Cisco Support Community
Remote Authentication Dial-In User Service (RADIUS) is a distributed client or server system that secures networks against unauthorized users.
How does RADIUS work?
The RADIUS server can support a variety of methods to authenticate a user. When it is provided with the username and original password given by the user, it can support Point-to-Point Protocol (PPP), Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP), UNIX login, and other authentication mechanisms.
The accounting features of the RADIUS protocol can be used independently of RADIUS authentication or authorization. The RADIUS accounting functions allow data to be sent at the start and end of sessions, indicating the amount of resources (such as time, packets, bytes, and so on) used during the session. An Internet Service Provider (ISP) might use RADIUS access control and accounting software to meet special security and billing needs.
The objective of this document is to show you how to configure the RADIUS server settings on the WAP125.
Gather the Support Information
Step 1. Log in to the web-based utility and choose System Configuration > Security.
Step 2. In the Server IP Address Type area, choose a radio button for the IP version that the RADIUS server uses. The options are:
- IPv4 — Internet Protocol version 4 (IPv4) is the commonly used form of IP addressing used to identify hosts on a network and uses a 32-bit format.
- IPv6 — Internet Protocol version 6 (IPv6) is the next-generation IP address standard intended to replace the IPv4 format. IPv6 solves the address scarcity problem with the use of 128-bit addressing instead of 32-bit addressing which was used in IPv4.
Note: In this example, IPv4 is chosen.
Step 3. n the Server IP Address-1 field, or Server IPv6 Address-1 field, enter either an IPv4 or IPv6 address for the global RADIUS server depending on the address type you chose in Step 2.
Note: In this example, 192.168.2.123 is the IP address of the RADIUS server. You can attribute up to two IP addresses per IP address version.
Step 4. (Optional) Enter the backup or failover IP address in the Server IP Address-2 field.
Note: In this example, 192.168.2.124 is used.
Step 5. In the Key-1 field, enter the shared secret key corresponding to the primary RADIUS server that the WAP uses to authenticate to the RADIUS server. The range is from 1 to 64 standard alphanumeric and special characters.
Note: The keys are case-sensitive and must match the key configured on the RADIUS server.
Step 6. (Optional) In the Key-2 field, enter the shared secret key corresponding to the primary RADIUS server that the WAP uses to authenticate to the RADIUS server. The range is from 1 to 64 standard alphanumeric and special characters.
Step 7. In the Enable RADIUS Accounting area, check the Enable check box to enable tracking and measuring of the resources a user has consumed (system time, the amount of data transmitted). This enables RADIUS accounting for the primary and backup servers.
Step 8. Click .
You should now have successfully configured the RADIUS server on the WAP125.