Aironet 1200, 802.1x and Microsoft IAS (Radius) Server problems...

Discussion in 'Cisco' started by Martin Bodenstedt, Oct 14, 2004.

  1. hi,

    does anybody have (or know of) a sample configuration to use the 1200 in
    802.1x mode authenticating against a Microsoft Radius server using
    Certificates?

    any help greatly appreciated!


    --
    Martin Bodenstedt

    www.landtag-bw.de / www.die-bodenstedts.de
     
    Martin Bodenstedt, Oct 14, 2004
    #1
    1. Advertising

  2. Martin Bodenstedt

    John Smith Guest

    i dont...but i was trying to implement the exact same thing just this past
    week. i couldn't for the life of me get it to work using a cisco wireless
    pc card in my laptop. i tried configuring an EAP server to point to our
    domain controller (which had radius installed on it) and even tried these
    instructions for configuring the radius server:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;318710
    nothing freaking worked...
    i couldn't tell if my problem was:
    1. the aironet
    2. wireless pc card config
    3. ms radius (IAS)
    if you get it, or anyone else gets that working, definitely please post your
    config(s)..!!
    THANKS!!!

    "Martin Bodenstedt" <> wrote in message
    news:cklgl7$qeh$...
    > hi,
    >
    > does anybody have (or know of) a sample configuration to use the 1200 in
    > 802.1x mode authenticating against a Microsoft Radius server using
    > Certificates?
    >
    > any help greatly appreciated!
    >
    >
    > --
    > Martin Bodenstedt
    >
    > www.landtag-bw.de / www.die-bodenstedts.de
     
    John Smith, Oct 16, 2004
    #2
    1. Advertising

  3. John Smith wrote:

    > i dont...but i was trying to implement the exact same thing just this past
    > week. i couldn't for the life of me get it to work using a cisco wireless
    > pc card in my laptop. i tried configuring an EAP server to point to our
    > domain controller (which had radius installed on it) and even tried these
    > instructions for configuring the radius server:
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;318710
    > nothing freaking worked...
    > i couldn't tell if my problem was:
    > 1. the aironet
    > 2. wireless pc card config
    > 3. ms radius (IAS)
    > if you get it, or anyone else gets that working, definitely please post your
    > config(s)..!!
    > THANKS!!!
    >


    I will!

    But I'm still looking...

    --
    Martin Bodenstedt

    (www.die-bodenstedts.de / www.maboko.de)
     
    Martin Bodenstedt, Oct 17, 2004
    #3
  4. Martin Bodenstedt

    John Smith Guest

    update:
    for the time being i gave up..i could see my wireless trying to authenticate
    against IAS (viewable in the event viewer on the windows box) but it was
    saying bad username/password....i trying manually entering my username
    password using cisco's desktop utility for the pc card and i tried just
    checking use windows username/password or whatever..nothing worked...
    i have given up and resigned myself to failure.
    i implemented wep,wap, and mac authentication instead....ie i tried to use
    as much other security as i could....

    "Martin Bodenstedt" <> wrote in message
    news:ckthos$7ek$00$-online.com...
    > John Smith wrote:
    >
    >> i dont...but i was trying to implement the exact same thing just this
    >> past week. i couldn't for the life of me get it to work using a cisco
    >> wireless pc card in my laptop. i tried configuring an EAP server to
    >> point to our domain controller (which had radius installed on it) and
    >> even tried these instructions for configuring the radius server:
    >> http://support.microsoft.com/default.aspx?scid=kb;en-us;318710
    >> nothing freaking worked...
    >> i couldn't tell if my problem was:
    >> 1. the aironet
    >> 2. wireless pc card config
    >> 3. ms radius (IAS)
    >> if you get it, or anyone else gets that working, definitely please post
    >> your config(s)..!!
    >> THANKS!!!
    >>

    >
    > I will!
    >
    > But I'm still looking...
    >
    > --
    > Martin Bodenstedt
    >
    > (www.die-bodenstedts.de / www.maboko.de)
     
    John Smith, Oct 21, 2004
    #4
  5. Martin Bodenstedt

    flitcraft33

    Joined:
    Mar 7, 2008
    Messages:
    1
    working config

    This config works but does not assign vlans properly.


    aaa group server radius rad_eap1
    server 10.3.1.2 auth-port 1645 acct-port 1646
    !
    aaa authentication login default group radius group rad_eap local
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authentication login eap_methods1 group rad_eap1
    aaa authorization exec default group radius group rad_eap local
    aaa accounting network acct_methods start-stop group rad_acct
    aaa session-id common
    dot11 vlan-name ptc vlan 17
    !
    d!
    dot11 ssid ptc
    vlan 17
    authentication open eap eap_methods1
    authentication network-eap eap_methods1
    mbssid guest-mode
    !
    !
    !
    username das password 7 08054D58060C11464A5B55
    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption vlan 17 mode ciphers aes-ccm
    !

    !

    ssid ptc
    !
    mbssid
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    channel 2437
    station-role root
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface Dot11Radio0.17
    encapsulation dot1Q 17
    no ip route-cache
    bridge-group 17
    bridge-group 17 subscriber-loop-control
    bridge-group 17 block-unknown-source
    no bridge-group 17 source-learning
    no bridge-group 17 unicast-flooding
    bridge-group 17 spanning-disabled


    Hope this helps.
    !
     
    flitcraft33, Mar 7, 2008
    #5
  6. Martin Bodenstedt

    dcpearso

    Joined:
    Mar 8, 2008
    Messages:
    6
    I have got this working many times using the Cisco Wireless LAN Controller. The process is relativelty simple. I have never tried it on a 1200 series but i would imagine the process is quite similar.

    Try http://www.cisco.com/en/US/docs/wireless/controller/3.2/configuration/guide/c32sol.html

    There is some good information on what groups and aaa messages to send from the radius to the cisco.

    Are you using windows radius? If so i can send you a screenshot of how i configured dynamic vlans on it for the wlc.
     
    dcpearso, Mar 8, 2008
    #6
  7. Martin Bodenstedt

    dbcooper_1

    Joined:
    Apr 13, 2009
    Messages:
    1
    Windows Radius Screenshot

    I would be most greatful for a screenshot of your windows radius setup. I am in the process of getting my network tied down.
    Thanks!
     
    dbcooper_1, Apr 13, 2009
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeff
    Replies:
    2
    Views:
    1,945
  2. jt
    Replies:
    6
    Views:
    2,493
  3. Andre Paetzold

    Aironet 1200 and Aironet 1300 compatible?

    Andre Paetzold, Dec 8, 2004, in forum: Cisco
    Replies:
    2
    Views:
    906
    Andre Paetzold
    Dec 9, 2004
  4. keons1
    Replies:
    2
    Views:
    2,169
    Martin Bodenstedt
    Jul 14, 2005
  5. Georg Dingler
    Replies:
    0
    Views:
    1,317
    Georg Dingler
    Nov 8, 2006
Loading...

Share This Page