Getting Started with Wireless: 1130ag access point as local authenticator

Unanswered Question
Aug 27th, 2008
User Badges:

I have set my 1130 ag as having a local radius server, including groups, users and ssids. I am having trouble getting the access point to use the local radius server. When I try to connect using eap-fast I get prompted for a user name and password but no attempts are registered on the radius server. Any help would be appreciated.

Current configuration : 2829 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

enable secret xxx

!

aaa new-model

!

!

aaa group server radius rad_eap

server 192.168.150.253 auth-port 1645 acct-port 1646

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa group server radius rad_eap1

server 192.168.150.253 auth-port 1645 acct-port 1646

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authentication login eap_methods1 group rad_eap1

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

!

aaa session-id common

!

!

!

dot11 ssid test13

vlan 1

authentication open eap eap_methods1

authentication network-eap eap_methods1

guest-mode

!

power inline negotiation prestandard source

!

!

username Cisco password xxx

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

ssid test13

!

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

station-role root

!

interface Dot11Radio1.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.150.253 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.150.254

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

radius-server local

nas 192.168.150.253 key xxx

group luntan

vlan 1

ssid test13

!

user fangtanshi nthash xxx group luntan

!

radius-server attribute 32 include-in-access-req format %h

radius-server host 192.168.150.253 auth-port 1645 acct-port 1646 key xxx

radius-server vsa send accounting

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

exec-timeout 0 0

!

end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Fri, 08/29/2008 - 05:22
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

I posted a config file for EAP-FAST... it works, because I tried it. If you have issues, then it has to be the way you are configuring the client side.



Attachment: 

Actions

This Discussion

 

 

Trending Topics - Security & Network