07-16-2009 11:39 AM - edited 07-03-2021 05:49 PM
I'm trying to set-up two b/g 1231s in Point-to-Point bridge mode with local-radius eap on the root and WPA/TKIP.
Config looks identical to what's running on 13xx & 14xx bridges but the local-radius server on the root keeps showing up as dead and the two bridges never complete the auth process.
IOS is c1200-k9w7-mx.123-8.JEB1.
Trunking two vlans, one for mgt. & one for users across the street.
WPA-PSK works and it looks like I could fall back to WEP-LEAP too.
Anybody tried this? Ideas, suggestions?
Thanks!
Solved! Go to Solution.
07-17-2009 12:06 PM
Are you doing LEAP+WPA/TKIP ? I've tested this setup with bridging+multiple vlans+wpa/wpa2+tkip/aes+LEAP/EAP-FAST/EAP-TLS+local EAP, and they all worked. Can you post your config?
You mentioned that WEP+LEAP worked and also that local-radius server shows up as dead, so I'm not sure if your local EAP is actually working.
Make sure you are using auth-port 1812 (not default 1645). Here's a sample config:
aaa group server radius rad_eap
server 192.168.0.1 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
!
radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key cisco
!
radius-server local
nas 192.168.0.1 key cisco
user X password Y
07-17-2009 12:06 PM
Are you doing LEAP+WPA/TKIP ? I've tested this setup with bridging+multiple vlans+wpa/wpa2+tkip/aes+LEAP/EAP-FAST/EAP-TLS+local EAP, and they all worked. Can you post your config?
You mentioned that WEP+LEAP worked and also that local-radius server shows up as dead, so I'm not sure if your local EAP is actually working.
Make sure you are using auth-port 1812 (not default 1645). Here's a sample config:
aaa group server radius rad_eap
server 192.168.0.1 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
!
radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key cisco
!
radius-server local
nas 192.168.0.1 key cisco
user X password Y
07-17-2009 01:40 PM
Thanks. I just got back from installing them. I rebuilt the configs from scratch, changing the auth ports and I had missed entering the nas IPs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide