Hello,
I'm trying to setup a Aironet 1600 appliance to provide Wireless Networks to my customers.
I want to :
- authenticate the mac-address of the clients
then, once authenticated
- authenticate Users with Active Directory login/passwords of these customers
I was successfull on mac-authentication only using RADIUS.
When I added EAP on aaa authentication on the SSID, the RADIUS lofgs shows me that AIRONET is trying to authenticate all the time : first with mac-address (RADIUS answer OK) and then with my windows login (Active Directory). At this time, RADIUS server anwsers KO because the login is not in the mac-address table.
How can I tell Aironet to do "authenticate" section once mac-address authorize process is OK ?
Here is an extract of my Airtonet conf :
aaa new-model
!
!
aaa group server radius rad_eap
server name SRV-RADIUS-R01-LDAP
subscriber mac-filtering security-mode mac
mac-delimiter hyphen
!
aaa group server radius rad_mac
server name SRV-RADIUS-R01
mac-delimiter hyphen
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login mac_auth group rad_mac
aaa authentication ppp default group radius
aaa authentication dot1x default group net_auth
aaa authorization exec default local
aaa authorization network default group radius
aaa authorization network net_auth group rad_eap
aaa accounting network acct_methods start-stop group rad_acct
....
dot11 ssid Invite
vlan 986
authentication open mac-address mac_auth eap net_auth
authentication network-eap net_auth mac-address mac_auth
authentication key-management wpa
guest-mode
!
!
dot11 aaa csid ietf
eap profile Profile
method peap
!
....
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm tkip
!
encryption vlan 986 mode ciphers aes-ccm tkip
!
ssid Admin
!
ssid Invite
!
....
radius server SRV-RADIUS-R01
address ipv4 10.107.85.13 auth-port 1821 acct-port 1822
key 7 046C02005E15495D232B20
!
radius server SRV-RADIUS-R01-LDAP
address ipv4 10.107.85.13 auth-port 1823 acct-port 1824
key 7 046C02005E15495D232B20
!
Thank.