Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Aironet 1200, 802.1x and Microsoft IAS (Radius) Server problems... (http://www.velocityreviews.com/forums/t35797-aironet-1200-802-1x-and-microsoft-ias-radius-server-problems.html)

Martin Bodenstedt 10-14-2004 09:24 AM

Aironet 1200, 802.1x and Microsoft IAS (Radius) Server problems...
 
hi,

does anybody have (or know of) a sample configuration to use the 1200 in
802.1x mode authenticating against a Microsoft Radius server using
Certificates?

any help greatly appreciated!


--
Martin Bodenstedt

www.landtag-bw.de / www.die-bodenstedts.de

John Smith 10-16-2004 11:44 AM

Re: Aironet 1200, 802.1x and Microsoft IAS (Radius) Server problems...
 
i dont...but i was trying to implement the exact same thing just this past
week. i couldn't for the life of me get it to work using a cisco wireless
pc card in my laptop. i tried configuring an EAP server to point to our
domain controller (which had radius installed on it) and even tried these
instructions for configuring the radius server:
http://support.microsoft.com/default...b;en-us;318710
nothing freaking worked...
i couldn't tell if my problem was:
1. the aironet
2. wireless pc card config
3. ms radius (IAS)
if you get it, or anyone else gets that working, definitely please post your
config(s)..!!
THANKS!!!

"Martin Bodenstedt" <martin.bodenstedt@gmx.de> wrote in message
news:cklgl7$qeh$1@news.BelWue.DE...
> hi,
>
> does anybody have (or know of) a sample configuration to use the 1200 in
> 802.1x mode authenticating against a Microsoft Radius server using
> Certificates?
>
> any help greatly appreciated!
>
>
> --
> Martin Bodenstedt
>
> www.landtag-bw.de / www.die-bodenstedts.de




Martin Bodenstedt 10-17-2004 10:33 AM

Re: Aironet 1200, 802.1x and Microsoft IAS (Radius) Server problems...
 
John Smith wrote:

> i dont...but i was trying to implement the exact same thing just this past
> week. i couldn't for the life of me get it to work using a cisco wireless
> pc card in my laptop. i tried configuring an EAP server to point to our
> domain controller (which had radius installed on it) and even tried these
> instructions for configuring the radius server:
> http://support.microsoft.com/default...b;en-us;318710
> nothing freaking worked...
> i couldn't tell if my problem was:
> 1. the aironet
> 2. wireless pc card config
> 3. ms radius (IAS)
> if you get it, or anyone else gets that working, definitely please post your
> config(s)..!!
> THANKS!!!
>


I will!

But I'm still looking...

--
Martin Bodenstedt

(www.die-bodenstedts.de / www.maboko.de)

John Smith 10-21-2004 01:29 AM

Re: Aironet 1200, 802.1x and Microsoft IAS (Radius) Server problems...
 
update:
for the time being i gave up..i could see my wireless trying to authenticate
against IAS (viewable in the event viewer on the windows box) but it was
saying bad username/password....i trying manually entering my username
password using cisco's desktop utility for the pc card and i tried just
checking use windows username/password or whatever..nothing worked...
i have given up and resigned myself to failure.
i implemented wep,wap, and mac authentication instead....ie i tried to use
as much other security as i could....

"Martin Bodenstedt" <post@die-bodenstedts.de> wrote in message
news:ckthos$7ek$00$2@news.t-online.com...
> John Smith wrote:
>
>> i dont...but i was trying to implement the exact same thing just this
>> past week. i couldn't for the life of me get it to work using a cisco
>> wireless pc card in my laptop. i tried configuring an EAP server to
>> point to our domain controller (which had radius installed on it) and
>> even tried these instructions for configuring the radius server:
>> http://support.microsoft.com/default...b;en-us;318710
>> nothing freaking worked...
>> i couldn't tell if my problem was:
>> 1. the aironet
>> 2. wireless pc card config
>> 3. ms radius (IAS)
>> if you get it, or anyone else gets that working, definitely please post
>> your config(s)..!!
>> THANKS!!!
>>

>
> I will!
>
> But I'm still looking...
>
> --
> Martin Bodenstedt
>
> (www.die-bodenstedts.de / www.maboko.de)




flitcraft33 03-07-2008 05:59 PM

working config
 
This config works but does not assign vlans properly.


aaa group server radius rad_eap1
server 10.3.1.2 auth-port 1645 acct-port 1646
!
aaa authentication login default group radius group rad_eap local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default group radius group rad_eap local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 vlan-name ptc vlan 17
!
d!
dot11 ssid ptc
vlan 17
authentication open eap eap_methods1
authentication network-eap eap_methods1
mbssid guest-mode
!
!
!
username das password 7 08054D58060C11464A5B55
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 17 mode ciphers aes-ccm
!

!

ssid ptc
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.17
encapsulation dot1Q 17
no ip route-cache
bridge-group 17
bridge-group 17 subscriber-loop-control
bridge-group 17 block-unknown-source
no bridge-group 17 source-learning
no bridge-group 17 unicast-flooding
bridge-group 17 spanning-disabled


Hope this helps.
!

dcpearso 03-08-2008 07:23 AM

I have got this working many times using the Cisco Wireless LAN Controller. The process is relativelty simple. I have never tried it on a 1200 series but i would imagine the process is quite similar.

Try http://www.cisco.com/en/US/docs/wire...de/c32sol.html

There is some good information on what groups and aaa messages to send from the radius to the cisco.

Are you using windows radius? If so i can send you a screenshot of how i configured dynamic vlans on it for the wlc.

dbcooper_1 04-13-2009 10:07 PM

Windows Radius Screenshot
 
I would be most greatful for a screenshot of your windows radius setup. I am in the process of getting my network tied down.
Thanks!


All times are GMT. The time now is 05:23 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.