We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Cisco Access Point 1130ag  EAP with Windows XP Clients

Medium Priority
463 Views
Last Modified: 2013-11-12
I am trying to get a laptop to Authenitcate with my Raduis Server(192.168.10.10) over a Cisco Access Point 1130.  
The Access point is a radius client with IP address of 192.168.10.211
Radius server is 192.168.10.10
Remote Access Policy Windows-Groups Root\Domain Users; Root\Domain Computers
The computer and user attempting to access the domian are both members of those groups.
Radius EAP Methods are Protected (EAP)

Any advice why I cannot connect?

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 $1$HFDt$sfrkhunilT7quKN9neaQv1
!
aaa new-model
!
!
aaa group server radius rad_eap
 server 192.168.10.10 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
 server 192.168.10.10 auth-port 1645 acct-port 1646
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local 
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
!
dot11 vlan-name Blairsville vlan 3
!
dot11 ssid LSI
   vlan 3
   authentication open eap eap_methods 
   authentication network-eap eap_methods 
   guest-mode
   infrastructure-ssid optional
   information-element ssidl advertisement wps
!
dot11 network-map
power inline negotiation prestandard source
!
!
username Cisco password 7 047802150C2E
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 3 mode ciphers tkip 
 !
 ssid LSI
 !
 channel 2422
 station-role root
!
interface Dot11Radio0.3
 encapsulation dot1Q 3 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface FastEthernet0.3
 encapsulation dot1Q 3 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address dhcp client-id FastEthernet0
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1 
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.10.10 auth-port 1645 acct-port 1646 key 7 0120120D550C031D70
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end

Open in new window

Comment
Watch Question

Commented:
More information about the laptop will help in troubleshooting - is this the only laptop having trouble? Are there others setup exactly like this one that aren't having trouble?

Also - do you have an AV on this laptop that could have a firewall turned on? Ensure UDP ports 1812 and 1813 are open, as RADIUS uses these ports for authentication and accounting messages.

Author

Commented:
All laptops, no firewall. All upd ports are open as this is on an internal network.
IT Architect/Technology Delivery Manager
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.