5-3
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 5 Configuring Security Solutions
Configuring RADIUS
Layer 3 Solutions
The WEP problem can be further solved using industry-standard Layer 3 security solutions such as
passthrough VPNs (virtual private networks).
The Cisco UWN Solution supports local and RADIUS MAC (media access control) filtering. This
filtering is best suited to smaller client groups with a known list of 802.11 access card MAC addresses.
Finally, the Cisco UWN Solution supports local and RADIUS user/password authentication. This
authentication is best suited to small to medium client groups.
Integrated Security Solutions
• Cisco UWN Solution operating system security is built around a robust 802.1X AAA (authorization,
authentication and accounting) engine, which allows operators to rapidly configure and enforce a
variety of security policies across the Cisco UWN Solution.
• The controllers and lightweight access points are equipped with system-wide authentication and
authorization protocols across all ports and interfaces, maximizing system security.
• Operating system security policies are assigned to individual WLANs, and lightweight access points
simultaneously broadcast all (up to 16) configured WLANs. This can eliminate the need for
additional access points, which can increase interference and degrade system throughput.
• Operating system security uses the RRM function to continually monitor the air space for
interference and security breaches, and notify the operator when they are detected.
• Operating system security works with industry-standard authorization, authentication, and
accounting (AAA) servers, making system integration simple and easy.
Configuring RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that provides
centralized security for users attempting to gain management access to a network. It serves as a backend
database similar to local and TACACS+ and provides authentication and accounting services:
• Authentication—The process of verifying users when they attempt to log into the controller.
Users must enter a valid username and password in order for the controller to authenticate users to
the RADIUS server.
Note When multiple databases are configured, you can use the controller GUI or CLI to specify
the sequence in which the backend databases should be tried.
• Accounting—The process of recording user actions and changes.
Whenever a user successfully executes an action, the RADIUS accounting server logs the changed
attributes, the user ID of the person who made the change, the remote host where the user is logged
in, the date and time when the command was executed, the authorization level of the user, and a
description of the action performed and the values provided. If the RADIUS accounting server
becomes unreachable, users are able to continue their sessions uninterrupted.
To Next Page
Loading...
Need help?
General
