Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
261
Views
0
Helpful
1
Replies

Authentication Configuration Help

mrashby
Level 1
Level 1

‎04-04-2007 06:39 AM - edited ‎07-03-2021 01:53 PM

All,

Can anyone help me configure user authentication for my WAP. I have an Aironet 1242 and all the documentation I come across is showing me how to configure it for administration purposes. I have a Radius server up and running but I can't get the config right to have users authenticate to it when they access the WAP.

Below is my config.

version 12.3

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

!

hostname 4TH_FLOOR_CONF

!

enable secret xxx

!

clock timezone EST -5

clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

ip subnet-zero

ip domain name sba.gov

ip dhcp excluded-address 165.110.30.1 165.110.30.229

ip dhcp excluded-address 165.110.30.240 165.110.30.254

!

ip dhcp pool atlantis

network 105.120.35.0 255.255.255.0

!

!

ip dhcp-server 105.120.35.252

aaa new-model

!

!

aaa group server radius rad_eap

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

aaa session-id common

!

dot11 ssid airbender

!

dot11 ssid avatar

authentication open

guest-mode

!

power inline negotiation prestandard source

!

!

username Cisco password xxx

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm tkip

!

ssid airbender

!

ssid avatar

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

!

ssid avatar

!

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

hold-queue 160 in

!

interface BVI1

ip address 105.120.35.219 255.255.255.0

no ip route-cache

!

ip default-gateway 105.120.35.254

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

!

radius-server local

nas 105.120.35.12 key xxx

!

radius-server attribute 32 include-in-access-req format %h

radius-server host 165.110.30.215 auth-port 1812 acct-port 1646 key xxx

radius-server vsa send accounting

!

control-plane

!

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

!

sntp server 105.120.35.253

end

Labels:
0 Helpful
1 Reply 1

diro
Level 1
Level 1

‎04-05-2007 06:28 AM

You are missing half of the config for security:

you still need to setup the ssid

read here:

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801bd035.shtml

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card