1231 IOS APs as P-to-P bridges

Answered Question
Jul 16th, 2009
User Badges:

I'm trying to set-up two b/g 1231s in Point-to-Point bridge mode with local-radius eap on the root and WPA/TKIP.


Config looks identical to what's running on 13xx & 14xx bridges but the local-radius server on the root keeps showing up as dead and the two bridges never complete the auth process.


IOS is c1200-k9w7-mx.123-8.JEB1.

Trunking two vlans, one for mgt. & one for users across the street.


WPA-PSK works and it looks like I could fall back to WEP-LEAP too.


Anybody tried this? Ideas, suggestions?


Thanks!

Correct Answer by Roman Rodichev about 7 years 8 months ago

Are you doing LEAP+WPA/TKIP ? I've tested this setup with bridging+multiple vlans+wpa/wpa2+tkip/aes+LEAP/EAP-FAST/EAP-TLS+local EAP, and they all worked. Can you post your config?


You mentioned that WEP+LEAP worked and also that local-radius server shows up as dead, so I'm not sure if your local EAP is actually working.


Make sure you are using auth-port 1812 (not default 1645). Here's a sample config:


aaa group server radius rad_eap

server 192.168.0.1 auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap

!

radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key cisco

!

radius-server local

nas 192.168.0.1 key cisco

user X password Y





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Roman Rodichev Fri, 07/17/2009 - 12:06
User Badges:
  • Gold, 750 points or more

Are you doing LEAP+WPA/TKIP ? I've tested this setup with bridging+multiple vlans+wpa/wpa2+tkip/aes+LEAP/EAP-FAST/EAP-TLS+local EAP, and they all worked. Can you post your config?


You mentioned that WEP+LEAP worked and also that local-radius server shows up as dead, so I'm not sure if your local EAP is actually working.


Make sure you are using auth-port 1812 (not default 1645). Here's a sample config:


aaa group server radius rad_eap

server 192.168.0.1 auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap

!

radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key cisco

!

radius-server local

nas 192.168.0.1 key cisco

user X password Y





mscherting Fri, 07/17/2009 - 13:40
User Badges:

Thanks. I just got back from installing them. I rebuilt the configs from scratch, changing the auth ports and I had missed entering the nas IPs.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode