11-12-2012 09:04 AM - edited 03-04-2019 06:06 PM
Hello...
I have been given a new project at work, to configure a 881W for wireless capebilities. So far on this guy I have figured out how to get it to work using local database for the users to authenticate against, but our goal is to authenticate against a radius server that we have in place for existing Juniper AP's.
I have looked at some documentation out there and I cant seem to find what Im looking for. What I need to find out is an example of how to setup a radius server so that the wireless user can authenticate against. I have found some docs on google but those go over radius server setups for logons to the router etc.
If anyone has done such config and can help I would appreciate it
Thanks
here is what I got so far
Building configuration...
Current configuration : 2005 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 881W_AP
!
logging rate-limit console 9
enable secret 5 $1$J4nD$nzQb7LVYMr4Ju9s75jxEZ/
!
aaa new-model
!
!
aaa group server radius Test
server 172.26.0.223 auth-port 1645 acct-port 1646
!
aaa accounting update periodic 1
aaa accounting network default start-stop group radius
!
aaa session-id common
!
!
dot11 syslog
!
dot11 ssid Test1
vlan 1
authentication open
authentication key-management wpa
accounting accounting-list-for-Test1
guest-mode
!
dot11 network-map
!
!
username admin privilege 15 secret 5 $1$24156465415645646546d5f651f65d
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers tkip
!
ssid Test1
!
antenna gain 0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 172.30.252.15 255.255.255.0
no ip route-cache
!
ip default-gateway 172.30.252.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server host 172.26.0.223 auth-port 1645 acct-port 1646 key 7 0000255621456324
radius-server key 7 104546235646843
bridge 1 route ip
!
!
!
line con 0
no activation-character
line vty 0 4
exec-timeout 60 0
!
end
881W_AP#
I have used the following doccumentation to set this up
I am getting this when I try to connecto from my notebook to wireless
*Oct 22 08:02:51.895: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 001f.e1cf.6164 Associated KEY_MGMT[WPA]
*Oct 22 08:03:06.959: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 001f.e1cf.6164 Reason: Sending station has left the BSS
*Oct 22 08:03:12.151: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 001f.e1cf.6164 Associated KEY_MGMT[WPA]
*Oct 22 08:03:27.207: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 001f.e1cf.6164 Reason: Sending station has left the BSS *Oct 22 08:02:51.895: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 001f.e1cf.6164 Associated KEY_MGMT[WPA]
*Oct 22 08:03:06.959: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 001f.e1cf.6164 Reason: Sending station has left the BSS
*Oct 22 08:03:12.151: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 001f.e1cf.6164 Associated KEY_MGMT[WPA]
*Oct 22 08:03:27.207: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 001f.e1cf.6164 Reason: Sending station has left the BSS
Any ideas?
Thank you
11-13-2012 06:09 AM
Anyone?
11-13-2012 06:28 AM
I have never actually done this but I reckon you will need to use eap and then back those auth attempts to the the Radius server.
Have a look at these documents:
11-13-2012 06:32 AM
Hello,
I get Page Forbiden when trying to open those documents...
11-13-2012 06:46 AM
Try logging in?
I have just tried them myself and they work fine...
Below are the pdf versions:
http://www.cisco.com/en/US/docs/routers/access/1800/wireless/configuration/guide/s37auth.pdf
http://www.cisco.com/en/US/docs/routers/access/1800/wireless/configuration/guide/s37radi.pdf
11-13-2012 07:02 AM
Thank you,
I will look at the docs and see if I can get it to work.
11-13-2012 09:16 AM
Hello,
This is a litle weird what Im gouing throug now. I am able to gett histo work and authenticate against radius server if im not using any encryption..
here is example
----------------------------------------------------------------------------------------------------------------------
|
but when I add this command to the ssid
|
and this command to the interface dot11radio0
|
I lose connection. Why would it be that it is working without encryption but loses connectivity when adding encryption?
11-14-2012 02:36 AM
Again I have to emphasise that this really is not my area but I think the issue is because you are trying to use WPA which isn't something the RADIUS protocol can carry over to the RADIUS server (someone correct me if I am wrong).
You can use WPA alongside EAP so users can connect using a PSK or RADIUS authentication.
You will need to use EAP/dot1x between the router and the wireless client (authenticator and supplicant respectively) for it to be compatible with the RADIUS authentication, the configuration is something I cannot help you with but I would check out this doc for some better understanding:
PDF:
http://www.cisco.com/en/US/docs/wireless/access_point/12.2_11_JA/configuration/guide/s11auth.pdf
You would have got a lot more response if you had put this topic in the Wireless section.
** Remember to rate useful replies :-)
11-20-2013 12:31 PM
please check below link and help me resolving the issue
Thank
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide