02-19-2014 09:56 AM - edited 03-10-2019 09:25 PM
Hello,
I'm trying to configure WLAN authorization with RADIUS (EAP-TTLS) on my Cisco Aironet 1600.
At the datasheet (
http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1600-series/data_sheet_c78-715702.html) it an information that this model can handle this.
Sadly I can't configure... Coud anybody help mi with that case?
My config is:
Current configuration : 4013 bytes
!
! Last configuration change at 18:22:15 UTC Wed Feb 19 2014
! NVRAM config last updated at 18:22:15 UTC Wed Feb 19 2014
! NVRAM config last updated at 18:22:15 UTC Wed Feb 19 2014
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
!
logging rate-limit console 9
enable secret 5 $1$BPWA$C5uySGSrxxkQzUodYDhXq/
!
aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.55.22 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
server 192.168.55.22 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
ip cef
!
!
!
dot11 syslog
dot11 vlan-name TP_VLAN vlan 50
!
dot11 ssid TEST
vlan 2
authentication open eap eap_methods1
authentication shared eap eap_methods1
authentication network-eap eap_methods1
dot1x eap profile eapttls
mbssid guest-mode
!
!
eap profile eapttls
!
crypto pki token default removal timeout 0
!
!
dot1x test timeout 3
username Cisco password 7 01300F175804
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption vlan 50 mode ciphers aes-ccm tkip
!
ssid TEST
!
antenna gain 0
stbc
beamform ofdm
mbssid
channel 2472
station-role root
!
interface Dot11Radio0.2
encapsulation dot1Q 2 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.50
encapsulation dot1Q 50
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
!
interface Dot11Radio1
no ip address
shutdown
!
encryption vlan 50 mode ciphers aes-ccm tkip
!
ssid TEST
!
antenna gain 0
no dfs band block
stbc
beamform ofdm
mbssid
channel dfs
station-role root
!
interface Dot11Radio1.2
encapsulation dot1Q 2 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.50
encapsulation dot1Q 50
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0.2
encapsulation dot1Q 2 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.50
encapsulation dot1Q 50
bridge-group 50
bridge-group 50 spanning-disabled
no bridge-group 50 source-learning
!
interface BVI1
ip address 192.168.55.19 255.255.255.0
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip route 0.0.0.0 0.0.0.0 172.20.0.2
ip route 0.0.0.0 0.0.0.0 172.22.0.1
ip radius source-interface BVI1
!
radius-server local
no authentication mac
nas 192.168.55.22 key 7 131112011F5D5679
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.55.22 auth-port 1812 acct-port 1813 key 7 044F0E151B701E1D
radius-server vsa send accounting
!
bridge 1 route ip
!
!
wlccp ap eap profile eapttls
!
line con 0
line vty 0 4
password 7 072C285F4D06
authorization exec local
transport input all
!
end
Thank you in advance,
Pawel