Hey Guys,

I can't seem to get the SSID RadiusTest to work properly.

Windows PC's show "Windows was unable to find a certificate to log you into the network". Macs don't authenticate either. Radius server isn't seeing any requests at all. Radius server is working because we are authenticating other things to it.

On my test 1231, IOS is 12.3(8) JEB1.

And all help is appreciated.

Thanks,

Scott

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname TKS-AP1231-ICTServices

!

enable secret 5 $1$Izyg$qXSRYpFDI9ZX6F50vDrku0

!

clock timezone K 10

clock summer-time K recurring

ip subnet-zero

ip domain lookup source-interface BVI1

ip domain name domain.com.au

ip name-server 172.16.###.###

ip name-server 172.16.###.###

!

!

aaa new-model

!

!

aaa group server radius rad_eap

server 172.16.###.### auth-port 1812 acct-port 1813

ip radius source-interface BVI1

!

aaa group server tacacs+ tac_admin

!

aaa group server radius infrastructure

!

aaa group server radius clients

!

aaa group server radius central_auth

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa group server radius rad_eap1

server-private 172.16.###.### auth-port 1812 acct-port 1813 key 7 060D062F4B5D1B18045GHW1E0718

server 172.16.###.### auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authentication login method_infrastructure group infrastructure

aaa authentication login method_clients group clients

aaa authentication login method_Central group central_auth local

aaa authentication login eap_methods1 group rad_eap1

aaa authorization exec default local

aaa authorization exec method_Central group central_auth local

aaa accounting network acct_methods start-stop group rad_acct

aaa session-id common

dot11 mbssid

dot11 vlan-name Conference vlan 150

!

dot11 ssid RadiusTest

   vlan 18

   authentication open eap eap_methods

   authentication network-eap eap_methods

   authentication key-management wpa

   mbssid guest-mode

!

dot11 ssid Staff

   vlan 17

   authentication open

   authentication key-management wpa optional

   wpa-psk ascii 7 055E5F5E0555401B161003171928013C22272D6B6370

!

dot11 ssid Student

   vlan 16

   authentication open

   authentication key-management wpa

   guest-mode

   mbssid guest-mode

   wpa-psk ascii 7 02575102282A2323434F1B1D0C1915595A5C

!

!

dot11 network-map

dot11 arp-cache optional

!

!

username ########## privilege 15 password 7 ###################

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 17 mode ciphers tkip wep40

!

encryption vlan 16 mode ciphers tkip

!

encryption vlan 18 mode ciphers aes-ccm tkip

!

ssid RadiusTest

!

ssid Staff

!

ssid Student

!

speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0

no power client local

power client 50

power local cck 50

power local ofdm 20

channel 2437

station-role root

!

interface Dot11Radio0.6

encapsulation dot1Q 6 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

!

interface Dot11Radio0.16

encapsulation dot1Q 16

no ip route-cache

bridge-group 16

bridge-group 16 subscriber-loop-control

bridge-group 16 port-protected

bridge-group 16 block-unknown-source

no bridge-group 16 source-learning

no bridge-group 16 unicast-flooding

bridge-group 16 spanning-disabled

!

interface Dot11Radio0.17

encapsulation dot1Q 17

no ip route-cache

bridge-group 17

bridge-group 17 subscriber-loop-control

bridge-group 17 port-protected

bridge-group 17 block-unknown-source

no bridge-group 17 source-learning

no bridge-group 17 unicast-flooding

bridge-group 17 spanning-disabled

!

interface Dot11Radio0.18

encapsulation dot1Q 18

no ip route-cache

bridge-group 18

bridge-group 18 subscriber-loop-control

bridge-group 18 block-unknown-source

no bridge-group 18 source-learning

no bridge-group 18 unicast-flooding

bridge-group 18 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.6

encapsulation dot1Q 6 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.16

encapsulation dot1Q 16

no ip route-cache

bridge-group 16

no bridge-group 16 source-learning

bridge-group 16 spanning-disabled

!

interface FastEthernet0.17

encapsulation dot1Q 17

no ip route-cache

bridge-group 17

no bridge-group 170 source-learning

bridge-group 17 spanning-disabled

!

interface FastEthernet0.18

encapsulation dot1Q 18

no ip route-cache

bridge-group 18

no bridge-group 18 source-learning

bridge-group 18 spanning-disabled

!

interface BVI1

ip address 172.16.#.### 255.255.255.192

no ip route-cache

!

ip default-gateway 172.16.#.###

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

!

logging history debugging

snmp-server view iso iso included

snmp-server community KingsRO RO

snmp-server community KingsWr1t3 RW

snmp-server trap-source BVI1

snmp-server location ###

snmp-server contact ############################################

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty

snmp-server enable traps entity

snmp-server enable traps disassociate

snmp-server enable traps deauthenticate

snmp-server enable traps authenticate-fail

snmp-server enable traps dot11-qos

snmp-server enable traps switch-over

snmp-server enable traps rogue-ap

snmp-server enable traps wlan-wep

snmp-server enable traps config

snmp-server enable traps syslog

snmp-server enable traps cpu threshold

snmp-server enable traps aaa_server

snmp-server host 172.16.###.## version 2c cisco udp-port 1620

radius-server host 172.16.###.### auth-port 1812 acct-port 1813 key ##########################

bridge 1 route ip

!

!

wlccp ap username wds password #################

wlccp authentication-server infrastructure method_infrastructure

wlccp authentication-server client any method_clients

banner login ^C

#############################################

^C

!

line con 0

line vty 0 4

!

sntp server 172.16.###.###

sntp server 172.16.###.###

sntp server 172.16.###.###

sntp broadcast client

end