Configuring Security Settings for a Wired Profile

Configuring Security Settings for a Wired Employee Network

The following procedure configures security parameters for the Employee wired network using the Instant WebUI:

  1. Configure the following parameters in the Configuration > Networks > Security tab.

    Port type—To support trusted ports in an Instant AP, select Trusted. When the Port type is trusted, MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. and 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication parameters cannot be configured. The Port Type is Untrusted by default.

    In a trusted mode, Instant APs will not create any user entry. A predefined ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. is applied to the trusted port in order to control the client traffic that needs to be source NATed.

    Select an existing RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  authentication server or + in the Authentication server 1 drop-down list. When+ is selected, an external RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server must be configured to authenticate the users. For information on configuring an external server, see Configuring an External Server for Authentication.Authentication and User Management

    Accounting—Select any of the following options.

    Load balancing—Click the toggle switch if you are using two RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  authentication servers, so that the load across the two RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  servers is balanced. For more information on the dynamic load balancing mechanism, see Dynamic Load Balancing between Two Authentication Servers

    The Accounting parameter does not appear if the Internal serveroption is selected as the authentication server.

  2. Click Next. The Access tab details are displayed.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure security settings for an employee wired network:

(Instant AP)(config)# wired-port-profile <name>

(Instant AP)(wired ap profile <name>)# mac-authentication

(Instant AP)(wired ap profile <name>)# l2-auth-failthrough

(Instant AP)(wired ap profile <name>)# auth-server <name>

(Instant AP)(wired ap profile <name>)# server-load-balancing

(Instant AP)(wired ap profile <name>)# radius-accounting

(Instant AP)(wired ap profile <name>)# radius-accounting-mode {user-association|user-authentication}

(Instant AP)(wired ap profile <name>)# radius-interim-accounting-interval <minutes>

(Instant AP)(wired ap profile <name>)# radius-reauth-interval <Minutes>

(Instant AP)(wired ap profile <name>)# trusted