03-17-2008 01:15 AM - edited 07-03-2021 03:33 PM
Dear Sir
I have planed to authenticate our user who connect to our access point via local radius local-server which is located on our access point my access point model is Aironet 1300 and my configuration is as follows but when users from their pc enter password their authentication will fail. Would you please let me know what is wrong in my configuration?
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret xxx
!
ip subnet-zero
!
!
aaa new-model
!
!
aaa group server radius rad_eap
server 10.10.10.1 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
server 10.10.10.1 auth-port 1812 acct-port 1813
!
aaa group server radius rad_acct1
server 10.10.10.1 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa accounting network acct_methods1 start-stop group rad_acct1
aaa session-id common
!
dot11 ssid cisco
authentication open eap eap_methods1
authentication network-eap eap_methods1
accounting acct_methods1
guest-mode
infrastructure-ssid
wpa-psk ascii xxx
!
power inline negotiation prestandard source
!
!
username Cisco password xxx
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 128bit xxx transmit-key
encryption mode wep mandatory
!
ssid cisco
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
antenna receive left
antenna transmit left
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption key 1 size 128bit xxx transmit-key
encryption mode wep mandatory
!
ssid cisco
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
!
interface BVI1
ip address 10.10.10.1 255.255.255.128
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
radius-server local
no authentication eapfast
no authentication mac
nas 10.10.10.1 key xxx
user test nthash 7 xx
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.10.10.1 auth-port 1812 acct-port 1813 key xxx
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end
Best regards
hyazdi
03-21-2008 07:20 AM
I think the following document should help you to perform the correct configuration
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080851b42.shtml
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: