Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to enable EAP-FAST & LEAP (with & without CCKM) with WDS and local authenticator

I have a configuration AP & WDS (with AP):

#show version

Cisco IOS Software, C1140 Software (C1140-K9W7-M), Version 12.4(25d)JA1, RELEASE SOFTWARE (fc1)

...

ROM: Bootstrap program is C1140 boot loader

BOOTLDR: C1140 Boot Loader (C1140-BOOT-M) Version 12.4(23c)JA3, RELEASE SOFTWARE (fc1)

...

cisco AIR-AP1142N-R-K9     (PowerPC405ex) processor (revision A0) with 98294K/32768K bytes of memory.

...

PowerPC405ex CPU at 586Mhz, revision number 0x147E

Last reset from power-on

1 Gigabit Ethernet interface

2 802.11 Radio(s)

...

Product/Model Number                 : AIR-AP1142N-R-K9

...

################## WDS (with AP) ########################

!

aaa new-model

!

!

aaa group server radius SRV-AP

server 192.168.255.254 auth-port 1812 acct-port 1813

!

aaa group server radius SRV-CLIENT

server 10.0.0.50 auth-port 1645 acct-port 1646

!

aaa authentication login default local

aaa authentication login AAA-CLIENT-CCKM group SRV-AP

aaa authentication login AAA-AP group SRV-AP

aaa authentication login AAA-CLIENT group SRV-CLIENT

aaa authorization exec default local

!

dot11 ssid CCKM-ROAMING

   vlan 101

   authentication open eap AAA-CLIENT-CCKM

   authentication network-eap AAA-CLIENT-CCKM

   authentication key-management cckm

   mbssid guest-mode

!

dot11 ssid WPA-ENTERPRISE

   vlan 102

   authentication open eap AAA-CLIENT

   authentication key-management wpa

   mbssid guest-mode

!

dot11 ssid WPA-PSK

   vlan 103

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7 0103140D551F031D32

!

dot11 ssid WPA-ROAMING

   vlan 104

   authentication open eap AAA-CLIENT-CCKM

   authentication key-management wpa

   mbssid guest-mode

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 101 mode ciphers tkip

!

encryption vlan 102 mode ciphers aes-ccm tkip

!

encryption vlan 103 mode ciphers aes-ccm tkip

!

encryption vlan 104 mode ciphers aes-ccm tkip

!

ssid CCKM-ROAMING

!

ssid WPA-ENTERPRISE

!

ssid WPA-PSK

!

ssid WPA-ROAMING

!

antenna gain 0

mbssid

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.101

encapsulation dot1Q 101

no ip route-cache

bridge-group 101

bridge-group 101 subscriber-loop-control

bridge-group 101 block-unknown-source

no bridge-group 101 source-learning

no bridge-group 101 unicast-flooding

bridge-group 101 spanning-disabled

!

interface Dot11Radio0.102

encapsulation dot1Q 102

no ip route-cache

bridge-group 101

bridge-group 101 subscriber-loop-control

bridge-group 101 block-unknown-source

no bridge-group 101 source-learning

no bridge-group 101 unicast-flooding

bridge-group 101 spanning-disabled

!

interface Dot11Radio0.103

encapsulation dot1Q 103

no ip route-cache

bridge-group 101

bridge-group 101 subscriber-loop-control

bridge-group 101 block-unknown-source

no bridge-group 101 source-learning

no bridge-group 101 unicast-flooding

bridge-group 101 spanning-disabled

!

interface Dot11Radio0.104

encapsulation dot1Q 104

no ip route-cache

bridge-group 101

bridge-group 101 subscriber-loop-control

bridge-group 101 block-unknown-source

no bridge-group 101 source-learning

no bridge-group 101 unicast-flooding

bridge-group 101 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

!

interface GigabitEthernet0.33

encapsulation dot1Q 33

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0.101

encapsulation dot1Q 101

no ip route-cache

bridge-group 101

no bridge-group 101 source-learning

bridge-group 101 spanning-disabled

!

