Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
201
Views
0
Helpful
0
Replies

Problems with AP AUthentication RADIUS LOCAL

rmacapital
Level 1
Level 1

‎05-21-2015 07:51 AM - edited ‎07-05-2021 03:16 AM

i have a probleme with my AP for authentification radius local for systms window and linux .

scenario :

 

vlan 1 192.168.1.206  ( @ip radius)

vlan 6 192.168.40.1 

vlan 11 192.168.11.1

 

config file is :

 

DIGITAL_VIRGO_AP_01#sh
DIGITAL_VIRGO_AP_01#show run
DIGITAL_VIRGO_AP_01#show running-config 
Building configuration...

Current configuration : 5001 bytes
!
! Last configuration change at 15:21:58 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname DIGITAL_VIRGO_AP_01
!
!
logging rate-limit console 9
enable secret 5 $1$axdM$RRb04djt0jSKc1ohhFBPF/
!
aaa new-model
!
!
aaa group server radius rad_eap
 server 192.168.1.206 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap2
 server 192.168.1.206 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local 
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!         
!
aaa session-id common
no ip routing
no ip cef
!
!
!
dot11 syslog
dot11 vlan-name management vlan 6
!
dot11 ssid DIGITALVIRGO_PRIVE
   vlan 11
   authentication open 
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 08254549000D041B32595C557F
!
dot11 ssid DIGITAL_GUEST
   vlan 6
   authentication open eap eap_methods2 
   authentication network-eap eap_methods2 
   authentication key-management wpa
   mbssid guest-mode
!
!
crypto pki token default removal timeout 0
!
!
username Cisco password 7 14341B180F0B
username root privilege 15 password 7 0737055A4A5A4B1F44
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip 
 !
 encryption vlan 10 mode ciphers tkip 
 !
 encryption vlan 12 mode ciphers tkip 
 !
 encryption vlan 11 mode ciphers tkip 
 !
 encryption vlan 6 mode ciphers aes-ccm 
 !
 ssid DIGITALVIRGO_PRIVE
 !
 ssid DIGITAL_GUEST
 !
 antenna gain 0
 stbc
 beamform ofdm
 mbssid
 station-role root access-point fallback shutdown
 l2-filter bridge-group-acl
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.6
 encapsulation dot1Q 6
 no ip route-cache
 bridge-group 6
 bridge-group 6 subscriber-loop-control
 bridge-group 6 spanning-disabled
 bridge-group 6 block-unknown-source
 no bridge-group 6 source-learning
 no bridge-group 6 unicast-flooding
!
interface Dot11Radio0.11
 encapsulation dot1Q 11
 no ip route-cache
 bridge-group 11
 bridge-group 11 subscriber-loop-control
 bridge-group 11 spanning-disabled
 bridge-group 11 block-unknown-source
 no bridge-group 11 source-learning
 no bridge-group 11 unicast-flooding
!
interface Dot11Radio0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
 bridge-group 12 subscriber-loop-control
 bridge-group 12 spanning-disabled
 bridge-group 12 block-unknown-source
 no bridge-group 12 source-learning
 no bridge-group 12 unicast-flooding
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm 
 antenna gain 0
 no dfs band block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.6
 encapsulation dot1Q 6
 no ip route-cache
 bridge-group 6
 bridge-group 6 spanning-disabled
 no bridge-group 6 source-learning
!
interface GigabitEthernet0.11
 encapsulation dot1Q 11
 no ip route-cache
 bridge-group 11
 bridge-group 11 spanning-disabled
 no bridge-group 11 source-learning
!
interface GigabitEthernet0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
 bridge-group 12 spanning-disabled
 no bridge-group 12 source-learning
!
interface BVI1
 ip address 192.168.10.100 255.255.255.0 secondary
 ip address 192.168.1.206 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1 
!
access-list 701 deny   6876.4fff.a42c   0000.0000.0000
radius-server local
  nas 192.168.1.206 key 7 0822455D0A16
  user digital nthash 7 03517853565F071D1D284A26324A5D2920787E7078171176365045505073007901
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.1.206 auth-port 1812 acct-port 1813 key 7 060506324F41
radius-server vsa send accounting
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 transport input all
!         
end

- See more at: https://supportforums.cisco.com/discussion/12513601/probleme-radius-local-ap#sthash.beL6D2Uu.dpuf

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card