Cisco Systems OL-29225-01 Film Camera User Manual


 
9-10
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter 9 Configuring an Access Point as a Local Authenticator
Configuring a Local Authenticator
The first section of statistics lists cumulative statistics from the local authenticator.
The second section lists stats for each access point (NAS) authorized to use the local authenticator. The
EAP-FAST statistics in this section include these stats:
Auto provision success—the number of PACs generated automatically
Auto provision failure—the number of PACs not generated because of an invalid handshake packet
or invalid username or password
PAC refresh—the number of PACs renewed by clients
Invalid PAC received—the number of PACs received that were expired, that the authenticator could
not decrypt, or that were assigned to a client username not in the authenticator’s database
The third section lists stats for individual users. If a user is blocked and the lockout time is set to infinite,
blocked appears at the end of the stat line for that user. If the lockout time is not infinite, Unblocked in
x seconds appears at the end of the stat line for that user.
Use this privileged exec mode command to reset local authenticator statistics to zero:
AP# clear radius local-server statistics
Using Debug Messages
In privileged exec mode, enter this command to control the display of debug messages for the local
authenticator:
AP# debug radius local-server { client | eapfast | error | packets}
Use the command options to display this debug information:
Use the client option to display error messages related to failed client authentications.
Use the eapfast option to display error messages related to EAP-FAST authentication. Use the
sub-options to select specific debugging information:
encryption —displays information on the encryption and decryption of received and
transmitted packets
events—displays information on all EAP-FAST events
pac—displays information on events related to PACs, such as PAC generation and verification
pkts—displays packets sent to and received from EAP-FAST clients
Use the error option to display error messages related to the local authenticator.
Use the packets option to turn on display of the content of RADIUS packets sent and received.