interface GigabitEthernet0.4094

encapsulation dot1Q 4094 native

no ip route-cache

bridge-group 255

no bridge-group 255 source-learning

bridge-group 255 spanning-disabled

!

interface BVI1

ip address 172.20.254.33 255.255.255.240

no ip route-cache

!

ip default-gateway 172.20.254.46

ip radius source-interface BVI1

!

radius-server attribute 32 include-in-access-req format %h

radius-server host 192.168.255.254 auth-port 1812 acct-port 1813 key 7 120B04131B1E1F

radius-server host 10.0.0.50 auth-port 1645 acct-port 1646 key 7 06140E25455B1A

radius-server vsa send accounting

bridge 1 route ip

!

!

wlccp authentication-server infrastructure AAA-AP

wlccp authentication-server client any AAA-CLIENT

  ssid CCKM-ROAMING

  ssid WPA-ENTERPRISE

wlccp wds priority 254 interface BVI1

!

############################# AP ##################################

!

aaa new-model

!

aaa group server radius SRV-AP

server 192.168.255.254 auth-port 1812 acct-port 1813

!

aaa group server radius SRV-CLIENT

server 10.0.0.50 auth-port 1645 acct-port 1646

!

aaa authentication login default local

aaa authentication login AAA-CLIENT-CCKM group SRV-AP

aaa authentication login AAA-AP group SRV-AP

aaa authentication login AAA-CLIENT group SRV-CLIENT

aaa authorization exec default local

!

dot11 ssid CCKM-ROAMING

   vlan 101

   authentication open eap AAA-CLIENT-CCKM

   authentication network-eap AAA-CLIENT-CCKM

   authentication key-management cckm

   mbssid guest-mode

!

dot11 ssid WPA-ENTERPRISE

   vlan 102

   authentication open eap AAA-CLIENT

   authentication key-management wpa

   mbssid guest-mode

!

dot11 ssid WPA-PSK

   vlan 103

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7 0103140D551F031D32

!

dot11 ssid WPA-ROAMING

   vlan 104

   authentication open eap AAA-CLIENT-CCKM

   authentication key-management wpa

   mbssid guest-mode

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 101 mode ciphers tkip

!

encryption vlan 102 mode ciphers aes-ccm tkip

!

encryption vlan 103 mode ciphers aes-ccm tkip

!

encryption vlan 104 mode ciphers aes-ccm tkip

!

ssid CCKM-ROAMING

!

ssid WPA-ENTERPRISE

!

ssid WPA-PSK

!

ssid WPA-ROAMING

!

antenna gain 0

mbssid

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.101

encapsulation dot1Q 101

no ip route-cache

bridge-group 101

bridge-group 101 subscriber-loop-control

bridge-group 101 block-unknown-source

no bridge-group 101 source-learning

no bridge-group 101 unicast-flooding

bridge-group 101 spanning-disabled

!

interface Dot11Radio0.102

encapsulation dot1Q 102

no ip route-cache

bridge-group 101

bridge-group 101 subscriber-loop-control

bridge-group 101 block-unknown-source

no bridge-group 101 source-learning

no bridge-group 101 unicast-flooding

bridge-group 101 spanning-disabled

!

interface Dot11Radio0.103

encapsulation dot1Q 103

no ip route-cache

bridge-group 101

bridge-group 101 subscriber-loop-control

bridge-group 101 block-unknown-source

no bridge-group 101 source-learning

no bridge-group 101 unicast-flooding

bridge-group 101 spanning-disabled

!

interface Dot11Radio0.104

encapsulation dot1Q 104

no ip route-cache

bridge-group 101

bridge-group 101 subscriber-loop-control

bridge-group 101 block-unknown-source

no bridge-group 101 source-learning

no bridge-group 101 unicast-flooding

bridge-group 101 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

!

interface GigabitEthernet0.33

encapsulation dot1Q 33

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0.101

encapsulation dot1Q 101

no ip route-cache

bridge-group 101

no bridge-group 101 source-learning

bridge-group 101 spanning-disabled

!

