Aironet 1200, 802.1x and Microsoft IAS (Radius) Server problems...

Discussion in 'Cisco' started by Martin Bodenstedt, Oct 14, 2004.

  1. hi,

    does anybody have (or know of) a sample configuration to use the 1200 in
    802.1x mode authenticating against a Microsoft Radius server using
    Certificates?

    any help greatly appreciated!
     
    Martin Bodenstedt, Oct 14, 2004
    #1
    1. Advertisements

  2. Martin Bodenstedt

    John Smith Guest

    i dont...but i was trying to implement the exact same thing just this past
    week. i couldn't for the life of me get it to work using a cisco wireless
    pc card in my laptop. i tried configuring an EAP server to point to our
    domain controller (which had radius installed on it) and even tried these
    instructions for configuring the radius server:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;318710
    nothing freaking worked...
    i couldn't tell if my problem was:
    1. the aironet
    2. wireless pc card config
    3. ms radius (IAS)
    if you get it, or anyone else gets that working, definitely please post your
    config(s)..!!
    THANKS!!!
     
    John Smith, Oct 16, 2004
    #2
    1. Advertisements

  3. I will!

    But I'm still looking...
     
    Martin Bodenstedt, Oct 17, 2004
    #3
  4. Martin Bodenstedt

    John Smith Guest

    update:
    for the time being i gave up..i could see my wireless trying to authenticate
    against IAS (viewable in the event viewer on the windows box) but it was
    saying bad username/password....i trying manually entering my username
    password using cisco's desktop utility for the pc card and i tried just
    checking use windows username/password or whatever..nothing worked...
    i have given up and resigned myself to failure.
    i implemented wep,wap, and mac authentication instead....ie i tried to use
    as much other security as i could....
     
    John Smith, Oct 21, 2004
    #4
  5. Martin Bodenstedt

    flitcraft33

    Joined:
    Mar 7, 2008
    Messages:
    1
    Likes Received:
    0
    working config

    This config works but does not assign vlans properly.


    aaa group server radius rad_eap1
    server 10.3.1.2 auth-port 1645 acct-port 1646
    !
    aaa authentication login default group radius group rad_eap local
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authentication login eap_methods1 group rad_eap1
    aaa authorization exec default group radius group rad_eap local
    aaa accounting network acct_methods start-stop group rad_acct
    aaa session-id common
    dot11 vlan-name ptc vlan 17
    !
    d!
    dot11 ssid ptc
    vlan 17
    authentication open eap eap_methods1
    authentication network-eap eap_methods1
    mbssid guest-mode
    !
    !
    !
    username das password 7 08054D58060C11464A5B55
    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption vlan 17 mode ciphers aes-ccm
    !

    !

    ssid ptc
    !
    mbssid
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    channel 2437
    station-role root
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface Dot11Radio0.17
    encapsulation dot1Q 17
    no ip route-cache
    bridge-group 17
    bridge-group 17 subscriber-loop-control
    bridge-group 17 block-unknown-source
    no bridge-group 17 source-learning
    no bridge-group 17 unicast-flooding
    bridge-group 17 spanning-disabled


    Hope this helps.
    !
     
    flitcraft33, Mar 7, 2008
    #5
  6. Martin Bodenstedt

    dcpearso

    Joined:
    Mar 8, 2008
    Messages:
    6
    Likes Received:
    0
    I have got this working many times using the Cisco Wireless LAN Controller. The process is relativelty simple. I have never tried it on a 1200 series but i would imagine the process is quite similar.

    Try http://www.cisco.com/en/US/docs/wireless/controller/3.2/configuration/guide/c32sol.html

    There is some good information on what groups and aaa messages to send from the radius to the cisco.

    Are you using windows radius? If so i can send you a screenshot of how i configured dynamic vlans on it for the wlc.
     
    dcpearso, Mar 8, 2008
    #6
  7. Martin Bodenstedt

    dbcooper_1

    Joined:
    Apr 13, 2009
    Messages:
    1
    Likes Received:
    0
    Windows Radius Screenshot

    I would be most greatful for a screenshot of your windows radius setup. I am in the process of getting my network tied down.
    Thanks!
     
    dbcooper_1, Apr 13, 2009
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.