SSID CONFIG WARNING: [Default]: If radio clients are using EAP-FAST, AUTH OPEN w ith EAP should also be configured. Current configuration : 6491 bytes ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ap ! enable secret 5 $1$8F.r$aqJRsinlG/7HZu/wguwUp0 enable password 7 13401F13060157386E ! ip subnet-zero ip domain name ELAB ip name-server 172.16.50.1 ! ! aaa new-model ! ! aaa group server radius rad_eap server 172.16.50.1 auth-port 1812 acct-port 1813 ! aaa group server radius rad_mac ! aaa group server radius rad_acct ! aaa group server radius rad_admin ! aaa group server tacacs+ tac_admin ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa group server radius rad_eap2 server 172.16.50.1 auth-port 1812 acct-port 1813 ! aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authentication login eap_methods2 group rad_eap2 aaa authentication dot1x default group radius aaa authorization exec default local aaa authorization network default group radius aaa accounting network acct_methods start-stop group rad_acct aaa session-id common dot11 vlan-name Default vlan 1 dot11 vlan-name Earls vlan 10 dot11 vlan-name Guest vlan 61 dot11 vlan-name Joeys vlan 20 dot11 vlan-name Point vlan 40 dot11 vlan-name Saltlik vlan 30 dot11 vlan-name Unauthorized vlan 62 ! dot11 ssid Default vlan 1 authentication network-eap ELAB ! dot11 ssid Wireless vlan 62 authentication open eap eap_methods authentication key-management wpa guest-mode mbssid guest-mode dtim-period 15 ! dot11 ssid VLAN10 vlan 10 authentication open eap eap_methods authentication key-management wpa ! dot11 ssid VLAN20 vlan 20 authentication open eap eap_methods authentication key-management wpa ! dot11 ssid VLAN40 vlan 40 authentication open eap eap_methods authentication key-management wpa ! dot11 ssid VLAN30 vlan 30 authentication open eap eap_methods authentication key-management wpa ! dot11 aaa authentication attributes service login-only ! ! dot1x timeout reauth-period 60 username Cisco password 7 062506324F41 username admin password 7 054E0E0E2C411D1B5C ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 10 mode ciphers tkip ! encryption vlan 1 mode ciphers tkip ! encryption vlan 20 mode ciphers tkip ! encryption vlan 30 mode ciphers tkip ! encryption vlan 40 mode ciphers tkip ! encryption vlan 62 mode ciphers tkip ! ssid Default ! ssid Wireless ! ssid VLAN10 ! ssid VLAN20 ! ssid VLAN30 ! ssid VLAN40 ! speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.10 encapsulation dot1Q 10 no ip route-cache bridge-group 10 bridge-group 10 subscriber-loop-control bridge-group 10 block-unknown-source no bridge-group 10 source-learning no bridge-group 10 unicast-flooding bridge-group 10 spanning-disabled ! interface Dot11Radio0.20 encapsulation dot1Q 20 no ip route-cache bridge-group 20 bridge-group 20 subscriber-loop-control bridge-group 20 block-unknown-source no bridge-group 20 source-learning no bridge-group 20 unicast-flooding bridge-group 20 spanning-disabled ! interface Dot11Radio0.30 encapsulation dot1Q 30 no ip route-cache bridge-group 30 bridge-group 30 subscriber-loop-control bridge-group 30 block-unknown-source no bridge-group 30 source-learning no bridge-group 30 unicast-flooding bridge-group 30 spanning-disabled ! interface Dot11Radio0.40 encapsulation dot1Q 40 no ip route-cache bridge-group 40 bridge-group 40 subscriber-loop-control bridge-group 40 block-unknown-source no bridge-group 40 source-learning no bridge-group 40 unicast-flooding bridge-group 40 spanning-disabled ! interface Dot11Radio0.61 encapsulation dot1Q 61 no ip route-cache bridge-group 61 bridge-group 61 subscriber-loop-control bridge-group 61 block-unknown-source no bridge-group 61 source-learning no bridge-group 61 unicast-flooding bridge-group 61 spanning-disabled ! interface Dot11Radio0.62 encapsulation dot1Q 62 no ip route-cache bridge-group 62 bridge-group 62 subscriber-loop-control bridge-group 62 block-unknown-source no bridge-group 62 source-learning no bridge-group 62 unicast-flooding bridge-group 62 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto ! interface FastEthernet0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.10 encapsulation dot1Q 10 no ip route-cache bridge-group 10 no bridge-group 10 source-learning bridge-group 10 spanning-disabled ! interface FastEthernet0.20 encapsulation dot1Q 20 no ip route-cache bridge-group 20 no bridge-group 20 source-learning bridge-group 20 spanning-disabled ! interface FastEthernet0.30 encapsulation dot1Q 30 no ip route-cache bridge-group 30 no bridge-group 30 source-learning bridge-group 30 spanning-disabled ! interface FastEthernet0.40 encapsulation dot1Q 40 no ip route-cache bridge-group 40 no bridge-group 40 source-learning bridge-group 40 spanning-disabled ! interface FastEthernet0.61 encapsulation dot1Q 61 no ip route-cache bridge-group 61 no bridge-group 61 source-learning bridge-group 61 spanning-disabled ! interface FastEthernet0.62 encapsulation dot1Q 62 no ip route-cache bridge-group 62 no bridge-group 62 source-learning bridge-group 62 spanning-disabled ! interface BVI1 ip address 172.16.1.2 255.255.255.0 no ip route-cache ! ip default-gateway 172.16.1.1 ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 ! radius-server attribute 32 include-in-access-req format %h radius-server host 172.16.50.1 auth-port 1812 acct-port 1813 key 7 13544541 radius-server retransmit 10 radius-server timeout 4 radius-server deadtime 2 radius-server vsa send accounting radius-server vsa send authentication ! control-plane ! bridge 1 route ip ! ! wlccp wds aaa authentication attributes service login-only ! line con 0 password 7 041E0307022C1F5C4C line vty 0 4 password 7 074A294D43044A1752 line vty 5 ! end