取消
显示结果 
搜索替代 
您的意思是: 
cancel
3272
查看次数
0
有帮助
3
回复

胖AP1602做结合windows2008的NPS做EAP-PEAP认证失败

kun wang
Level 1
Level 1
本帖最后由 wk_rs1987 于 2016-4-5 13:58 编辑
各位大神好
我的环境是使用胖AP1602(IOS-15.2(2)JB)做无线802.1x认证,AAA服务器是windows2008上的NPS来做。
附上我的配置,想问问哪里不对。
DeltaXADGCap#
DeltaXADGCap#show run
Building configuration...
Current configuration : 2846 bytes
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname DeltaXADGCap
!
!
logging rate-limit console 9
enable secret 5 $1$O0El$d.XVqC58vtereutGhzSX.0
!
aaa new-model
!
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_eap
server name 172.17.151.6
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local line group radius
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
no ip source-route
no ip cef
!
!
!
dot11 syslog
!
dot11 ssid Data-Office
authentication open eap eap_methods
authentication key-management wpa version 2
guest-mode
!
dot11 ssid TEST
authentication open
guest-mode
!
!
crypto pki token default removal timeout 0
!
!
username Cisco privilege 15 password 7 030752180500
username RICKY privilege 15 secret 5 $1$1nG5$2eIHAxNRzmmcjtSU/whyt.
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid Data-Office
!
antenna gain 0
stbc
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption mode ciphers aes-ccm
!
ssid TEST
!
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
mac-address 78ba.f9e6.b009
ip address 172.22.38.250 255.255.255.0
!
ip default-gateway 172.22.38.254
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip route 0.0.0.0 0.0.0.0 BVI1
ip radius source-interface BVI1
!
radius-server attribute 32 include-in-access-req format %h
!
radius server 172.22.1.105
address ipv4 172.22.1.105 auth-port 1812 acct-port 1812
key 7 045F0E0A1B20
!
radius server 172.17.151.6
address ipv4 172.17.151.6 auth-port 1645 acct-port 1646
key 7 020201571F07
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
transport input telnet ssh
!
end
3 条回复3

one-time
Level 13
Level 13
静候小伙伴的回复哦!:):handshake

不适用
既然看了,顶一个吧,好帖子

Pengfei Yu
Spotlight
Spotlight
嗯,对胖AP不熟悉,但是想说:
1.你只粘贴出了胖AP 的配置信息,有相关的 认证失败告警信息吗?原因是多种多样的,这里没有“神”
2.PEAP是需要验证服务器端的证书的。你的客户端已经安装证书了吗?
快捷链接