Add a New AAA Policy

About this task

Configure a new AAA policy to determine access to a network and how to control user authorization.

Procedure

  1. Go to Policies > AAA.
  2. Select Add to configure a new AAA policy.
    The system displays the Add Policy dashboard.
  3. Type a AAA policy name on the AAA field.
    The policy name must be unique and cannot be the same as an existing AAA policy name.
  4. Select Add.
    The General policy dashboard opens.
    1. Select Add to add general AAA policy settings. The Server dashboard opens.
    2. Set AAA policy server parameters:
      Server parameter Description
      Sever ID Displays the numerical server index (1-12) for the accounting server when added to the list available to the access point
      Server Type Displays the type of AAA server in use as either Authentication or Accounting
      Port Displays the port on which the RADIUS server listens to traffic within the access point managed network. The port range is 1 - 65,535. The default port is 1812
      Server Host Displays the IP address or hostname of the RADIUS authentication server. The options are IP/Host, Onboard, Controller, or Centralized
      IP/Host server host option configuration:

      Select IP/Host to display the IP address or hostname of the RADIUS authentication server and set the hostname or IP address and password in the Secret field
      Request Attempts Displays the number of attempts a client can retransmit a missed frame to the RADIUS server before it times out of the authentication session. The available range is from 1 - 10. The default is 3
      Request Timeout Displays the time (from 1 - 3600) seconds for the re-transmission of request packets. The default is 5 seconds. If this time is exceeded, the authentication session is terminated
    3. Select Add and Save to apply the AAA policy general server settings.
  5. Navigate to Radius dashboard to configure the following AAA policy settings:

    Accounting is the method of collecting and sending security server information for billing, auditing, and reporting user data; such as captive portal start and stop times, executed commands (such as PPP), number of packets, and number of bytes. Accounting enables wireless network administrators to track captive portal services that users are using.

    Radius settings Description
    Accounting type Displays the accounting type set for the AAA policy. Options include:
    • Start/Stop — Sends a start accounting notice at the beginning of a process and a stop notice at the end of a process. The start accounting record is sent in the background. The requested process begins regardless of whether the start accounting notice is received by the accounting server
    • Start/Interim/Stop— Sends a start accounting notice at the beginning of a process, multiple regular notices while the process is running, and a stop notice at the end of a process

    The default option is Start/Stop
    Address format Options include:
    • No Delimiter
    • Colon Delimiter
    • Dash Delimiter
    • Pair Hyphen
    • Pair Space
    • Dot Delimited per Four
    • Middle Dash Delimiter

    The default option is Pair Hyphen
    Server pooling The server pooling mode controls how requests are transmitted across RADIUS servers. Selecting Fail Over results in working down the list of servers if a server is unresponsive and unavailable. The Load-Balance option uses all available servers transmitting requests in round robin
    Authentication Protocol Options include:
    • PAP
    • CHAP
    • MS-CHAP
    • MS-CHAPv2

    The default protocol option is PAP
  6. Select Save to apply RADIUS settings changes to the AAA policy.
9037026-03 Rev AA