Cisco Cisco Aironet 350 Wireless Bridge 기술 매뉴얼

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Usually an external RADIUS Server is used to authenticate users. In some cases, this is not a feasible solution.
In these situations, an access point can be made to act as a RADIUS Server. Here, users are authenticated
against the local database configured in the access point. This is called a Local RADIUS Server feature. You
can also make other access points in the network use the Local RADIUS Server feature on an access point.
For more information on this, refer to Configuring Other Access Points to Use the Local Authenticator.

The configuration describes how to configure LEAP and Local Radius Server Feature on an access point. The
Local RADIUS Server feature was introduced in Cisco IOS Software Release 12.2(11)JA. Refer to LEAP
Authentication with RADIUS Server for background information on how to configure LEAP with an external
RADIUS Server.

As with most password−based authentication algorithms, Cisco LEAP is vulnerable to dictionary attacks. This
is not a new attack or new vulnerability of Cisco LEAP. You must create a strong password policy to mitigate
dictionary attacks, that would include strong passwords and frequent new passwords. Refer to Dictionary
Attack on Cisco LEAP for more information about dictionary attacks and how to prevent them.

This document assumes this configuration for both CLI and GUI:

The IP address of the access point is 10.77.244.194.

1. 

The SSID used is cisco, which is mapped to VLAN 1.

2. 

The usernames are user1 and user2, which are mapped to the group Testuser.

3. 

ap#show running−config

Building configuration...

.

.

.

!

!

.

.

.