interface GigabitEthernet0.4094

encapsulation dot1Q 4094 native

no ip route-cache

bridge-group 255

no bridge-group 255 source-learning

bridge-group 255 spanning-disabled

!

interface BVI1

ip address 172.20.254.34 255.255.255.240

no ip route-cache

!

ip default-gateway 172.20.254.46

ip radius source-interface BVI1

!

radius-server attribute 32 include-in-access-req format %h

radius-server host 192.168.255.254 auth-port 1812 acct-port 1813 key 7 04490A0206345F

radius-server host 10.0.0.50 auth-port 1645 acct-port 1646 key 7 001612020D4E18

radius-server vsa send accounting

bridge 1 route ip

!

!

wlccp ap username ap password 7 050A16

wlccp ap wds ip address 172.20.254.33

!

######################## 192.168.255.254 - Cisco local authenticator ##########################

!

radius-server local

eapfast server-key primary 7 B262265DFAF35849CA6EE02C844AE00DDA

nas 172.20.254.33 key 7 111B18011E0718

nas 172.20.254.34 key 7 03165A0F0F1A32

  !

user ap nthash 7 1545295A5D7F0E720D1562764522322625007B7C707756513A3401080703717705

!

########################## 10.0.0.50 - Microsoft NAS #####################################

<standart configutration>

When I try to connect to WPA-ENTERPRISE or WPA-PSK - connected, but when I try to connect ot CCKM-ROAMING or WPA-ROAMING using EAP-FAST or LEAP (with or without CCKM) - connection failed.

Notice:

In the current configuration, if client use LEAP (without CCKM) and AP work without WDS - WPA-ROAMING is worked correctly. But

if client use LEAP (without CCKM) and AP work with WDS - WPA-ROAMING is not working.

10 REPLIES

How to enable EAP-FAST & LEAP (with & without CCKM) with WDS and

when your client connects to CCKM-ROAMING, what credentials are being used?

Per your config, CCKM-ROAMING and WPA-ROAMING use login method AAA-CLIENT-CCKM, which points at server group SRV-AP

While WPA-Enterprise points to login method AAA-CLIENT, which points at server gropu SRV-CLIENT

From what I can see of the local radius server config, when the client connects to CCKM-ROAMING or WPA-ROAMING they would have to use username ap and password ap.

Now, if you change the methods to point to SRV-CLIENT instead of the AP method, they should be able to use what ever username/password that 10.0.0.50 allows.

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

How to enable EAP-FAST & LEAP (with & without CCKM) with WDS and

Yes. When client connect to CCKM-ROAMING or WPA-ROAMING they use username/password ap/*** (from 192.168.255.254 radius server, this for test only reasons), because clients use EAP-FAST or LEAP. They don't use Microsoft RADIUS (10.0.0.50), because it not support this protocols. And AP Infrastructure authentication use same username/password: ap/***.

..but don't work((

How to enable EAP-FAST & LEAP (with & without CCKM) with WDS and

what client is being used?  can you post screen shots of the CCKM-ROAMING config?

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: How to enable EAP-FAST & LEAP (with & without CCKM) with WDS

CCKM-ROAMING used by Motorola MC9190.

Wi-Fi configuration:

1. Profile Name: CCKM-ROAMING

ESSID: CCKM-ROAMING

2. Operating Mode: Infrastructure

Country: Allow Any Country

3. Security Mode: WPA - Enterprise

Authentication Type: EAP-FAST

4. CCX Options: CCKM Enabled

5. Tunnel Authentication Type: MS CHAP v2

Provide User Certificate: Disabled

6. Installed Server Certificates:

Validate Server Certificate: Disabled

7. Enter User Name: ap

Enter Domain:

8. Enter Password: ***

Advanced ID: Disabled

9. Prompt for Login: At Connect - Enabled, On Resume - Disabled, At Time - Disabled.

10. Encryption Type: TKIP

11. IPv4 Address Type: Enabled all "Obtain" features (IP, DNS, WINS)

12. Transmit Power: Automatic

13. Battery Usage Mode: Fast Power Save.

Debug:

