The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Several features on the WAP require communication with a RADIUS authentication server. For example, when you configure Virtual Access Points (VAPs) on the WAP device, you can configure security methods that control wireless client access. The Dynamic WEP and WPA Enterprise security methods use an external RADIUS server to authenticate the clients. The MAC address filtering feature, where the client access is restricted to a list, can also be configured to use a RADIUS server to control access. The Captive Portal feature also uses RADIUS to authenticate the clients.
The RADIUS Server Settings allow you to configure how the WAP interacts with the RADIUS servers. You can configure up to four globally available IPv4 or IPv6 RADIUS servers. One of the servers always acts as the primary server while the others act as the backup servers.
Note: In addition to setting up global RADIUS server settings, certain services on the WAP can also be configured to use a separate set of RADIUS servers.
The objective of this document is to explain how to configure global RADIUS Server settings on the WAP371 access point.
Step 1. Log in to the web configuration utility and choose System Security > RADIUS Server. The RADIUS Server page opens:
Step 2. In the Server IP Address Type field, select the radio button for the IP version that the RADIUS server uses. The available options are IPv4 and IPv6.
Note: You can toggle between the address types to configure IPv4 and IPv6 global RADIUS address settings, but the WAP device contacts only the RADIUS server or servers with the address type that you select in this field. It is not possible to have multiple servers use different address types in one configuration.
Step 3. In the Server IP Address-1 field, or Server IPv6 Address-1 field, enter either an IPv4 or IPv6 address for the global RADIUS server depending on the address type you chose in Step 2.
Note: The address entered in this field will designate your primary global RADIUS server. Addresses entered in subsequent fields (Server IP Address-2 through -4) will designate your backup RADIUS servers that will be tried in sequence if authentication fails with the primary server.
Step 4. In the Key-1 field, enter the shared secret key corresponding to the primary RADIUS server that the WAP device uses to authenticate to the RADIUS server. You can use from 1 to 64 standard alphanumeric and special characters. Repeat this step for each subsequent RADIUS server you have configured in the Key-2 through -4 fields. This step is the same regardless of the address type selected in the previous step.
Note: The keys are case sensitive and must match the key configured on the RADIUS server.
Step 6. In the RADIUS Accounting field, check the Enable checkbox to enable tracking and measuring of the resources a user has consumed (system time, amount of data transmitted, etc). Checking this checkbox will enable RADIUS accounting for the primary and backup servers.
Step 7. Click Save.