5-15
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 5 Configuring Security Solutions
Configuring RADIUS
RADIUS Authentication Attributes Sent by the Access Point
The tables in this section identify the RADIUS authentication attributes sent by a lightweight access
point to a client in access-request and access-accept packets.
Note These Cisco-specific attributes are not supported: Auth-Algo-Type and SSID.
Table 5-1 Authentication Attributes Sent in Access-Request Packets
Attribute ID Description
1User-Name
2 Password
3CHAP-Password
4 NAS-IP-Address
5NAS-Port
6 Service-Type
1
12 Framed-MTU
30 Called-Station-ID (MAC address)
31 Calling-Station-ID (MAC address)
32 NAS-Identifier
33 Proxy-State
60 CHAP-Challenge
61 NAS-Port-Type
79 EAP-Message
243 TPLUS-Role
1. To specify read-only or read-write access to controllers through RADIUS authentication, you must set the
Service-Type attribute (6) on the RADIUS server to Callback NAS Prompt for read-only access or to
Administrative for read-write privileges. See Step 19 in the “Configuring RADIUS on the ACS” section for
more information.
Table 5-2 Authentication Attributes Honored in Access-Accept Packets (Cisco)
Attribute ID Description
1 Cisco-LEAP-Session-Key
2 Cisco-Keywrap-Msg-Auth-Code
3 Cisco-Keywrap-NonCE
4 Cisco-Keywrap-Key
5 Cisco-URL-Redirect
6 Cisco-URL-Redirect-ACL
To Next Page
Loading...
Need help?
General
