AIR-CAP2602I-E-K9 in Autonomous Mode

iantaylor1 · ‎06-11-2016

I have a AIR-CAP2602I-E-K9 to play with, I've converted it too Autonomous AP.

I want to create three SSID's

1x for GUEST Access on VLAN23
1x for MOBILE (phones etc, using WPA2-Enterprise)
1x for LAPTOPS (WPA2-Perosnal)

I cannot see anywhere on this WAP referring to WPA2-Enterpris?

I want to be able to use the SSID MOBILE to use my raduis server for Active Directory

Rasika Nayanajith · ‎06-11-2016

Refer below for Autonomous AP config with external RADIUS. I have used ACS as my RADIUS server in this post

https://mrncciew.com/2013/11/14/autonomous-ap-with-external-radius/

HTH

Rasika

*** Pls rate all useful responses ***

iantaylor1 · ‎06-11-2016

Hi - I can now see my SSID but its only giving me an option to enter a password on the SSID, where as I want to enter a Username\Password for the SSID:

Config below:

ap#SHOW RUNNing-config
Building configuration...

Current configuration : 3349 bytes
!
! Last configuration change at 03:31:00 UTC Wed Apr 17 2013
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
!
logging rate-limit console 9
enable secret 5 $1$m3qn$IZRC9XHSNm7e0Qfs5NFaf/
!
aaa new-model
!
!
aaa group server radius rad_eap
server name BMI-VADC1
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
server name BMI-VADC1
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
no ip source-route
no ip cef
!
!
!
!
dot11 syslog
dot11 vlan-name MOBILE vlan 20
!
dot11 ssid BMI-MOBILE2
   vlan 20
   authentication open eap eap_methods
   authentication network-eap eap_methods
   mbssid guest-mode
!
!
!
no ipv6 cef
!
!
username Cisco password 7 032752180500
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption vlan 20 mode ciphers aes-ccm
!
ssid BMI-MOBILE2
!
antenna gain 0
stbc
mbssid
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.20
encapsulation dot1Q 20
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption vlan 20 mode ciphers aes-ccm
!
ssid BMI-MOBILE2
!
antenna gain 0
peakdetect
no dfs band block
stbc
mbssid
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.20
encapsulation dot1Q 20
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.20
encapsulation dot1Q 20
bridge-group 20
bridge-group 20 spanning-disabled
no bridge-group 20 source-learning
!
interface BVI1
mac-address 7cad.74db.6ee9
ip address dhcp client-id GigabitEthernet0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
!
radius-server attribute 32 include-in-access-req format %h
!
radius server BMI-VADC1
address ipv4 10.52.10.1 auth-port 1645 acct-port 1646
key 7 1211001B1E045D56797F
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
transport input all
!
end

ap#

mohanak · ‎06-12-2016

Refer the link : http://www.cisco.com/c/en/us/support/docs/wireless/aironet-1100-series/44844-leapserver.html

http://www.cisco.com/c/en/us/td/docs/wireless/access_point/15-3-3/configuration/guide/cg15-3-3/cg15-3-3-chap11-authtypes.html#55579

http://www.cisco.com/c/en/us/td/docs/wireless/access_point/15-3-3/configuration/guide/cg15-3-3/cg15-3-3-chap11-authtypes.html#21390