09-02-2009 12:40 PM - edited 07-03-2021 06:00 PM
Folks,
Is Aironet 1231 end of line. I am trying to configure AP authentication on it using fast eap but do not see the option to do it.
Thanks,
Parwal
09-02-2009 02:43 PM
Hi Parwal,
1230 is end-of-sale and has been superseded by the 1240 (and superseded by the 1250).
09-02-2009 09:02 PM
When you say "AP Authentication," do you mean client devices using EAP-FAST and doing the authentication from the local RADIUS server on the 1231? If so, yes it can. Here's a sample config for a single (non WDS participating) AP:
aaa new-model
!
!
aaa group server radius EAPFAST
server 10.10.10.100 auth-port 1812 acct-port 1813
!
aaa authentication login eapfast-login group EAPFAST
!
dot11 ssid Test10
authentication open eap eapfast-login
authentication key-management wpa
!
interface d0
encryption mode ciphers aes-ccm
ssid Test10
!
int BVI 1
ip address 10.10.10.100 255.255.255.0
!
radius-server local
eapfast authority id 1234567890ABCDEF1234567890ABCDEF
eapfast authority info EapFastTest
eapfast server-key primary auto-generate
nas 10.10.10.100 key RADIUSKEY
user FAST password Test123
!
radius-server host 10.10.10.100 auth-port 1812 acct-port 1813 key RADIUSKEY
Obviously, change your IP address appropriately. Also, you'll need to modify this if you are using multiple VLANs/SSIDs. I just verified it with a 1231 at home.
09-02-2009 09:05 PM
One more thing. If you're using the Cisco ADU utility, disable server certificate checking for EAP-FAST. Otherwise, the connection will fail.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: