12-17-2013 11:58 AM - edited 07-04-2021 01:26 AM
Hello Guys,
We have a Cisco 1141N wireless and we are trying to setup 2 SSID. One is for guest and another one is for internal. Guest uses WPA2 and visible, internal is radius and hidden. Right now users can connect to guest and access internet but I am unable to connect to internal network. When I connect the hidden wifi its not connecting. Need your help guys. I have attached the config of our wireless and below is the config of port connected on 2960.
Switch Config:
interface GigabitEthernet0/26
switchport trunk allowed vlan 1,2
switchport mode trunk
end
I am not sure if there are any issues with the Radius server. Nothing on windows logs.
Any help is appreciated.
Thanks
Solved! Go to Solution.
12-17-2013 04:26 PM
Hi Dhilip,
Prefer if you could use 1812, & 1813 for RADIUS Auth & Accounting on your AP.
Here how you modified it in your config
aaa group server radius rad_eap
server 192.168.2.3 auth-port 1812 acct-port 1813
server 192.168.2.13 auth-port 1812 acct-port 1813
!
radius-server host 192.168.2.3 auth-port 1812 acct-port 1813 key 7 xxxxxxxxxxxxxxxx
radius-server host 192.168.2.13 auth-port 1812 acct-port 1813 key 7 xxxxxxxxxxxxxxxxxxxx
Makesure you have added this AP onto your RADIUS server with the same pre-shared key configured in the above.
If you still can't connect , do a "debug radius authentication" command on your AP console when a user trying to connect to that SSID. This will tells what happen to radius requests
HTH
Rasika
**** Pls rate all useful responses ****
12-17-2013 01:23 PM
Hi Dhilip,
On you radius server are you using UDP ports 1645/1646 for Authentication & Accounting ? If it is 1812/1813 you need to change the AP config accordingly.
here is config example for this & that may help you
http://mrncciew.com/2013/11/14/autonomous-ap-with-external-radius/
This will also helps you
http://mrncciew.com/2013/04/23/configuring-authentication-types-in-aap/
HTH
Rasika
**** Pls rate all useful responses *****
12-17-2013 01:43 PM
Thanks for the reply Rasika,
I checked the port numbers and its listed as below. Is that normal to mention both of them there ? Should I remove the 1812 and 1813 or what command should I add in AP ?
Thanks
12-17-2013 04:26 PM
Hi Dhilip,
Prefer if you could use 1812, & 1813 for RADIUS Auth & Accounting on your AP.
Here how you modified it in your config
aaa group server radius rad_eap
server 192.168.2.3 auth-port 1812 acct-port 1813
server 192.168.2.13 auth-port 1812 acct-port 1813
!
radius-server host 192.168.2.3 auth-port 1812 acct-port 1813 key 7 xxxxxxxxxxxxxxxx
radius-server host 192.168.2.13 auth-port 1812 acct-port 1813 key 7 xxxxxxxxxxxxxxxxxxxx
Makesure you have added this AP onto your RADIUS server with the same pre-shared key configured in the above.
If you still can't connect , do a "debug radius authentication" command on your AP console when a user trying to connect to that SSID. This will tells what happen to radius requests
HTH
Rasika
**** Pls rate all useful responses ****
12-20-2013 08:15 AM
Hi Rasika,
Thanks again. Looks like it all did the work but when I connect to the wireless I can see the authentication prompt and not anything on the AP debug session. AP is talking to server but I don't see them in debug command.
When I enter the credentials it errors out. I guess something in Radius server needs to be checked but I am not exactly sure. When I check the server logs it says Negotiation Failed. "No available EAP methods". Have you seen this type of error before ?
I think I have to work on server now to resolve the issue. If you have any comments let me know
Thanks
01-16-2014 02:04 PM
Thanks Rasika !
I was able to resolve rest of the issues. Configured Cisco AP and server certificates and radius is working fine
01-16-2014 02:06 PM
Hi Dhillip,
That's great & glad you get it working
If our responses were useful please rate them accordingly
Regards
Rasika
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: