Configuring Devices for Management, 2.15 - Configuring AAA Servers [CiscoWorks Wireless LAN Solution Engine (WLSE)]

Table Of Contents

Configuring AAA Servers

Setting Up an ACS Server

Configuring AAA Servers

The WLSE can monitor the performance of AAA (Authentication, Authorization, and Accounting) services provided by CiscoSecure ACS. The services supported are LEAP, RADIUS, EAP-MD5, PEAP (EAP-GTC only), and EAP-FAST.

This chapter covers setting up an ACS server:

•To set up a CAR server, see the CAR documentation on Cisco.com.

•To set up an access point as an AAA server, see the access point documentation on Cisco.com.

•To set up the WLSE's internal AAA server, see the online help or the User Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.13. The internal AAA server is available only on the WLSE Express (WLSE 1030).

Setting Up an ACS Server

Note For PEAP, besides the procedure in this section, you must set up a certificate and private key on the ACS server and then enable PEAP. For more information, see the CiscoSecure ACS documentation.

To enable monitoring of an ACS server, you must:

•Configure CiscoSecure ACS server to recognize the WLSE as a client. Follow the procedure in this section on each server.

•Configure the WLSE to add information about AAA servers. For more information, see the online help or the User Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.13.

In addition, you can use an AAA server to authenticate to Wireless Domain Services (WDS) devices. To enable this authentication, make sure an AAA server is configured as described in this section.

Procedure

Step 1 Log into the CiscoSecure ACS Server that will provide authentication services to the wireless network.

Note You will need the IP address or name of the system on which CiscoSecure ACS Server is running when you configure the WLSE.

Step 2 Click User Setup on the left side of the initial page.

Step 3 Enter a username for the user the WLSE will use for synthetic transactions and click Add/Edit.

Step 4 Enter a password in the first set of Password and Confirm Password fields. Click Submit.

Note You will need this name and password when configuring the WLSE.

Step 5 Click Network Configuration on the left side of the page.

Step 6 Click Add Entry. In the Add AAA Client area, enter the WLSE information in the following text boxes:

•Client Hostname—enter the WLSE hostname (or IP address)

•Client IP—enter the WLSE IP address

•Key—enter a secret key

Note You will need this key when configuring the WLSE.

Step 7 Select RADIUS (Cisco Aironet) from the Authenticate Using list.

Step 8 If you are using this server for Wireless Domain Services (WDS) authentication, configure the server for simultaneous login sessions. See the ACS documentation for details.

Step 9 If you are setting the session timeout, do not set it to less than 600 seconds.

Caution A session timeout of less than 600 seconds can disrupt Radio Manager operations.

Step 10 Click Submit or Submit+Restart. A restart is required for the changes to take effect.

	Configuring Devices for Management, 2.15
	Configuring AAA Servers
Configuring Devices for Management, 2.15 Preface Introduction Configuring Access Points for Network Management Configuring Devices for Radio Management Configuring Routers and Switches Configuring AAA Servers Index	Download this chapter Configuring AAA Servers Table Of Contents Configuring AAA Servers Setting Up an ACS Server Configuring AAA Servers The WLSE can monitor the performance of AAA (Authentication, Authorization, and Accounting) services provided by CiscoSecure ACS. The services supported are LEAP, RADIUS, EAP-MD5, PEAP (EAP-GTC only), and EAP-FAST. This chapter covers setting up an ACS server: •To set up a CAR server, see the CAR documentation on Cisco.com. •To set up an access point as an AAA server, see the access point documentation on Cisco.com. •To set up the WLSE's internal AAA server, see the online help or the User Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.13. The internal AAA server is available only on the WLSE Express (WLSE 1030). Setting Up an ACS Server Note For PEAP, besides the procedure in this section, you must set up a certificate and private key on the ACS server and then enable PEAP. For more information, see the CiscoSecure ACS documentation. To enable monitoring of an ACS server, you must: •Configure CiscoSecure ACS server to recognize the WLSE as a client. Follow the procedure in this section on each server. •Configure the WLSE to add information about AAA servers. For more information, see the online help or the User Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.13. In addition, you can use an AAA server to authenticate to Wireless Domain Services (WDS) devices. To enable this authentication, make sure an AAA server is configured as described in this section. Procedure Step 1 Log into the CiscoSecure ACS Server that will provide authentication services to the wireless network. Note You will need the IP address or name of the system on which CiscoSecure ACS Server is running when you configure the WLSE. Step 2 Click User Setup on the left side of the initial page. Step 3 Enter a username for the user the WLSE will use for synthetic transactions and click Add/Edit. Step 4 Enter a password in the first set of Password and Confirm Password fields. Click Submit. Note You will need this name and password when configuring the WLSE. Step 5 Click Network Configuration on the left side of the page. Step 6 Click Add Entry. In the Add AAA Client area, enter the WLSE information in the following text boxes: •Client Hostname—enter the WLSE hostname (or IP address) •Client IP—enter the WLSE IP address •Key—enter a secret key Note You will need this key when configuring the WLSE. Step 7 Select RADIUS (Cisco Aironet) from the Authenticate Using list. Step 8 If you are using this server for Wireless Domain Services (WDS) authentication, configure the server for simultaneous login sessions. See the ACS documentation for details. Step 9 If you are setting the session timeout, do not set it to less than 600 seconds. Caution A session timeout of less than 600 seconds can disrupt Radio Manager operations. Step 10 Click Submit or Submit+Restart. A restart is required for the changes to take effect.
	© 1992-2008 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.