Introduction:-
Example of a repeater AP communicating with a root AP using LEAP with local RADIUS server.
Configuration Example:-
------------->>>>>>>>>>>>>>>>>>Root AP config <<<<<<<<<<<<<----------------
sh run
Building configuration...
Current configuration : 2065 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ROOT
!
enable secret 5 $1$JN3t$3P2WtEwUd8F9Q6PCy12WT0
!
led display alternate
ip subnet-zero
!
aaa new-model
!
aaa group server radius rad_eap <<<We are defining a group rad_eap and specifying the IP of the RADIUS server
<<<This AP is acting as the local RADIUS server
server 192.168.1.1 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap <<<For rad_eap group, method to be used is eap_methods
aaa session-id common
!
dot11 ssid test <<<test SSID used for communication between the parent AP and the repeater AP
authentication open eap eap_methods
authentication network-eap eap_methods
infrastructure-ssid
!
power inline negotiation prestandard source
!
username Cisco password 7 112A1016141D
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid test
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
dfs band 3 block
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
radius-server local <<<<<<<local RADIUS server config
nas 192.168.1.1 key 7 03105E1812
user test nthash 7 101E2A3B534E465354547F0D737164170441264E5159060E0104072C5B41430A0F <<<You need to define same username/password on the repeater AP also
!
radius-server host 192.168.1.1 auth-port 1812 acct-port 1813 key 7 0010161510 <<<<<<<<<<We are telling this AP to communicate with server 192.168.1.1
<<<<<<( this AP itself) using the mentioned key
!
control-plane
!
bridge 1 route ip
!
line con 0
line vty 0 4
!
end
------------>>>>>>>>>>>>>Repeater AP<<<<<<<<<<<<<<<-------------
Building configuration...
Current configuration : 1879 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NON_ROOT
!
enable secret 5 $1$reJk$pTPrQFJU2M7TWqhxUy3/o/
!
ip subnet-zero
!
aaa new-model
aaa group server radius rad_eap
server 192.168.1.1 auth-port 1645 acct-port 1646 <<<for repeater AP, parent AP is the server
aaa authentication login eap_methods group rad_eap <<<For rad_eap group, method to be used is eap_methods
aaa session-id common
dot11 ssid test
authentication open eap eap_methods
authentication network-eap eap_methods
authentication client username test password 7 105A0C0A11 <<<defining username/password already configured on the parent AP ( under local radius server config mode)
infrastructure-ssid
!
power inline negotiation prestandard source
username Cisco password 7 096F471A1A0A
!
bridge irb
!
interface Dot11Radio0
no ip address
no ip route-cache
ssid test
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role repeater
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
!
interface BVI1
ip address 192.168.1.2 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
control-plane
!
bridge 1 route ip
!
Related Documents:-
Configuring Repeater and Standby Access Points
