AP 1130AG with dot1x and EAP-TLS with ACS

rdamaso · ‎07-27-2006

Folks,

I?m using the follow url to config dot1x with EAP-TLS and ACS authentication:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml#config-ap

I have some problems to config EAP-TLS ( dot1x ) in my AP because the document screen are different of my AP.

Does anybody has a cli config or another doc to show me?

Tks

aashihmin · ‎07-27-2006

aaa group server radius rad_eap1

server 10.1.2.9 auth-port 1812 acct-port 1813

server 10.1.2.10 auth-port 1812 acct-port 1813

!

...

aaa authentication login eap_methods1 group rad_eap1

dot11 vlan-name healthy vlan 555

!

...

dot11 ssid VSW

vlan 555

authentication open eap eap_methods1

mobility network-id 555

!

...

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 556 key 1 size 128bit xxx transmit-key

encryption vlan 556 mode ciphers wep128

!

encryption vlan 555 key 1 size 128bit xxx transmit-key

encryption vlan 555 mode ciphers wep128

!

ssid VSW

!

...

radius-server host 10.1.2.9 auth-port 1812 acct-port 1813 timeout 6 retransmit 3 key 7 02110D5D02

radius-server host 10.1.2.10 auth-port 1812 acct-port 1813 timeout 6 retransmit 3 key 7 02110D5D02

In this config I use WEP encryption with Open Eap authentication, client authenticates by ACS server, and only there you must configure the type of authentication (TLS, MSCHAP, FAST), on access point you can't configure the type of authentication, you must use only this command "authentication open eap eap_methods"