Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
641
Views
0
Helpful
1
Replies

Autonomous AP + WGB + EAP-FAST

Augustgood
Level 1
Level 1

‎09-30-2016 02:28 PM - edited ‎07-05-2021 05:54 AM

Hi all expert,

i wilL try to test two ap 1142 autonomus in wgb with EAP-FAST , i follow some guide on internet from ccie expert, but in my environment do not work.

i wilL show my config:

ROOT AP:

!
hostname AAP1
!
aaa new-model
aaa group server radius AAP1
server name AAP1
!
aaa authentication login AAP1 group AAP1
!
dot11 ssid WGB
vlan 110
authentication open eap AAP1
authentication network-eap AAP1
authentication key-management wpa version 2
!
bridge irb
!
!
interface Dot11Radio0
no ip address
shutdown 
!
interface Dot11Radio1
no ip address
!
encryption vlan 110 mode ciphers aes-ccm
ssid WGB
!
antenna gain 0
peakdetect
no dfs band block
mbssid
channel dfs
station-role root
!
interface Dot11Radio1.110
encapsulation dot1Q 110 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0.110
encapsulation dot1Q 110 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
mac-address d48c.b561.256d
ip address 10.10.110.100 255.255.255.0
!
ip forward-protocol nd

ip radius source-interface BVI1
!
!
!
radius-server local
no authentication leap
no authentication mac
nas 10.10.110.100 key 7 09455E0C011512001F
user wgb nthash 7 0729026A1D2D4F5035315B585173797D781260734155302024057B0F770D5D533E
!
!
radius server AAP1
address ipv4 10.10.110.100 auth-port 1812 acct-port 1813
key 7 08285C4B1109000506!

bridge 1 route ip
!

------------------------------------

WGB


hostname AAP2
!

!
aaa new-model
!
!
aaa group server radius AAP1
server name AAP1
!

!
dot11 ssid WGB
vlan 110
authentication open eap AAP1
authentication network-eap AAP1
authentication key-management wpa version 2
dot1x credentials WGB
dot1x eap profile WGB
infrastructure-ssid
!
!
!
eap profile WGB
method fast
!
dot1x credentials WGB
username wgb
password 7 123035120A1B09163E7A767B
!
bridge irb
!
interface Dot11Radio0
no ip address
shutdown
antenna gain 0
station-role root
!
interface Dot11Radio1
no ip address
!
encryption vlan 110 mode ciphers aes-ccm
!
ssid WGB
!
antenna gain 0
peakdetect
station-role workgroup-bridge
!
interface Dot11Radio1.110
encapsulation dot1Q 110 native
bridge-group 1
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0.110
encapsulation dot1Q 110 native
bridge-group 1
!
interface BVI1
ip address 10.10.110.101 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.10.110.1
!
!
radius server AAP1
address ipv4 10.10.110.100 auth-port 1812 acct-port 1813     ###no need !!!!
!
bridge 1 route ip
bridge 1 address 000f.f7c4.3246 forward GigabitEthernet0.110
bridge 1 aging-time 1000000
!

IF i use leap work... i try to put eapfast with id and primary key but how i can configure the WGB ??

Please help me.

Labels:
0 Helpful
1 Reply 1

Augustgood
Level 1
Level 1

‎10-02-2016 01:27 AM

solved.

After syncro the clock of the aps, eap-fast work.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card