EN WLC
Дерево страниц
Перейти к концу метаданных
Переход к началу метаданных

Local RADIUS server configuration

wlc# configure
wlc(config)# radius-server local

Configure NAS ap that contains access point subnets that will be served by the local RADIUS server during Enterprise authorization of Wi-Fi users:

wlc(config-radius)# nas ap
wlc(config-radius-nas)# key ascii-text password
wlc(config-radius-nas)# network 192.168.1.0/24
wlc(config-radius-nas)# exit

The virtual server settings contain port numbers for authentication and accounting, proxying settings to the external RADIUS server. The use of standard ports (1812 for authentication and 1813 for accounting) does not require configuration. To proxy RADIUS requests to an external server, proxy-mode must be enabled:

Типы upstream серверов

Server-type auth — used to proxy only authentication requests. Requests will be proxied to the port specified in the port parameter (by default 1812).

Server-type acct — used to proxy only accounting requests. Proxying will be done to the port specified in the port parameter (by default 1812). Change it if necessary (the default port for the account is 1813).

Server-type all — used for proxying authentication and account requests. Authentication requests will be proxied to the port specified in the port parameter (by default 1812), and accounting will be proxied to port = 'port'+1 (i.e. default is 1813).

Configure the external server (virtual-server), specify its address, type (server-type) and key, you can also specify the port. By default the server for authentication (server-type auth) and port 1812 are set, if there is no need to change these settings, then it is enough to configure the address and key for the server:

wlc(config-radius)# virtual-server default
wlc(config-radius-vserver)# enable
wlc(config-radius-vserver)# proxy-mode
wlc(config-radius-vserver)# upstream-server eltex
wlc(config-radius-upstream-server)# host 10.10.10.12
wlc(config-radius-upstream-server)# server-type all
wlc(config-radius-upstream-server)# key ascii-text password
wlc(config-radius-vserver)# exit

wlc(config-radius)# enable
wlc(config)# exit

Switch to the settings of the AP configuration management module:

wlc(config)# wlc

Configure the RADIUS server profile that will be used to authenticate wireless clients with the Enterprise SSID of Wi-Fi access points:

wlc(config-wlc)# radius-profile default-radius

Since we are configuring the proxying of authentication and accounting requests, we specify the address of the local RADIUS server controller in the AP subnet.
The RADIUS server key must match the key specified for the NAS ap we specified in radius-server local.

wlc(config-wlc-radius-profile)# auth-address 192.168.1.1
wlc(config-wlc-radius-profile)# auth-password ascii-text password

If you use proxying on SoftWLC, specify the RADIUS domain. This domain must match the domain in which the Enterprise user accounts are created on SoftWLC.


wlc(config-wlc-radius-profile)# domain root

Specify the IP address of the RADIUS server of the access point subnet used for accounting and the RADIUS server key:

wlc(config-wlc-radius-profile)# acct-address 192.168.1.1
wlc(config-wlc-radius-profile)# acct-password ascii-text password

Activate account sending to RADIUS server:

wlc(config-wlc-radius-profile)# acct-enable

Configure AP SSID. 

wlc(config-wlc)# ssid-profile default-ssid

Specify in ssid-profile the previously configured RADIUS server settings profile that will be used for Wi-Fi user authorization:

wlc(config-wlc-ssid-profile)# radius-profile default-radius

To configure an external RADIUS server, write the address and key of the local WLC-30 RADIUS server to the NAS table of the external RADIUS server.

Configuration example:

 Нажмите здесь для раскрытия...
 radius-server local
  nas ap
    key ascii-text encrypted 8CB5107EA7005AFF
    network 192.168.1.0/24
  exit
  virtual-server default
    proxy-mode
    upstream-server eltex
      host 10.10.10.12
      server-type all
      key ascii-text encrypted 8CB5107EA7005AFF
    exit
    enable
  exit
  enable
exit



wlc
 radius-profile default-radius
	auth-address 192.168.1.1
	auth-password ascii-text encrypted 8CB5107EA7005AFF
	acct-enable
	acct-address 192.168.1.1
	acct-password ascii-text encrypted 8CB5107EA7005AFF
exit
  • Нет меток