09-27-2011 09:09 PM - edited 07-03-2021 08:50 PM
09-28-2011 07:47 AM
Maybe your RADIUS server is listening on the wrong port..? (1812/1645 ?)
09-28-2011 12:34 PM
Have you tried sourcing the interface for radius?
ip radius source-interface
09-28-2011 05:08 PM
Thanks for the responses..
Nigel,
The server is listening on ports 1812/1813 and 1645/1646. Router is using 1812 & 1813.
jliscano,
BVI1 is set as the sourcing interface already. Posting the shortened config below:
Building configuration...
hostname SAHO-AP
!
aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.x.167 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
server 192.168.x.167 auth-port 1812 acct-port 1813
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
clock timezone EST 10
clock summer-time D-EST recurring 1 Sun Apr 2:00 1 Sun Oct 3:00 1
ip domain name xxxx
ip name-server 192.168.x
ip name-server 192.168.x
ip name-server 192.168.x
!
!
dot11 syslog
!
dot11 ssid (omitted)
vlan 1
authentication open eap eap_methods
authentication key-management wpa version 2
accounting acct_methods
guest-mode
!
dot11 ids mfp distributor
dot11 ids mfp detector
dot11 ids mfp generator
!
crypto pki trustpoint TP-self-signed-x
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-x
revocation-check none
rsakeypair TP-self-signed-x
!
!
crypto pki certificate chain TP-self-signed-x
certificate self-signed 01
x
quit
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
broadcast-key vlan 1 change 30
!
!
ssid (Omitted)
!
antenna gain 0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecti
ng AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.x.40 -------------
no ip route-cache
!
ip http server
ip http authentication local
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
snmp-server community xx RW
snmp-server host 192.168.x.36 xx snmp
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.100.167 auth-port 1645 acct-port 1646 key xx
radius-server vsa send accounting
bridge 1 route ip
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide