Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Example of a repeater AP communicating with a root AP using LEAP with local RADIUS server

Introduction:-

Example of a repeater AP communicating with a root  AP using LEAP with local RADIUS server.

Configuration Example:-

------------->>>>>>>>>>>>>>>>>>Root AP config <<<<<<<<<<<<<----------------

sh run

Building configuration...

Current configuration : 2065 bytes

!

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ROOT

!

enable secret 5 $1$JN3t$3P2WtEwUd8F9Q6PCy12WT0

!

led display alternate

ip subnet-zero

!

aaa new-model

!

aaa group server radius rad_eap                             <<<We are defining a group rad_eap and specifying the IP of the RADIUS server

                                                                                         <<<This AP is acting as the local RADIUS server

server 192.168.1.1 auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap           <<<For rad_eap group, method to be used is eap_methods

aaa session-id common

!

dot11 ssid test                                                       <<<test SSID used for communication between the parent AP and the repeater AP

   authentication open eap eap_methods

   authentication network-eap eap_methods

   infrastructure-ssid

!

power inline negotiation prestandard source

!

username Cisco password 7 112A1016141D

bridge irb

interface Dot11Radio0

no ip address

no ip route-cache

!

ssid test

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

dfs band 3 block

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.1.1 255.255.255.0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

radius-server local                                                                                                       <<<<<<<local RADIUS server config

  nas 192.168.1.1 key 7 03105E1812

  user test nthash 7 101E2A3B534E465354547F0D737164170441264E5159060E0104072C5B41430A0F   <<<You need to define same username/password on the repeater AP also

!

radius-server host 192.168.1.1 auth-port 1812 acct-port 1813 key 7 0010161510      <<<<<<<<<<We are telling this AP to communicate with server 192.168.1.1

                                                                                                                             <<<<<<( this AP itself) using the mentioned key

!

control-plane

!

bridge 1 route ip

!

line con 0

line vty 0 4

!

end

------------>>>>>>>>>>>>>Repeater AP<<<<<<<<<<<<<<<-------------

Building configuration...

Current configuration : 1879 bytes

!

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname NON_ROOT

!

enable secret 5 $1$reJk$pTPrQFJU2M7TWqhxUy3/o/

!

ip subnet-zero

!

aaa new-model

aaa group server radius rad_eap

server 192.168.1.1 auth-port 1645 acct-port 1646                <<<for repeater AP, parent AP is the server

aaa authentication login eap_methods group rad_eap      <<<For rad_eap group, method to be used is eap_methods

aaa session-id common    

dot11 ssid test

   authentication open eap eap_methods

   authentication network-eap eap_methods

   authentication client username test password 7 105A0C0A11  <<<defining username/password already configured on the parent AP ( under local radius server config mode)

   infrastructure-ssid

!

power inline negotiation prestandard source

username Cisco password 7 096F471A1A0A

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

ssid test

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0

54.0

station-role repeater

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

hold-queue 160 in

!

interface BVI1

ip address 192.168.1.2 255.255.255.0

no ip route-cache

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

!

control-plane

!

bridge 1 route ip

!

Related Documents:-

LEAP Authentication on a Local RADIUS Server


Configuring Repeater and Standby Access Points

Comments

Nice configuration example. thanks for sharing.