04-12-2011 01:19 AM - edited 11-18-2020 02:53 AM
Introduction:-
Example of a repeater AP communicating with a root AP using LEAP with local RADIUS server.
Configuration Example:-
------------->>>>>>>>>>>>>>>>>>Root AP config <<<<<<<<<<<<<----------------
sh run
Building configuration...
Current configuration : 2065 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ROOT
!
enable secret 5 $1$JN3t$3P2WtEwUd8F9Q6PCy12WT0
!
led display alternate
ip subnet-zero
!
aaa new-model
!
aaa group server radius rad_eap <<<We are defining a group rad_eap and specifying the IP of the RADIUS server
<<<This AP is acting as the local RADIUS server
server 192.168.1.1 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap <<<For rad_eap group, method to be used is eap_methods
aaa session-id common
!
dot11 ssid test <<<test SSID used for communication between the parent AP and the repeater AP
authentication open eap eap_methods
authentication network-eap eap_methods
infrastructure-ssid
!
power inline negotiation prestandard source
!
username Cisco password 7 112A1016141D
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid test
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
dfs band 3 block
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
radius-server local <<<<<<<local RADIUS server config
nas 192.168.1.1 key 7 03105E1812
user test nthash 7 101E2A3B534E465354547F0D737164170441264E5159060E0104072C5B41430A0F <<<You need to define same username/password on the repeater AP also
!
radius-server host 192.168.1.1 auth-port 1812 acct-port 1813 key 7 0010161510 <<<<<<<<<<We are telling this AP to communicate with server 192.168.1.1
<<<<<<( this AP itself) using the mentioned key
!
control-plane
!
bridge 1 route ip
!
line con 0
line vty 0 4
!
end
------------>>>>>>>>>>>>>Repeater AP<<<<<<<<<<<<<<<-------------
Building configuration...
Current configuration : 1879 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NON_ROOT
!
enable secret 5 $1$reJk$pTPrQFJU2M7TWqhxUy3/o/
!
ip subnet-zero
!
aaa new-model
aaa group server radius rad_eap
server 192.168.1.1 auth-port 1645 acct-port 1646 <<<for repeater AP, parent AP is the server
aaa authentication login eap_methods group rad_eap <<<For rad_eap group, method to be used is eap_methods
aaa session-id common
dot11 ssid test
authentication open eap eap_methods
authentication network-eap eap_methods
authentication client username test password 7 105A0C0A11 <<<defining username/password already configured on the parent AP ( under local radius server config mode)
infrastructure-ssid
!
power inline negotiation prestandard source
username Cisco password 7 096F471A1A0A
!
bridge irb
!
interface Dot11Radio0
no ip address
no ip route-cache
ssid test
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role repeater
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
!
interface BVI1
ip address 192.168.1.2 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
control-plane
!
bridge 1 route ip
!
Related Documents:-
Nice configuration example. thanks for sharing.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: