5-11
Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide
OL-4059-01
Chapter 5 Administering the Bridge
Controlling Bridge Access with RADIUS
To remove the specified RADIUS server, use the
no radius-server host
hostname
|
ip-address
global
configuration command. To remove a server group from the configuration list, use the
no aaa group
server radius
group-name
global configuration command. To remove the IP address of a RADIUS
server, use the
no server
ip-address
server group configuration command.
In this example, the bridge is configured to recognize two different RADIUS group servers (
group1
and
group2
). Group1 has two different host entries on the same RADIUS server configured for the same
services. The second host entry acts as a fail-over backup to the first entry.
bridge(config)#
aaa new-model
bridge(config)#
radius-server host 172.20.0.1 auth-port 1000 acct-port 1001
bridge(config)#
radius-server host 172.10.0.1 auth-port 1645 acct-port 1646
bridge(config)#
aaa group server radius group1
bridge(config-sg-radius)#
server 172.20.0.1 auth-port 1000 acct-port 1001
bridge(config-sg-radius)#
exit
bridge(config)#
aaa group server radius group2
bridge(config-sg-radius)#
server 172.20.0.1 auth-port 2000 acct-port 2001
bridge(config-sg-radius)#
exit
Configuring RADIUS Authorization for User Privileged Access and Network
Services
AAA authorization limits the services available to a user. When AAA authorization is enabled, the
bridge uses information retrieved from the user’s profile, which is in the local user database or on the
security server, to configure the user’s session. The user is granted access to a requested service only if
the information in the user profile allows it.
You can use the
aaa authorization
global configuration command with the
radius
keyword to set
parameters that restrict a user’s network access to privileged EXEC mode.
The
aaa authorization exec radius local
command sets these authorization parameters:
•
Use RADIUS for privileged EXEC access authorization if authentication was performed by using
RADIUS.
•
Use the local database if authentication was not performed by using RADIUS.
Note
Authorization is bypassed for authenticated users who log in through the CLI even if authorization has
been configured.
Step 6
end
Return to privileged EXEC mode.
Step 7
show running-config
Verify your entries.
Step 8
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Step 9
Enable RADIUS login authentication. See the
“Configuring RADIUS
Login Authentication” section on page 5-8
.
Command
Purpose