Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

DHCP and Radius

Hi,

We are trying to migrate a secure wlan that uses certificates on client laptops.

The ultimate goal is point the secure wlan to a new DHCP server which also has a new Enterprise certificate. Currently, the old server provides the Enterprise certificate and the DHCP scope for the sercure wlan. When we attempted to migrate the secure wlan previously the 5508 could not perform 802.1X communcations with the new server since it didn't have the certificate.

Question: for the secure wlan can we point it at the new server for DHCP and point it at the old server for the Enterprise certificate until such time we can get the certificate on the new server?

The secure wlan does use Radius pointing to the new server.

Thanks.

Everyone's tags (4)
2 REPLIES
New Member

DHCP and Radius

http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_dhcp/configuration/xe-3s/DHCP_Server_RADIUS_Proxy.html#GUID-4C505B07-76D0-43D2-8FF9-2A71FB2685FC

Configuring the DHCP Server for RADIUS-based Authorization

Perform this task on the DHCP server to configure address allocation for RADIUS-based authorization of DHCP leases.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    service dhcp

4.    aaa new-model

5.    aaa group server radius group-name

6.    server ip-address [auth-port port-number] [acct-port port-number]

7.    exit

8.    aaa authorization network method-list-name group group-name

9.    aaa accounting network method-list-name start-stop group group-name

10.    ip dhcp pool name

11.    accounting method-list-name

12.    authorization method method-list-name

13.    authorization shared-password password

14.    authorization username string

15.    exit

16.    interface type slot / subslot / port [. subinterface]

17.    encapsulation dot1q vlan-id second-dot1q {any | vlan-id[, vlan-id[- vlan-id]]}

18.    ip address address mask

19.    no shutdown

20.    radius-server host ip-address [auth-port port-number] [acct-port port-number]

21.    radius-server key {0 string | 7 string | string}

22.    exit

249
Views
0
Helpful
2
Replies
CreatePlease login to create content