site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Equipment Support > Hardware By Brand > Cisco > Wireless 881 user Authentication via Radius

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Submit a new forum topic ·Forum FAQ ·Submit a FAQ ·Docs Guidelines and Advisories ·EOS/EOL thread
AuthorAll Replies

krock83

join:2010-03-02

reply to krock83

Re: Wireless 881 user Authentication via Radius

So I was able to connect to Wireless by leaving some of the commands out that encrypot the data.

this works using radius, but the data is not encrypted

dot11 ssid 881W_Test
   vlan 1
   authentication open 
   accounting 881W_Test-Accounting_Method
   guest-mode
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !        
 ssid 881W_Test
 !
 antenna gain 0
 station-role root

but when I add this command to the ssid

authentication key-management wpa

and this command to the interface dot11radio0

encryption vlan 1 mode ciphers tkip

I lose connection. Why would it be that it is working without encryption but loses connectivity when adding encryption?
to forum · permalink · 2012-11-13 12:13:01 ·


Da Geek Kid

join:2003-10-11
::1
kudos:1

Ok. not sure about the exact situation but here's a sample config for an eap config using aes

aaa group server radius rad_eap
server 192.168.1.113 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
dot11 ssid test123
vlan 22
authentication open eap eap_methods
authentication network-eap eap_methods
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 22 mode ciphers aes-ccm
!
ssid test123

to forum · permalink · 2012-11-13 15:48:58 ·

aryoba
Premium,MVM
join:2002-08-22
kudos:3

reply to krock83

said by krock83:

So I was able to connect to Wireless by leaving some of the commands out that encrypt the data.

this works using radius, but the data is not encrypted

dot11 ssid 881W_Test
   vlan 1
   authentication open 
   accounting 881W_Test-Accounting_Method
   guest-mode
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !        
 ssid 881W_Test
 !
 antenna gain 0
 station-role root

but when I add this command to the ssid

authentication key-management wpa

and this command to the interface dot11radio0

encryption vlan 1 mode ciphers tkip

I lose connection. Why would it be that it is working without encryption but loses connectivity when adding encryption?

I'm guessing you use VLAN 1 for also management. Did you try to dedicate different VLAN (i.e. VLAN 2 or 3) for wireless users separate from the management VLAN?
to forum · permalink · 2012-11-15 16:57:52 ·
Forums > Equipment Support > Hardware By Brand > Cisco

Friday, 24-May 12:11:43 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics