Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
0
Helpful
2
Replies

1231 IOS APs as P-to-P bridges

Go to solution
mscherting
Level 1
Level 1

‎07-16-2009 11:39 AM - edited ‎07-03-2021 05:49 PM

I'm trying to set-up two b/g 1231s in Point-to-Point bridge mode with local-radius eap on the root and WPA/TKIP.

Config looks identical to what's running on 13xx & 14xx bridges but the local-radius server on the root keeps showing up as dead and the two bridges never complete the auth process.

IOS is c1200-k9w7-mx.123-8.JEB1.

Trunking two vlans, one for mgt. & one for users across the street.

WPA-PSK works and it looks like I could fall back to WEP-LEAP too.

Anybody tried this? Ideas, suggestions?

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roman Rodichev
Level 7
Level 7

‎07-17-2009 12:06 PM

Are you doing LEAP+WPA/TKIP ? I've tested this setup with bridging+multiple vlans+wpa/wpa2+tkip/aes+LEAP/EAP-FAST/EAP-TLS+local EAP, and they all worked. Can you post your config?

You mentioned that WEP+LEAP worked and also that local-radius server shows up as dead, so I'm not sure if your local EAP is actually working.

Make sure you are using auth-port 1812 (not default 1645). Here's a sample config:

aaa group server radius rad_eap

server 192.168.0.1 auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap

!

radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key cisco

!

radius-server local

nas 192.168.0.1 key cisco

user X password Y

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Roman Rodichev
Level 7
Level 7

‎07-17-2009 12:06 PM

Are you doing LEAP+WPA/TKIP ? I've tested this setup with bridging+multiple vlans+wpa/wpa2+tkip/aes+LEAP/EAP-FAST/EAP-TLS+local EAP, and they all worked. Can you post your config?

You mentioned that WEP+LEAP worked and also that local-radius server shows up as dead, so I'm not sure if your local EAP is actually working.

Make sure you are using auth-port 1812 (not default 1645). Here's a sample config:

aaa group server radius rad_eap

server 192.168.0.1 auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap

!

radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key cisco

!

radius-server local

nas 192.168.0.1 key cisco

user X password Y

0 Helpful

Go to solution
mscherting
Level 1
Level 1
In response to Roman Rodichev

‎07-17-2009 01:40 PM

Thanks. I just got back from installing them. I rebuilt the configs from scratch, changing the auth ports and I had missed entering the nas IPs.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card