cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
349
Views
0
Helpful
1
Replies

radius local-server authentication problem

hamedyazdigss
Level 1
Level 1

Dear Sir

I have planed to authenticate our user who connect to our access point via local radius local-server which is located on our access point my access point model is Aironet 1300 and my configuration is as follows but when users from their pc enter password their authentication will fail. Would you please let me know what is wrong in my configuration?

!

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

enable secret xxx

!

ip subnet-zero

!

!

aaa new-model

!

!

aaa group server radius rad_eap

server 10.10.10.1 auth-port 1812 acct-port 1813

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa group server radius rad_eap1

server 10.10.10.1 auth-port 1812 acct-port 1813

!

aaa group server radius rad_acct1

server 10.10.10.1 auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authentication login eap_methods1 group rad_eap1

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

aaa accounting network acct_methods1 start-stop group rad_acct1

aaa session-id common

!

dot11 ssid cisco

authentication open eap eap_methods1

authentication network-eap eap_methods1

accounting acct_methods1

guest-mode

infrastructure-ssid

wpa-psk ascii xxx

!

power inline negotiation prestandard source

!

!

username Cisco password xxx

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption key 1 size 128bit xxx transmit-key

encryption mode wep mandatory

!

ssid cisco

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

antenna receive left

antenna transmit left

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

!

encryption key 1 size 128bit xxx transmit-key

encryption mode wep mandatory

!

ssid cisco

!

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

hold-queue 160 in

!

interface BVI1

ip address 10.10.10.1 255.255.255.128

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

!

radius-server local

no authentication eapfast

no authentication mac

nas 10.10.10.1 key xxx

user test nthash 7 xx

!

radius-server attribute 32 include-in-access-req format %h

radius-server host 10.10.10.1 auth-port 1812 acct-port 1813 key xxx

radius-server vsa send accounting

!

control-plane

!

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

!

end

Best regards

hyazdi

1 Reply 1

gmarogi
Level 5
Level 5

I think the following document should help you to perform the correct configuration

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080851b42.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: