08-06-2024 07:31 AM
I have connected cisco ISR 4331 to AP and WLC.
I need to authenticate end points via AP to the router which is serving as RADIUS server/DHCP server and DNS server as well.
The config shown in below document seems to be obsolete.
How can we use cisco router as NAS server and authenticate for the end points that connect to a particular SSID.
Configuring RADIUS or a Local Authenticator in a Wireless LAN - Cisco
I am looking for below configs, that 17.3.4a IOSXE OS does not accepts.
Solved! Go to Solution.
08-06-2024 09:18 AM
08-06-2024 08:18 AM
Can you expand on this? You have a router (what model?) and have a WLC and AP plugged into that router? And want to use 802.1X and MAB on the router ports? Or are you talking about the SSIDs on the WLC?
08-06-2024 08:57 AM
I have a cisco ISR 4331, with IOS XE 17.3.4a, that is configured as radius server.
The router is connected to a L2 switch. and the L2 switch is connected to a WLC 2500. WLC2500 is connected to wireless AP via its POE port. The AP is discovered in WLC. I have configured WLAN in WLC with the same AP and with routers IP as radius server.
I want all end points connecting to the AP get authenticated from radius service configured on ROUTER.
as shown in the document link: Configuring RADIUS or a Local Authenticator in a Wireless LAN - Cisco
!
aaa new-model
!
!
aaa group server radius GR
server IP
!
aaa authentication login default local
aaa accounting update periodic 5
aaa accounting network default start-stop group radius
!
!
!
!
!
!
aaa session-id common
!
!
!
!
username USERNAME privilege 15 secret 9 PASSWORD
!
!
!
!
interface GigabitEthernet0/0/0
description "CONNECTED-TO-LAN-SW"
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.1155
description "TO-LAN"
encapsulation dot1Q 1155
ip address IP SM
!
!
ip radius source-interface GigabitEthernet0/0/0.1155
!
!
!
radius-server attribute 32 include-in-access-req format %h
radius-server configure-nas
radius-server retransmit 5
radius-server deadtime 5
radius-server key RADIUS_KEY
!
radius server RS
address ipv4 IP auth-port 1612 acct-port 1612
retransmit 5
non-standard
key RADIUS_KEY
!
radius server LAB-RTR
!
!
08-06-2024 09:00 AM
as per cisco feature navigator, the router supports RADIUS server per SSID feature.
08-06-2024 09:03 AM - edited 08-06-2024 09:04 AM
ISR cannot be a RAIDUS Server... Those commands are for configuring the ISR to talk to an external RADIUS server. I'm not aware of any functionality that allows an ISR to respond to RADIUS requests.
08-06-2024 09:06 AM
How can i replicate the setup illustrated: Configuring RADIUS or a Local Authenticator in a Wireless LAN - Cisco
or do I have to use an external radius server like free radius.
08-06-2024 09:18 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide