate to the RADIUS server. The range is from 1 to 64 standard alphanumeric and special characters.

Note: The keys are case-sensitive and must match the key configured on the RADIUS server.

AB_Configure%20RADIUS%20on%20WAP125_06022017_Step%205.PNG

Step 6. (Optional) In the Key-2 field, enter the shared secret key corresponding to the primary RADIUS server that the WAP uses to authenticate to the RADIUS server. The range is from 1 to 64 standard alphanumeric and special characters.

AB_Configure%20RADIUS%20on%20WAP125_06022017_Step%206.PNG

Step 7. In the Enable RADIUS Accounting area, check the Enable check box to enable tracking and measuring of the resources a user has consumed (system time, the amount of data transmitted). This enables RADIUS accounting for the primary and backup servers.

AB_Configure%20RADIUS%20on%20WAP125_06022017_Step%207.PNG

Step 8. Click AB_Configure%20RADIUS%20on%20WAP125_06022017_Step%208.PNG .

You should now have successfully configured the RADIUS server on the WAP125.

Loading.

Actions

This Document