11-14-2012 05:42 AM - edited 03-07-2019 10:02 AM
Hello All,
I am testing a new product at work which is the cisco 881W Wireless router. We are in transition of upgrading out entire Network in 60 offices nation wide from Juniper Wireless to Cisco. I have been testing this routers wireless capebilities and I like what I see. The only issue that I have right now is, I cant figure out how to configure the radius client, so that the end users that are connecting to the Wireless via their notebooks use the Radius client as Authentication rether then the local database.
So far I have setup a simple radius configuration that is as follows:
Radius Configuration |
---|
radius-server host 192.168.1.1 auth-port 1645 acct-port 1646 timeout 10 retransmit 7 key password dot11 ssid 881W_Test accounting accounting-method-test exit radius-server host 192.168.1.1 |
I have noticed that this works fine as long as I dont have any encryption methods specefied in the condifuration. Example is below:
encryption Methods |
---|
dot11 ssid 881W_Test vlan 1 authentication open authentication key-management wpa accounting 881W_Test-Accounting_Method guest-mode interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 1 mode ciphers tkip ! ssid 881W_Test ! antenna gain 0 station-role root |
If I take out the commands
authentication key-management wpa off from the SSID and encryption vlan 1 moce viphers tkip off from the interface dot11radio0 I can authenticate against the radius server, but the traffic is all unencrypted.
Has someone done a configuration like this before?
Any help is greatly appreciated...
11-20-2012 01:41 AM
Hi,
There are a few steps you need to complete:
1. Specify the radius server and key
2. Create an aaa radius server group and add the server from step 1
3. Create an aaa authentication method and point to aaa radius server group
4. Configure open eap under the dot11 ssid and point to aaa authentication method
5. Configure the encryption under the dot11radio0 interface and add the ssid
For example:
radius-server host 192.168.1.1 auth-port 1645 acct-port 1646 key 0 radiuskey
!
aaa group server radius radius_test
server 192.168.1.1 auth-port 1645 acct-port 1646
!
aaa authentication login radius_eap group radius_test
!
dot11 ssid 881W_Test
vlan 1
authentication open eap radius_eap
!
interface Dot11Radio0
encryption vlan 1 key 1 size 128bit 0 1234567890ABCDEF transmit-key
encryption vlan 1 mode wep mandatory
ssid 881W_Test
HTH
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide