Configuring the Access Point 1602 IOS 15.2(2)JAX as a Local RADIUS for a MAC authenticator
I have an issue with my Cisco 1602 WAP. I am trying to configure the WPA-PSK and MAC authentication on local RADIUS but I don't know why it doesn't work and client can bypass the MAC authentication. below is partial configuration:
dot11 ssid WLAN vlan 20 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 7 XXX
interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! encryption vlan 20 mode ciphers aes-ccm ! ssid WLAN ! antenna gain 0 stbc beamform ofdm mbssid channel 2462 station-role root ! interface Dot11Radio0.20 encapsulation dot1Q 20 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding
interface BVI1 ip address 10.133.16.2 255.255.255.128 no ip route-cache
adius-server local nas 10.133.16.2 key 7 10.133.16.2 group MAC vlan 20 ssid WLAN block count 3 time infinite reauthentication time 1800
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...