Last updated: October 2007
1. Configure Cisco ACS information on an access point enabled with PMIP
2. Configure an AP enabled with a PMIP as an AAA Client on a ACS server
3. Configure mobile nodes' SA on a ACS server
• Cisco Aironet Access Point 1200: Cisco IOS Software Release 12.0(2)T1
• Cisco ACS Server: version 3.1
Configure Authentication Server-Cisco ACS-Information on a PMIP Enabled Access Point
Step 1. Setup Screen, click on "Proxy Mobile IP"
Step 2. Click on "Authentication Server"
Step 3. Configure the ACS server IP address, Server Type, Port, and Shared Secret Key. The ACS server IP address is the server IP address. The Server Type should be "RADIUS," and the Port can be either 1812 or 1645 if the ACS server version is v3.1. For an earlier version of ACS server, the ACS server may by default listen only port 1645. The Shared Secret must match the one configured on the ACS server (the ACS server configuration is in the section 3.0 below). Finally, remember to check on the "MIP Authentication" box and click "OK".
Note: Repeat Steps 1-3 for the other PMIP-enabled APs.
Configure a PMIP enabled AP as an AAA Client on a ACS server
Note: This part of configuration can be applied for a HA router that is also using an ACS server to retrieve mobile node's SA information.
Configure mobile nodes' SA on a ACS server
Step 1. Click on the "User Setup" button. Enter a mobile device's IP address, and click the "Add/Edit" button. The mobile device in this example is 10.10.1.201.
Step 2. Configure the "User Setup" section. In this section, make sure the "Password Authentication:" is "CiscoSecure Database" and the "Password" section is configured with "cisco".
Note: This password must be "cisco". Cisco Access Points use this default password when communicating with the Radius server.
Step 3. Configure the "Cisco IOS/PIX Radius Attributes" section. This section is in the bottom of the User Setup Page.
Note: If the HA is also using a ACS to retrieve the mobile device's SA, make sure this key is matched to the one configured on that ACS. If the HA is using the same ACS as this PMIP AP to retrieve the mobile device's SA, the match will be guaranteed).
Note: The "Cisco IOS/PIX Radius Attributes" section above may not appear as an option in a "User Setup" configuration. If this option is not visible, go to the "Interface Configuration" and check on the User and Group "cisco-av-pair" boxes as highlighted below.
Enabling the Cisco IOS/PIX Radius Attributes Field
HA Configuration for Retrieving SA information from An ACS Server