Cisco Support Community

Configuring Autonomous AP for Local RADIUS Authentication





Configuring Autonomous AP for Local RADIUS Authentication



Setting the AP as local RADIUS server


1. Go to Security>Local RADIUS Server>General Setup

2. Enable Authentication Protocols (EAP FAST,LEAP and MAC)

3. Click on Apply

4. Specify the IP address of the RADIUS (the AP's IP)

5. Specify a shared secret password

6. Click on Apply

7. Create usernames/password on the RADIUS

8. click on Apply.


Defining the Authentication Server

1. Go to Security > Server Manager

2. Enter the IP address of the authentication server in the Server field

3. Specify the Shared Secret and the ports (optional)

---> authentication port = 1812 if local Radius

4. Specify the shared secret password

5. Click Apply

6. Under Default Server Priorities, set the EAP Authentication type Priority 1 field to the Radius server IP address (AP IP)

7. Click Apply



Once the access point knows where to send client authentication requests, configure it to accept those methods:


Configuring AP


1. Go to Security>Encryption Manager

2. Specify Encryption (can be WEP or WPA)


3. Specify that WEP is Mandatory


4. Specify the key accordingly


5. Click Apply


6. Go to Security>SSID Manager


7. Select the desired SSID


8. Under Authentication Settings> Methods Accepted, select the following:
---> Open Authentication (with EAP)
---> Network-EAP( no addition )


8b. Under Client Authenticated Key Management

---> Key Management: Mandatory

---> Enable WPA: Checked (with WPA drop down)


9. Click Apply.


10. Specify the IP address of the Radius server under EAP Authentication


11. Click Apply.




Configuration Examples and TechNotes