Cisco NAC Guest Server Installation and Configuration Guide, Release 1.0.0
Configuring RADIUS Clients
Downloads: This chapterpdf (PDF - 150.0KB) The complete bookPDF (PDF - 2.8MB) | Feedback

Configuring RADIUS Clients

Table Of Contents

Configuring RADIUS Clients

Overview

Adding RADIUS Clients

Editing RADIUS Clients

Deleting RADIUS Clients


Configuring RADIUS Clients


This chapter describes the following

Overview

Adding RADIUS Clients

Editing RADIUS Clients

Deleting RADIUS Clients

Overview

Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization and accounting) protocol. Cisco NAC Guest Server uses the RADIUS protocol to authenticate and audit guests who login through RADIUS-capable network enforcement devices, such as Cisco Wireless LAN Controllers.

Although the Cisco NAC Appliance uses its own API and a different method for creating accounts and authenticating users, as described in Chapter 7, "Integrating with Cisco NAC Appliance,"it still uses RADIUS Accounting to record user activity and therefore still needs to be configured as a RADIUS client.

When a guest authenticates against a RADIUS client, such as the Wireless LAN Controller, the RADIUS client uses RADIUS Authentication to ask the Cisco NAC Guest Server whether the user authentication is valid. If the guest authentication is valid, the Cisco NAC Guest Server returns a message stating that the user is valid and the amount of time remaining before the user session expires. The RADIUS client must honor the session-timeout attribute to remove the guest when the guest account time expires.


Note The Cisco Wireless LAN Controller needs to be specifically configured to Allow AAA Override. This enables it to honor the session-timeout attribute returned to it by the Cisco NAC Guest Server.


In addition to authentication, the RADIUS client device reports details to the Cisco NAC Guest Server, such as the time the session started, time session ended, user IP address, and so on. This information is transported over the RADIUS Accounting protocol.


Tip If there is a Firewall between the Cisco NAC Guest Server and the RADIUS client, you will need to allow traffic from UDP Port 1812 (RADIUS Authentication) and UDP Port 1813 (RADIUS Accounting) to pass.



Note Any time you make a change to a RADIUS component on the Cisco NAC Guest Server, you will need to Restart the Radius service for the changes to become active.


Adding RADIUS Clients


Step 1 From the administration interface select Devices > Radius Clients from the left hand menu.

Figure 8-1 Radius Clients

Step 2 In the Radius Clients page (Figure 8-1), click the Add Radius button to add a RADIUS client.

Figure 8-2 Add Radius Client

Step 3 In the Add Radius Client page (Figure 8-2), type a descriptive Name for the RADIUS client.

Step 4 Type the IP Address of the RADIUS client. This needs to match the IP address from which the RADIUS request originates.

Step 5 Type a shared Secret for the RADIUS client. This must match the shared secret specified in the configuration of the RADIUS client.

Step 6 Retype the shared secret in the Confirm Secret field.

Step 7 Type a Description of the client and any other information needed.

Step 8 Click the Add Radius Client button.

Step 9 From the administration interface select Devices > Radius Clients (Figure 8-1)from the left hand menu.

Step 10 Click the Restart button to restart the RADIUS service to make the changes take effect.


Editing RADIUS Clients


Step 1 From the administration interface select Devices > Radius Clients from the left hand menu.

Figure 8-3 Radius Clients List

Step 2 In the Radius Clients page (Figure 8-3), select the Radius Client from the list and click the Edit Radius button

Figure 8-4 Edit Radius Client

Step 3 In the Edit Radius Client page (Figure 8-4), edit the IP Address of the Radius Client.

Step 4 Edit the shared secret used between the client and the Cisco NAC Guest Server in the Secret and Confirm Secret fields.

Step 5 Make any desired changes to the Description.

Step 6 Click Save Settings.

Step 7 From the administration interface select Devices > Radius Clients (Figure 8-1)from the left hand menu.

Step 8 Click the Restart button to restart the RADIUS service to make the changes take effect.


Deleting RADIUS Clients


Step 1 From the administration interface select Devices > Radius Clients from the left hand menu.

Figure 8-5 List Radius Clients

Step 2 In the Radius Clients page (Figure 8-5), select the Radius Client from the list

Step 3 Click the Delete Radius button and confirm the action.

Step 4 From the administration interface select Devices > Radius Clients (Figure 8-1)from the left hand menu.

Step 5 Click the Restart button to restart the RADIUS service to make the changes take effect.



Note Any time you make a change to a RADIUS component, you will need to Restart the Radius service for the changes to become active.