This post is a quick reference for configuring management authentication with RADIUS for AirOS and IOS-XE based WLCs.
| Platform | RADIUS server configuration |
| AirOS | Protocol: PAP_ASCII Match on: Radius Service-Type equals “Nas Prompt” Return back: Radius Service-Type = Administrative (full access) Return back: Radius Service-Type = Nas Prompt (read-only access) Return back: Radius Service-Type = Call-Back Administrative (lobby admin) |
| IOS & IOS-XE | Protocol: PAP_ASCII Match on: Radius NAS Port id contains “tty” (for CLI) Match on: Radius NAS Port Type “Virtual” (for GUI) Return back: Cisco cisco-av-pair = shell:priv-lvl=15 |