Solved: Cisco 1141N - Radius setup not working

dPanchatcharam · ‎12-17-2013

Hello Guys,

We have a Cisco 1141N wireless and we are trying to setup 2 SSID. One is for guest and another one is for internal. Guest uses WPA2 and visible, internal is radius and hidden. Right now users can connect to guest and access internet but I am unable to connect to internal network. When I connect the hidden wifi its not connecting. Need your help guys. I have attached the config of our wireless and below is the config of port connected on 2960.

Switch Config:

interface GigabitEthernet0/26

switchport trunk allowed vlan 1,2

switchport mode trunk

end

I am not sure if there are any issues with the Radius server. Nothing on windows logs.

Any help is appreciated.

Thanks

Rasika Nayanajith · ‎12-17-2013

Hi Dhilip,

Prefer if you could use 1812, & 1813 for RADIUS Auth & Accounting on your AP.

Here how you modified it in your config

aaa group server radius rad_eap

server 192.168.2.3 auth-port 1812 acct-port 1813

server 192.168.2.13 auth-port 1812 acct-port 1813

!

radius-server host 192.168.2.3 auth-port 1812 acct-port 1813 key 7 xxxxxxxxxxxxxxxx

radius-server host 192.168.2.13 auth-port 1812 acct-port 1813 key 7 xxxxxxxxxxxxxxxxxxxx

Makesure you have added this AP onto your RADIUS server with the same pre-shared key configured in the above.

If you still can't connect , do a "debug radius authentication" command on your AP console when a user trying to connect to that SSID. This will tells what happen to radius requests

HTH

Rasika

**** Pls rate all useful responses ****

View solution in original post

Rasika Nayanajith · ‎12-17-2013

Hi Dhilip,

On you radius server are you using UDP ports 1645/1646 for Authentication & Accounting ? If it is 1812/1813 you need to change the AP config accordingly.

here is config example for this & that may help you

http://mrncciew.com/2013/11/14/autonomous-ap-with-external-radius/

This will also helps you

http://mrncciew.com/2013/04/23/configuring-authentication-types-in-aap/

HTH

Rasika

**** Pls rate all useful responses *****

dPanchatcharam · ‎12-17-2013

Thanks for the reply Rasika,

I checked the port numbers and its listed as below. Is that normal to mention both of them there ? Should I remove the 1812 and 1813 or what command should I add in AP ?

Thanks

Rasika Nayanajith · ‎12-17-2013

Hi Dhilip,

Prefer if you could use 1812, & 1813 for RADIUS Auth & Accounting on your AP.

Here how you modified it in your config

aaa group server radius rad_eap

server 192.168.2.3 auth-port 1812 acct-port 1813

server 192.168.2.13 auth-port 1812 acct-port 1813

!

radius-server host 192.168.2.3 auth-port 1812 acct-port 1813 key 7 xxxxxxxxxxxxxxxx

radius-server host 192.168.2.13 auth-port 1812 acct-port 1813 key 7 xxxxxxxxxxxxxxxxxxxx

Makesure you have added this AP onto your RADIUS server with the same pre-shared key configured in the above.

If you still can't connect , do a "debug radius authentication" command on your AP console when a user trying to connect to that SSID. This will tells what happen to radius requests

HTH

Rasika

**** Pls rate all useful responses ****

dPanchatcharam · ‎12-20-2013

Hi Rasika,

Thanks again. Looks like it all did the work but when I connect to the wireless I can see the authentication prompt and not anything on the AP debug session. AP is talking to server but I don't see them in debug command.

When I enter the credentials it errors out. I guess something in Radius server needs to be checked but I am not exactly sure. When I check the server logs it says Negotiation Failed. "No available EAP methods". Have you seen this type of error before ?

I think I have to work on server now to resolve the issue. If you have any comments let me know

Thanks

dPanchatcharam · ‎01-16-2014

Thanks Rasika !

I was able to resolve rest of the issues. Configured Cisco AP and server certificates and radius is working fine

Rasika Nayanajith · ‎01-16-2014

Hi Dhillip,

That's great & glad you get it working

If our responses were useful please rate them accordingly

Regards

Rasika