1252 Aironet - Wireless Authentication via Radius (Windows NPS)
I recently began using Radius for our networks to authenticate Cisco Console Logins, and VPN Connection Requests (anyconnect), which has been working great. Our network isn't huge (3 ASA5505's with site to site VPNs, 1 site with a Wireless AP).
I would like to setup our Wireless Access Point to have (1) SSID that authenticates users via Radius (to Windows NPS on our Domain Controller). I have a Windows Security Group called "Wireless Users" setup and I want users to be able to login to the Wireless using their AD account.
We do not have multiple VLANs or anything complicated.
I am unable to find a solution for this on Autonomous IOS Version 12.4, and was wondering if anyone could assist.
Thank you!! (config below)
version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname xxxx-AP ! enable secret xxxxxxxxxxxxxxxx ! aaa new-model ! ! aaa group server radius radius-admin server-private 192.168.12.2 auth-port 1812 acct-port 1813 key xxxxxxxxxxxxxxxx ! aaa authentication login userAuthent group radius-admin local aaa authorization exec userAuthor local group radius-admin if-authenticated ! aaa session-id common no ip domain lookup ip domain name xxxxxxxxxxx ! ! login block-for 60 attempts 3 within 30 dot11 syslog ! ! dot11 ssid ssid1 authentication open authentication key-management wpa version 2 guest-mode wpa-psk ascii xxxxxxxxxxxxxxxx ! power inline negotiation prestandard source ! crypto pki trustpoint TP-self-signed-########### enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-########### revocation-check none rsakeypair TP-self-signed-############ ! ! username admin privilege 15 secret xxxxxxxxxxxxxxxx ! ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! broadcast-key change 3600 ! ! ssid ssid1 ! antenna gain 0 station-role root bridge-group 1 bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! broadcast-key change 3600 ! antenna gain 0 dfs band 3 block mbssid channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface GigabitEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 192.168.12.254 255.255.255.0 no ip route-cache ! ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 ! access-list 1 permit 192.168.0.0 0.0.255.255 no cdp run bridge 1 route ip ! ! banner login ^CC xxxxxxxxx - AUTHORIZED ACCESS ONLY ^C ! line con 0 logging synchronous line vty 0 4 access-class 1 in authorization exec userAuthor login authentication userAuthent transport input ssh line vty 5 15 access-class 1 in authorization exec userAuthor login authentication userAuthent transport input ssh ! end
Integrating Cisco Identity Services Engine with Cisco Meraki Systems Manager
Technical Marketing Engineer, Cisco Systems, Inc.
Integrating Cisco Identity Services Engine with Cisco Meraki Systems ManagerOverviewCo...
Integrating Cisco Identity Services Engine with Cisco Meraki Systems ManagerOverviewComponentsConfiguration StepsCertificate InstallationAdd Meraki Systems Manager as an MDM in ISE.ISE Authorization PolicyMDM DictionaryAppendix
ISE 2.7 Guest Access Management Features
The following document explains the guest features of ISE 2.7. For more detail of what ISE 2.7 has to offer please check the associated documentation.
Auto Login on Sponsor Approval
SymptomsOutage during FTD code upgrade DiagnosisThe FTD code upgrade thru FMC will cause the traffic interruptionSolutionBelow process will upgrade the FTD with no downtime and no traffic interruption.Before the upgrade process:Download the FTD platf...
Process for FTD migration with PolicyAs per Cisco documentation, we have below steps for for de-register and register process. Please follow below steps :Step 1 : Break HA pair and de-register your FTD from FMC (old).Step 2 : Register your primary FTD wit...