Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Getting Started with Wireless: 1130ag access point as local authenticator

I have set my 1130 ag as having a local radius server, including groups, users and ssids. I am having trouble getting the access point to use the local radius server. When I try to connect using eap-fast I get prompted for a user name and password but no attempts are registered on the radius server. Any help would be appreciated.

Current configuration : 2829 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

enable secret xxx

!

aaa new-model

!

!

aaa group server radius rad_eap

server 192.168.150.253 auth-port 1645 acct-port 1646

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa group server radius rad_eap1

server 192.168.150.253 auth-port 1645 acct-port 1646

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authentication login eap_methods1 group rad_eap1

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

!

aaa session-id common

!

!

!

dot11 ssid test13

vlan 1

authentication open eap eap_methods1

authentication network-eap eap_methods1

guest-mode

!

power inline negotiation prestandard source

!

!

username Cisco password xxx

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

ssid test13

!

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

station-role root

!

interface Dot11Radio1.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.150.253 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.150.254

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

radius-server local

nas 192.168.150.253 key xxx

group luntan

vlan 1

ssid test13

!

user fangtanshi nthash xxx group luntan

!

radius-server attribute 32 include-in-access-req format %h

radius-server host 192.168.150.253 auth-port 1645 acct-port 1646 key xxx

radius-server vsa send accounting

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

exec-timeout 0 0

!

end

1 REPLY
Hall of Fame Super Silver

Re: Getting Started with Wireless: 1130ag access point as local

I posted a config file for EAP-FAST... it works, because I tried it. If you have issues, then it has to be the way you are configuring the client side.

-Scott
*** Please rate helpful posts ***
140
Views
0
Helpful
1
Replies