1231 IOS APs as P-to-P bridges

Answered Question
Jul 16th, 2009

I'm trying to set-up two b/g 1231s in Point-to-Point bridge mode with local-radius eap on the root and WPA/TKIP.

Config looks identical to what's running on 13xx & 14xx bridges but the local-radius server on the root keeps showing up as dead and the two bridges never complete the auth process.

IOS is c1200-k9w7-mx.123-8.JEB1.

Trunking two vlans, one for mgt. & one for users across the street.

WPA-PSK works and it looks like I could fall back to WEP-LEAP too.

Anybody tried this? Ideas, suggestions?

Thanks!

I have this problem too.
0 votes
Correct Answer by Roman Rodichev about 7 years 4 months ago

Are you doing LEAP+WPA/TKIP ? I've tested this setup with bridging+multiple vlans+wpa/wpa2+tkip/aes+LEAP/EAP-FAST/EAP-TLS+local EAP, and they all worked. Can you post your config?

You mentioned that WEP+LEAP worked and also that local-radius server shows up as dead, so I'm not sure if your local EAP is actually working.

Make sure you are using auth-port 1812 (not default 1645). Here's a sample config:

aaa group server radius rad_eap

server 192.168.0.1 auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap

!

radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key cisco

!

radius-server local

nas 192.168.0.1 key cisco

user X password Y

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Roman Rodichev Fri, 07/17/2009 - 12:06

Are you doing LEAP+WPA/TKIP ? I've tested this setup with bridging+multiple vlans+wpa/wpa2+tkip/aes+LEAP/EAP-FAST/EAP-TLS+local EAP, and they all worked. Can you post your config?

You mentioned that WEP+LEAP worked and also that local-radius server shows up as dead, so I'm not sure if your local EAP is actually working.

Make sure you are using auth-port 1812 (not default 1645). Here's a sample config:

aaa group server radius rad_eap

server 192.168.0.1 auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap

!

radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key cisco

!

radius-server local

nas 192.168.0.1 key cisco

user X password Y

mscherting Fri, 07/17/2009 - 13:40

Thanks. I just got back from installing them. I rebuilt the configs from scratch, changing the auth ports and I had missed entering the nas IPs.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode