dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
101
share rss forum feed

krock83

join:2010-03-02
reply to krock83

Re: Wireless 881 user Authentication via Radius

So I was able to connect to Wireless by leaving some of the commands out that encrypot the data.

this works using radius, but the data is not encrypted

dot11 ssid 881W_Test
   vlan 1
   authentication open 
   accounting 881W_Test-Accounting_Method
   guest-mode
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !        
 ssid 881W_Test
 !
 antenna gain 0
 station-role root
 

but when I add this command to the ssid

authentication key-management wpa
 

and this command to the interface dot11radio0

encryption vlan 1 mode ciphers tkip
 

I lose connection. Why would it be that it is working without encryption but loses connectivity when adding encryption?


Da Geek Kid

join:2003-10-11
::1
kudos:1
Reviews:
·Callcentric
Ok. not sure about the exact situation but here's a sample config for an eap config using aes

aaa group server radius rad_eap
server 192.168.1.113 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
dot11 ssid test123
vlan 22
authentication open eap eap_methods
authentication network-eap eap_methods
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 22 mode ciphers aes-ccm
!
ssid test123

aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to krock83
said by krock83:

So I was able to connect to Wireless by leaving some of the commands out that encrypt the data.

this works using radius, but the data is not encrypted

dot11 ssid 881W_Test
   vlan 1
   authentication open 
   accounting 881W_Test-Accounting_Method
   guest-mode
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !        
 ssid 881W_Test
 !
 antenna gain 0
 station-role root
 

but when I add this command to the ssid

authentication key-management wpa
 

and this command to the interface dot11radio0

encryption vlan 1 mode ciphers tkip
 

I lose connection. Why would it be that it is working without encryption but loses connectivity when adding encryption?

I'm guessing you use VLAN 1 for also management. Did you try to dedicate different VLAN (i.e. VLAN 2 or 3) for wireless users separate from the management VLAN?