Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Local Authentication Using AP as a Radius Server

I am having a little trouble understanding how to configure AP's as a local radius server. Here is what I would like to do -

I have twelve AP's in a large residence

Of the twelve, I would like for two of them to act as a radius server to authenticate clients using there MAC addys as the user/pass.

There are two VLANS that will need to have independent client "pools" on, and clients need to stay on there assigned VLANS.

On one VLAN clients are wireless touchpanels for automation, and can not use anything besides a SSID in there configuration.

I understand that this is not the most recommended configuration, but this is a residence and the user/pass database will not change much over time, and there is really not much traffic in its current or future use.

I would also like this setup so that users will not have to enter anything to authenticate if possible.

Attached is my current config from one of the "authenticating" AP's (Server_AP.txt)

Attached is a config from one that will use the two as the RADIUS Server (Client_AP.txt)

Can someone please point out what I am missing or have incorrect here to accomplish this goal.



Re: Local Authentication Using AP as a Radius Server

This document provides a sample configuration for LEAP authentication of wireless users against the Local RADIUS Server database on an IOS based access point running IOS version 12.2(11)JA or later.

New Member

Re: Local Authentication Using AP as a Radius Server

I have read the documents and I guess I still do not understand. I notice one of them is requiring that a WEP key is involved, but I would like to not have use a WEP key. The other look like what I want, but I cant seem to get it to work as the AP still authenticates anything. Maybe Im looking for the wrong thing, but what I would really like is a MAC type of filter that I can have on two AP's and have the others authenticate from those two.

CreatePlease login to create content