AP1#

Mar 12 18:23:07: %DOT11-7-AUTH_FAILED: Station 0023.68xx.xxx Authentication failed

AP1#

Mar 12 18:23:14: %DOT11-7-AUTH_FAILED: Station 0023.68xx.xxxx Authentication failed

AP1#

How to enable EAP-FAST & LEAP (with & without CCKM) with WDS and

on the AP 192.168.255.254 can you run:

debug radius local-server client

debug radius local-server error

debug radius local-server eapfast events

capture the output and attach so we can see what the AP thinks is going on.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: How to enable EAP-FAST & LEAP (with & without CCKM) with WDS

192.168.255.254 - is a router Cisco 2851 and "debug radius local-server ..." is not present in CLI ("debug radius ..." only, but any messages is not displayed)

Cisco2851#show radius local-server statistics

Successes              : 0           Unknown usernames      : 0

Client blocks          : 0           Invalid passwords      : 0

Unknown NAS            : 0           Invalid packet from NAS: 0

NAS : 172.20.254.33

Successes              : 0           Unknown usernames      : 0

Client blocks          : 0           Invalid passwords      : 0

Corrupted packet       : 0           Unknown RADIUS message : 0

No username attribute  : 0           Missing auth attribute : 0

Shared key mismatch    : 0           Invalid state attribute: 0

Unknown EAP message    : 0           Unknown EAP auth type  : 0

Auto provision success : 0           Auto provision failure : 0

PAC refresh            : 0           Invalid PAC received   : 0

NAS : 172.20.254.34

Successes              : 0           Unknown usernames      : 0

Client blocks          : 0           Invalid passwords      : 0

Corrupted packet       : 0           Unknown RADIUS message : 0

No username attribute  : 0           Missing auth attribute : 0

Shared key mismatch    : 0           Invalid state attribute: 0

Unknown EAP message    : 0           Unknown EAP auth type  : 0

Auto provision success : 0           Auto provision failure : 0

PAC refresh            : 0           Invalid PAC received   : 0

Maximum number of configurable users: 50, current user count: 1

Username                  Successes  Failures  Blocks

ap                                0         0       0

Even there is no attempt of authentication

Configure the local authenticator on WDS and AP to authenticate clients on WDS server, but so anything and did not change - there is no attempt of authentication. Debug "debug radius local-server ..." is empty.

New Member

How to enable EAP-FAST & LEAP (with & without CCKM) with WDS and

Anybody never set up EAP-FAST or LEAP?!

Bronze

Re: How to enable EAP-FAST & LEAP (with & without CCKM) with WDS

Post the following outputs from the WDS master.  Do you see both the WDS and secondary AP "Registered"?

#show wlccp wds ap

You can focus on your LEAP authentication between AP's and get that squared away before resolving the "client" authentication.

Here's a step-by-step I have put together to get the WDS and subordinant AP paired together using LEAP from the WDS master local RADIUS.

WDS Master

Turn on AAA feature set

1. aaa new-model

Create "Infrastructure" server group (We will point this to ourselves for local authentication)

2. aaa group server radius Infrastructure

a. server auth-port 1812 acct-port 1813

Create "Client" server group for authenticating clients (Pointing to Microsoft NPS server in this case)

3. aaa group server radius Client

a. server auth-port 1812 acct-port 1813

Set AAA login methods to user groups created above

4. aaa authentication login method_Infrastructure group Infrastructure (using Infrastructur server group)

5. aaa authentication login method_Client group Client (using Client srever group)

Set SSID EAP authenticaiton

6. dot11 ssid

a. authentication open eap method_Client (method defined above)

b. authentication network-eap method_Client

c. authentication key-management wpa

d. guest-mode (if wanting to broadcast, good for testing)

Define WDS Master as local authenticator for infrastructure AP authentication

7. radius-server local

Remove unused authentication types as infrastructure will be using LEAP

a. no authentication eapfast

b. no authentication mac

Define WDS Infrastructure APs and specify their shared key, including local AP

c. nas key 0

d. nas key 0

Create username/password for LEAP WDS between APs

user password

Define AAA server hosts (in this case we need to define ourselves as the local authenticator and the NPS server for client authentication)

