Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Aironet 1600 / RADIUS

Hello,

I'm trying to setup a Aironet 1600 appliance to provide Wireless Networks to my customers.

I want to :

     - authenticate the mac-address of the clients

     then, once authenticated

     - authenticate Users with Active Directory login/passwords of these customers

I was successfull on mac-authentication only using RADIUS.

When I added EAP on aaa authentication on the SSID, the RADIUS lofgs shows me that AIRONET is trying to authenticate all the time : first with mac-address (RADIUS answer OK) and then with my windows login (Active Directory). At this time, RADIUS server anwsers KO because the login is not in the mac-address table.

How can I tell Aironet to do "authenticate" section once mac-address authorize process is OK ?

Here is an extract of my Airtonet conf :

aaa new-model

!

!

aaa group server radius rad_eap

server name SRV-RADIUS-R01-LDAP

subscriber mac-filtering security-mode mac

mac-delimiter hyphen

!

aaa group server radius rad_mac

server name SRV-RADIUS-R01

mac-delimiter hyphen

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authentication login mac_auth group rad_mac

aaa authentication ppp default group radius

aaa authentication dot1x default group net_auth

aaa authorization exec default local

aaa authorization network default group radius

aaa authorization network net_auth group rad_eap

aaa accounting network acct_methods start-stop group rad_acct

....

dot11 ssid Invite

   vlan 986

   authentication open mac-address mac_auth eap net_auth

   authentication network-eap net_auth mac-address mac_auth

   authentication key-management wpa

   guest-mode

!

!

dot11 aaa csid ietf

eap profile Profile

method peap

!

....

interface Dot11Radio0

no ip address

!

encryption mode ciphers aes-ccm tkip

!

encryption vlan 986 mode ciphers aes-ccm tkip

!

ssid Admin

!

ssid Invite

!

....

radius server SRV-RADIUS-R01

address ipv4 10.107.85.13 auth-port 1821 acct-port 1822

key 7 046C02005E15495D232B20

!

radius server SRV-RADIUS-R01-LDAP

address ipv4 10.107.85.13 auth-port 1823 acct-port 1824

key 7 046C02005E15495D232B20

!

Thank.

689
Views
0
Helpful
0
Replies
CreatePlease to create content