cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
327
Views
0
Helpful
1
Replies
Highlighted
Beginner

Cisco 881W Radisu Client Configuration Help

                   Hello All,

I am testing a new product at work which is the cisco 881W Wireless router. We are in transition of upgrading out entire Network in 60 offices nation wide from Juniper Wireless to Cisco. I have been testing this routers wireless capebilities and I like what I see. The only issue that I have right now is, I cant figure out how to configure the radius client, so that the end users that are connecting to the Wireless via their notebooks use the Radius client as Authentication rether then the local database.

So far I have setup a simple radius configuration that is as follows:

Radius Configuration

radius-server host 192.168.1.1 auth-port 1645 acct-port 1646 timeout 10 retransmit 7 key password

dot11 ssid 881W_Test

accounting accounting-method-test

exit

radius-server host 192.168.1.1

I have noticed that this works fine as long as I dont have any encryption methods specefied in the condifuration. Example is below:

encryption Methods

dot11 ssid 881W_Test

   vlan 1

   authentication open

   authentication key-management wpa

   accounting 881W_Test-Accounting_Method

   guest-mode

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers tkip

!

ssid 881W_Test

!

antenna gain 0

station-role root


If I take out the commands

authentication key-management wpa off from the SSID and encryption vlan 1 moce viphers tkip off from the interface dot11radio0 I can authenticate against the radius server, but the traffic is all unencrypted.

Has someone done a configuration like this before?

Any help is greatly appreciated...

1 REPLY 1
Highlighted
Participant

Hi,

There are a few steps you need to complete:

1. Specify the radius server and key

2. Create an aaa radius server group and add the server from step 1

3. Create an aaa authentication method and point to aaa radius server group

4. Configure open eap under the dot11 ssid and point to aaa authentication method

5. Configure the encryption under the dot11radio0 interface and add the ssid

For example:

radius-server host 192.168.1.1 auth-port 1645 acct-port 1646 key 0 radiuskey

!

aaa group server radius radius_test

server 192.168.1.1 auth-port 1645 acct-port 1646

!

aaa authentication login radius_eap group radius_test

!

dot11 ssid 881W_Test

vlan 1

authentication open eap radius_eap

!

interface Dot11Radio0

encryption vlan 1 key 1 size 128bit 0 1234567890ABCDEF transmit-key

encryption vlan 1 mode wep mandatory

ssid 881W_Test

HTH

Paul

HTH Paul ****Please rate useful posts****
Content for Community-Ad