8. radius-server host auth-port 1812 acct-port 1813 key 0

9. radius-server host auth-port 1812 acct-port 1813 key 0

Format for both server hosts

a. radius-server attribute 32 include-in-access-req format %h

Turn on WDS functionality at Master

10. wlccp wds priority 254 interface BVI1

Add wlccp config, create user/pass from radius-server above, then define authentication server for infrastructure and client

11. wlccp ap username password

12. wlccp authentication-server infrastructure method_Infrastructure

13. wlccp authentication-server client eap method_Client

Specify SSID to apply authentication to clients on

a. ssid

WDS Subordinant

Turn on AAA feature set

1. aaa new-model

2. Create Identical SSID config as at the Master

Add RADIUS host of the AP WDS Master for infrastructure and client authentication

3. radius-server host auth-port 1812 acct-port 1813 key 0

4. radius-server attribute 32 include-in-access-req format %h

Add WDS functionality and point to master WDS AP

5. wlccp ap username password

Master AP should now show itself and infrastructure AP "REGISTERED"

#show wlccp wds ap

New Member

Re: How to enable EAP-FAST & LEAP (with & without CCKM) with WDS

Thanks! I already reconfigure Wi-Fi network. Now local authenicatior is a WDS-with-AP (not Cisco2851).

Test results:

1. All work (all SSID with: CCKM, WPA, LEAP), exclude EAP-FAST.

Debug from WDS-with-AP local RADIUS, when clients attempt to connect with EAP-FAST:

Mar 15 10:21:15: RADSRV: EAP NAK received - starting EAP-FAST

Mar 15 10:21:15: RADSRV EAP-FAST: Add teap client 0023.68xx.xxxx

Mar 15 10:21:15: RADSRV EAP-FAST:  Sending TEAP start

WDS#

Mar 15 10:21:22: RADSRV: EAP NAK received - starting EAP-FAST

Mar 15 10:21:22: RADSRV EAP-FAST: Add teap client 0023.68xx.xxxx

Mar 15 10:21:22: RADSRV EAP-FAST:  Sending TEAP start

WDS#

New configuration:

#################### WDS (with AP) ###############################

...

aaa group server radius SRV-LOCAL-AUTH

server 172.20.254.33 auth-port 1812 acct-port 1813

server 192.168.255.254 auth-port 1812 acct-port 1813

!

aaa group server radius SRV-REMOTE-AUTH

server 10.0.0.50 auth-port 1645 acct-port 1646

!

aaa authentication login default local

aaa authentication login AAA-CLIENT-CCKM group SRV-LOCAL-AUTH

aaa authentication login AAA-AP group SRV-LOCAL-AUTH

aaa authentication login AAA-CLIENT group SRV-REMOTE-AUTH

aaa authorization exec default local

!

...

dot11 ssid UEG-CCKM-ROAMING

   vlan 101

   authentication open eap AAA-CLIENT-CCKM

   authentication network-eap AAA-CLIENT-CCKM

   authentication key-management cckm

   mbssid guest-mode

!

dot11 ssid UEG-WPA-ENTERPRISE

   vlan 102

   authentication open eap AAA-CLIENT

   authentication key-management wpa

   mbssid guest-mode

!

dot11 ssid UEG-WPA-PSK

   vlan 103

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7 0103140D551F031D32

!

dot11 ssid UEG-WPA-ROAMING

   vlan 104

   authentication open eap AAA-CLIENT-CCKM

   authentication key-management wpa

   mbssid guest-mode

!

...

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 101 mode ciphers tkip

!

encryption vlan 102 mode ciphers aes-ccm tkip

!

encryption vlan 103 mode ciphers aes-ccm tkip

!

encryption vlan 104 mode ciphers aes-ccm tkip

!

ssid UEG-CCKM-ROAMING

!

ssid UEG-WPA-ENTERPRISE

!

ssid UEG-WPA-PSK

!

ssid UEG-WPA-ROAMING

!

