02-18-2003 05:25 AM - edited 07-04-2021 08:31 AM
After struggeling a while with this, reading docs over and over I'm not geting there.
We're actively using LEAP on an aironet AP 350, aironet PCMCIA 350 and TACACS+ 3.0.Now we want to use the Aironet 1120B AP with same server & adapters in the same leap configuration. This although seems to a though thing to do. I've upgrage the clients firmware to the latest, installed the newest version of ACU, but no luck. When I use open authentication, communication is succesfull, when I select network-EAP authentication nothing seem to happen & nothing is logged or shown when debugged. Looks like no radio communication happens at all.
Could someone provide me an example of a working configuration with leap, or advise me something how to make this work.
Thanks a lot
Hans
02-18-2003 04:33 PM
Hans,
You also have to configure your radius servers have you done this ?
David
02-19-2003 04:15 AM
David, thanks for your reply,
I forgot to mention that my access points are indeed configured for radius, and administration is validated through the tacacs servers using radius.
I've sniffed the network and radius packets when I telnet to the ap are sent & returned to/from the radius server. But nothing passes when a client wants to associate with the ap.
My 350 ap's are working fine with this server, so I doubt that the problem is in this area, I'm more thinking that something's not working between client & ap, since the ap doesn't report a thing.
I'm running ios 12.2(4) on the ap, it's a brand new ap since last week.
This is my config, maybe it gives you an idea ?
version 12.2
no service pad
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname ap-test
!
aaa new-model
!
aaa authentication login default group radius
aaa authentication login eap_methods group radius
aaa authentication login mac_methods local
aaa authentication login pmip_methods group radius
aaa authorization ipmobile default group radius
aaa authorization network default group radius
aaa authorization network eap_methods group radius
aaa accounting network acct_methods start-stop group radius
aaa accounting network eap_methods start-stop group radius
aaa session-id common
enable secret 5 $xxxx
enable password 7 xxxxx
!
clock timezone STD 1
clock summer-time DST recurring last Sun Mar 2:00 last Sun Oct 2:00
ip subnet-zero
no ip source-route
ip domain-name intranet.network.be
ip name-server 194.116.20.1
!
ip ssh time-out 120
ip ssh authentication-retries 3
dot11 holdoff-time 600
!
bridge irb
!
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode wep mandatory
!
ssid WLan/Intranet
vlan 1
authentication open
authentication network-eap eap_methods
infrastructure-ssid
!
speed basic-11.0
rts threshold 2312
power local 50
channel 2442
station-role root fallback shutdown
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 194.116.3.228 255.255.255.0
no ip route-cache
!
ip radius source-interface BVI1
logging history debugging
logging 194.116.5.200
radius-server host 194.116.17.200 auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server attribute 32 include-in-access-req format %h
radius-server key 7 xxxxxxxxxxxxxx
radius-server vsa send accounting
bridge 1 route ip
!
line con 0
line vty 5 15
!
ntp clock-period 2814768
ntp server 194.116.5.201
end
Hans
02-18-2003 05:41 PM
support for TACACS+ is for centralized validation of administrators attempting to gain access to your access point ?
Running Cisco IOS Release 12.2(8)JA ?
For leap configure the radius and see if it works
02-25-2003 12:10 AM
I've upgrade the ios to 12.2(4)JA 1 but not better, same result.
I'm not able to find the 12.2(8)JA ios version,
if you could tell me where I can find it, I can test it out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide