06-16-2014 07:13 AM - edited 07-05-2021 01:01 AM
Hello. I have three 1200 series access points running in autonomous mode that need to allow handheld computers to connect. The handhelds need to authenticate using EAP. The AP's are properly listed and configured in the ACS and the handhelds are properly set up as well, but when I do "show dot11 association" it shows them authenticated with aaa instead of eap. As I said, these are autonomous, so there is no WLC. The vlan being used for the AP's is properly trunked all the way back to where the traffic needs to go. Here is a configuration example:
interface Dot11Radio0
no ip address
no shut
no ip route-cache
!
encryption mode wep mandatory
!
ssid portableclient
!
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
channel 2412
station-role root
rts threshold 2312
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
aaa new-model
!
!
aaa group server radius rad_eap
server x.x.x.x auth-port 1645 acct-port 1646
server x.x.x.x auth-port 1645 acct-port 1646
server x.x.x.x auth-port 1645 acct-port 1646
!
aaa group server radius rad_m
!
aaa group server radius rad_a
!
aaa group server radius rad_ad
!
aaa group server tacacs+ tac_ad
!
aaa group server radius rad_p
!
aaa group server radius dummy
!
ip http authentication aaa
no ip http secure-server
ip tacacs source-interface BVI1
ip radius source-interface BVI1
!
tacacs-server host x.x.x.x
tacacs-server host x.x.x.x
tacacs-server host x.x.x.x
tacacs-server timeout 20
tacacs-server directed-request
tacacs-server key xxxxxxxx
radius-server attribute 32 include-in-access-req format %h
radius-server host x.x.x.x auth-port 1645 acct-port 1646
radius-server host x.x.x.x auth-port 1645 acct-port 1646
radius-server host x.x.x.x auth-port 1645 acct-port 1646
radius-server timeout 20
radius-server deadtime 3
radius-server key xxxxxxxxx
radius-server vsa send accounting
bridge 1 route ip
!
The Clients connect to the AP but authenticate with aaa and therefore do not transmit as the Handhelds require radius. Any ideas of what I might be missing?