...

interface BVI1

ip address 172.20.254.33 255.255.255.240

no ip route-cache

!

...

radius-server local

  nas 172.20.254.33 key 7 1405130F051139

  nas 172.20.254.34 key 7 120B04131B1E1F

  user cisco nthash 7 15472854547A0D757B126601365F402625040C0C03702A573D410A0B06760B7406

  user ap nthash 7 0758031A175C3C5332345C58520F0F010C65170630244E512374010803042D2149

!

radius-server attribute 32 include-in-access-req format %h

radius-server host 192.168.255.254 auth-port 1812 acct-port 1813 key 7 120B04131B1E1F

radius-server host 10.0.0.50 auth-port 1645 acct-port 1646 key 7 06140E25455B1A

radius-server host 172.20.254.33 auth-port 1812 acct-port 1813 key 7 105C081D0C0201

radius-server vsa send accounting

bridge 1 route ip

!

!

wlccp authentication-server infrastructure AAA-AP

wlccp authentication-server client any AAA-CLIENT

  ssid UEG-WPA-ENTERPRISE

wlccp authentication-server client any AAA-CLIENT-CCKM

  ssid UEG-WPA-ROAMING

  ssid UEG-CCKM-ROAMING

wlccp wds priority 254 interface BVI1

!

...

########################## AP ###############################

...

aaa group server radius SRV-LOCAL-AUTH

server 172.20.254.33 auth-port 1812 acct-port 1813

server 192.168.255.254 auth-port 1812 acct-port 1813

!

aaa group server radius SRV-REMOTE-AUTH

server 10.0.0.50 auth-port 1645 acct-port 1646

!

aaa authentication login default local

aaa authentication login AAA-CLIENT-CCKM group SRV-LOCAL-AUTH

aaa authentication login AAA-AP group SRV-LOCAL-AUTH

aaa authentication login AAA-CLIENT group SRV-REMOTE-AUTH

aaa authorization exec default local

!

...

dot11 ssid UEG-CCKM-ROAMING

   vlan 101

   authentication open eap AAA-CLIENT-CCKM

   authentication network-eap AAA-CLIENT-CCKM

   authentication key-management cckm

   mbssid guest-mode

!

dot11 ssid UEG-WPA-ENTERPRISE

   vlan 102

   authentication open eap AAA-CLIENT

   authentication key-management wpa

   mbssid guest-mode

!

dot11 ssid UEG-WPA-PSK

   vlan 103

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7 0103140D551F031D32

!

dot11 ssid UEG-WPA-ROAMING

   vlan 104

   authentication open eap AAA-CLIENT-CCKM

   authentication key-management wpa

   mbssid guest-mode

!

...

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 101 mode ciphers tkip

!

encryption vlan 102 mode ciphers aes-ccm tkip

!

encryption vlan 103 mode ciphers aes-ccm tkip

!

encryption vlan 104 mode ciphers aes-ccm tkip

!

ssid UEG-CCKM-ROAMING

!

ssid UEG-WPA-ENTERPRISE

!

ssid UEG-WPA-PSK

!

ssid UEG-WPA-ROAMING

!

...

interface BVI1

ip address 172.20.254.34 255.255.255.240

no ip route-cache

!

...

radius-server attribute 32 include-in-access-req format %h

radius-server host 192.168.255.254 auth-port 1812 acct-port 1813 key 7 04490A0206345F

radius-server host 10.0.0.50 auth-port 1645 acct-port 1646 key 7 001612020D4E18

radius-server host 172.20.254.33 auth-port 1812 acct-port 1813 key 7 06140E25455B1A

radius-server vsa send accounting

bridge 1 route ip

!

!

wlccp ap username ap password 7 050A16

wlccp ap wds ip address 172.20.254.33

!

...

As a result of 2 questions:

1. Why Cisco2851 is not work correct with LEAP/EAP-FAST?!

2. Why EAP-FAST doesn't work at this config?

New Member

Re: How to enable EAP-FAST & LEAP (with & without CCKM) with WDS

How to enable EAP-FAST?!

1873
Views
0
Helpful
10
Replies