Cisco Cisco Aironet 1200 Access Point 릴리즈 노트
10
Release Notes for Cisco Aironet 1200 Series Access Points Running Firmware Version 12.02T1
OL-3867-01
Important Notes
When the authentication server responds to a successful request, the authorization parameters (described
in the Authorization Parameters section below) are extracted and processed to a local database cache
entry. This entry is kept in the cache for five minutes and is used to authenticate the user for subsequent
authentication requests.
in the Authorization Parameters section below) are extracted and processed to a local database cache
entry. This entry is kept in the cache for five minutes and is used to authenticate the user for subsequent
authentication requests.
The cache speeds up the administrative configuration process by not forcing the subsequent requests to
require a transaction with an authentication server within the five-minute time period. The following
applies:
require a transaction with an authentication server within the five-minute time period. The following
applies:
•
If the user is accessed using an authentication request within the 5-minute period, the cache timer
resets to 5 minutes.
resets to 5 minutes.
•
If the user entry is not accessed within 5 minutes, the next access causes a new server request to be
sent to the authentication server so the user and new privileges are cached again.
sent to the authentication server so the user and new privileges are cached again.
If the authentication response is a rejection, the server issues a reject response just as if the local database
entry was not found. The administrator is also rejected if they exist on the authentication server but do
not have administrative capabilities configured.
entry was not found. The administrator is also rejected if they exist on the authentication server but do
not have administrative capabilities configured.
Authorization Parameters
The following authentication server attribute value (AV) pair is returned to the access point for an
administrator login request:
administrator login request:
This is RADIUS attribute #26, Cisco Vendor ID #9, type #1 --- string.
Cisco:Avpair = aironet:admin-capability=write+snmp+ident+firmware+admin
Any combination of capabilities are returned with this attribute; for example:
Cisco:Avpair = aironet:admin-capability=ident+admin
Cisco:Avpair = aironet:admin-capability=admin
The following is an example Livingston RADIUS server users file entry:
User password = “aironet”
Service-Type = Outbound
cisco-avpair = “aironet:admin-capability=ident+admin”
The following is an example TACACS + server users file entry:
Service - Aironet
Protocol - Shell
cisco-avpair = “aironet:admin-capability=ident+admin”
See Chapter 8 of the Cisco Aironet 1200 Series Access Point Software Configuration Guide or click
Help on the Authenticator Configuration page for an explanation of the attributes returned by the server.
Help on the Authenticator Configuration page for an explanation of the attributes returned by the server.