08-24-2007 02:27 AM - edited 07-03-2021 02:31 PM
Hi,
we have established a bridge connection between a 1310G Root Bridge and a 1310G Non Root Bridge with the following settings for this bridge SSID: "Open Authentication" with "WPA mandatory and WPA Preshared Key" in Client Authenticated Key Management.
Moreover we have a 2nd SSID with EAP (Radius) for network authentication.
a). can this scenario be viewed as secure ?
b). is it possible to use EAP-Authentication (e.g. Network EAP with LEAP) for the Bridge SSID as well ? If yes, how can we do this ?
We enabled local authentication on the Root Bridge with Bridge and Non Root Bridge as AAA-Clients - and the usernames/passwords defined in it were entered in AP authentication. But this failed.
Thanks,
Thorsten
08-24-2007 08:48 AM
Hi, coincidently I'm trying to do the same thing, (the authentication part) and with no success.
I found a link on CCO, http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058f53e.shtml
but it isn't working.
Besides, they specify that we should use network-eap for authentication, but they don't specify any method list for AAA, which is mandatory (at least on the CLI).
If you find out anything, plase reply to this post
08-24-2007 11:31 AM
Hello, I managed to put a config with LEAP and WPA 2 working on a P2P link, authenticated by a ACS on the Root side.
I'll past the relevant config for the root and non-root.
!
hostname BR1300-NonRoot
!
dot11 ssid test
authentication network-eap DUMMY
authentication key-management wpa version 2
authentication client username bridgelink password XXXXXX
infrastructure-ssid
!
!
interface Dot11Radio0
!
encryption mode ciphers aes-ccm
!
ssid test
!
station-role non-root bridge
end
======ROOT=======
hostname BR1300-Root
!
aaa new-model
!
aaa authentication login EAP-LIST group radius
!
dot11 ssid test
authentication network-eap EAP-LIST
authentication key-management wpa version 2
infrastructure-ssid
!
interface Dot11Radio0
!
encryption mode ciphers aes-ccm
!
ssid test
!
station-role root bridge
!
!
interface BVI1
ip address XXXXXXXXXX
no ip route-cache
!
radius-server host ACS-RADIUS IP auth-port 1645 acct-port 1646 key XXXXXXXXXXXXXXXXXXX
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: