05-21-2015 07:51 AM - edited 07-05-2021 03:16 AM
i have a probleme with my AP for authentification radius local for systms window and linux .
scenario :
vlan 1 192.168.1.206 ( @ip radius)
vlan 6 192.168.40.1
vlan 11 192.168.11.1
config file is :
DIGITAL_VIRGO_AP_01#sh
DIGITAL_VIRGO_AP_01#show run
DIGITAL_VIRGO_AP_01#show running-config
Building configuration...
Current configuration : 5001 bytes
!
! Last configuration change at 15:21:58 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname DIGITAL_VIRGO_AP_01
!
!
logging rate-limit console 9
enable secret 5 $1$axdM$RRb04djt0jSKc1ohhFBPF/
!
aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.1.206 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap2
server 192.168.1.206 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
no ip routing
no ip cef
!
!
!
dot11 syslog
dot11 vlan-name management vlan 6
!
dot11 ssid DIGITALVIRGO_PRIVE
vlan 11
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 08254549000D041B32595C557F
!
dot11 ssid DIGITAL_GUEST
vlan 6
authentication open eap eap_methods2
authentication network-eap eap_methods2
authentication key-management wpa
mbssid guest-mode
!
!
crypto pki token default removal timeout 0
!
!
username Cisco password 7 14341B180F0B
username root privilege 15 password 7 0737055A4A5A4B1F44
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
encryption vlan 10 mode ciphers tkip
!
encryption vlan 12 mode ciphers tkip
!
encryption vlan 11 mode ciphers tkip
!
encryption vlan 6 mode ciphers aes-ccm
!
ssid DIGITALVIRGO_PRIVE
!
ssid DIGITAL_GUEST
!
antenna gain 0
stbc
beamform ofdm
mbssid
station-role root access-point fallback shutdown
l2-filter bridge-group-acl
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 6
bridge-group 6 subscriber-loop-control
bridge-group 6 spanning-disabled
bridge-group 6 block-unknown-source
no bridge-group 6 source-learning
no bridge-group 6 unicast-flooding
!
interface Dot11Radio0.11
encapsulation dot1Q 11
no ip route-cache
bridge-group 11
bridge-group 11 subscriber-loop-control
bridge-group 11 spanning-disabled
bridge-group 11 block-unknown-source
no bridge-group 11 source-learning
no bridge-group 11 unicast-flooding
!
interface Dot11Radio0.12
encapsulation dot1Q 12
no ip route-cache
bridge-group 12
bridge-group 12 subscriber-loop-control
bridge-group 12 spanning-disabled
bridge-group 12 block-unknown-source
no bridge-group 12 source-learning
no bridge-group 12 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 6
bridge-group 6 spanning-disabled
no bridge-group 6 source-learning
!
interface GigabitEthernet0.11
encapsulation dot1Q 11
no ip route-cache
bridge-group 11
bridge-group 11 spanning-disabled
no bridge-group 11 source-learning
!
interface GigabitEthernet0.12
encapsulation dot1Q 12
no ip route-cache
bridge-group 12
bridge-group 12 spanning-disabled
no bridge-group 12 source-learning
!
interface BVI1
ip address 192.168.10.100 255.255.255.0 secondary
ip address 192.168.1.206 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
access-list 701 deny 6876.4fff.a42c 0000.0000.0000
radius-server local
nas 192.168.1.206 key 7 0822455D0A16
user digital nthash 7 03517853565F071D1D284A26324A5D2920787E7078171176365045505073007901
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.1.206 auth-port 1812 acct-port 1813 key 7 060506324F41
radius-server vsa send accounting
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
transport input all
!
end
- See more at: https://supportforums.cisco.com/discussion/12513601/probleme-radius-local-ap#sthash.beL6D2Uu.dpuf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide