Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
634
Views
0
Helpful
6
Replies

PEAP to IAS on Cisco 871

Go to solution
sphughes
Level 1
Level 1

‎05-11-2006 07:32 PM - edited ‎07-04-2021 12:04 PM

I'm trying to setup a 871 to authenticate users using PEAP over a site-to-site VPN to an MS IAS server. I setup the IAS according to an MS document. I have the site-to-site up and connected but can't get the client to authenticate. When I check the IAS logs, I show no activity at all. So I suspect a problem with the ACL, but don't really know. My cleaned config is attached below. Any and all help is much appreciated.

Labels:
Preview file
9 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sgerhart
Level 1
Level 1

‎05-17-2006 06:19 PM

Use this command

ip radius source-interface BVI1

View solution in original post

0 Helpful
6 Replies 6

Go to solution
sgerhart
Level 1
Level 1

‎05-17-2006 06:19 PM

Use this command

ip radius source-interface BVI1

0 Helpful

Go to solution
sphughes
Level 1
Level 1
In response to sgerhart

‎05-18-2006 08:45 AM

Wow! Thanks, that got me authenticated. I knew it was going to be something incredibly simple.

Now, I'm authenticated, but not getting a dhcp address. I'm questioning the statement "no ip dhcp use vrf connected", I don't know what that means, I'm going to try removing it and see what happens.

Thanks again.

0 Helpful

Go to solution
sphughes
Level 1
Level 1
In response to sphughes

‎05-18-2006 10:11 AM

OK, I'm still not getting DHCP to work, I configured an IP helper for the radio interface pointing back to the BVI, but to no avail.

I also tried toggling the "use vrf connected" and still nothing.

If you have an idea, I'd love it, but if not, I'll start another thread. Thanks again.

0 Helpful

Go to solution
scottmac
Level 10
Level 10
In response to sphughes

‎05-18-2006 03:16 PM

IPHELPER should be on the AP side of the Router or L3 switch, pointing to the DHCP server.

IPHELPER converts/packages the DHCP broadcast into a unicast aimed at the DHCP server. The DHCP server will unicast the address bid back to the requester.

Also be advised that other broadcasts are passed by default. You can configure which broadcasts that IPHELPER will "help" if this is an issue for you.

Good Luck

Scott

0 Helpful

Go to solution
sphughes
Level 1
Level 1
In response to scottmac

‎05-19-2006 09:55 AM

Scott -

I think I follow you when you say the "AP Side", but I've tried that. I applied IPHELPER pointing to the BVI1 interface to both the dot11radio0 and dot11radio0.1. Is there something I need to do to tell the router that I want the BVI1 interface to be the DHCP server?

At this point extranieous broadcasts are fine, I just want to get it working, I figure then I can fine tune it until I break it again.

Thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card