Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco 871W as Radius Local Authenticator

We are tring to configure an Cisco 871w as an access point and also as an local authenticator.The NAS would be the same server. The sample config is as below

aaa group server radius rad_eap

server 10.10.200.1 auth-port 1645 acct-port 1646

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization ipmobile default group rad_pmip

aaa accounting network acct_methods start-stop group rad_acct

aaa session-id common

!

ip dhcp excluded-address 10.10.200.1

ip dhcp excluded-address 10.10.200.31 10.10.200.254

!

ip dhcp pool <pool_name>

import all

network 10.10.200.0 255.255.255.0

dns-server 141.x.x.6 141.198.136.12

default-router 10.10.200.1

lease 0 2

!

interface Dot11Radio0

ip address 10.10.200.1 255.255.255.0

!

ssid <SSID Name>

authentication network-eap eap_methods

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

ip classless

!

ip http server

ip http secure-server

!

radius-server local

nas 10.10.200.1 key 0 <key>

user test nthash xxx

!

radius-server attribute 32 include-in-access-req format %h

radius-server host 10.10.200.1 auth-port 1645 acct-port 1646 key <key>

radius-server vsa send accounting

By the above config, we are trying to make the clients to authenticate with username created in the RADIUS which is this router and get an ip address through DHCP pool configured for the same. Will the above config does the same. Kindly let me know.

Thanking You

Regards

Anantha Subramanian Natarajan

2 REPLIES
Gold

Re: Cisco 871W as Radius Local Authenticator

The config should work for LEAP, but you still need to specify an encryption type (encryption mode wep mandatory).

Community Member

Re: Cisco 871W as Radius Local Authenticator

Hi,

Thanks .

Worked with cipher mode tkip and used WPA for key management.

Once again,Thanks for the repsonse

Regards

Anantha Subramanian Natarajan

442
Views
5
Helpful
2
Replies
CreatePlease to create content