04-04-2007 06:39 AM - edited 07-03-2021 01:53 PM
All,
Can anyone help me configure user authentication for my WAP. I have an Aironet 1242 and all the documentation I come across is showing me how to configure it for administration purposes. I have a Radius server up and running but I can't get the config right to have users authenticate to it when they access the WAP.
Below is my config.
version 12.3
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname 4TH_FLOOR_CONF
!
enable secret xxx
!
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
ip subnet-zero
ip domain name sba.gov
ip dhcp excluded-address 165.110.30.1 165.110.30.229
ip dhcp excluded-address 165.110.30.240 165.110.30.254
!
ip dhcp pool atlantis
network 105.120.35.0 255.255.255.0
!
!
ip dhcp-server 105.120.35.252
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
!
dot11 ssid airbender
!
dot11 ssid avatar
authentication open
guest-mode
!
power inline negotiation prestandard source
!
!
username Cisco password xxx
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm tkip
!
ssid airbender
!
ssid avatar
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
ssid avatar
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
!
interface BVI1
ip address 105.120.35.219 255.255.255.0
no ip route-cache
!
ip default-gateway 105.120.35.254
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
radius-server local
nas 105.120.35.12 key xxx
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 165.110.30.215 auth-port 1812 acct-port 1646 key xxx
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
sntp server 105.120.35.253
end
04-05-2007 06:28 AM
You are missing half of the config for security:
you still need to setup the ssid
read here:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide