Improve company productivity with a Business Account.Sign Up

x
?
Solved

Cisco Aironet SSID with Radius

Posted on 2010-11-15
8
Medium Priority
?
1,798 Views
Last Modified: 2013-12-09
Hi Guys,

I have a ssid on my Cisco Aironet 1310 and a radius server running (freeradius)

What setting do I need to put on the AP so when a user tries to connect to that ssid he is prompted for a username and password and not a wpa ley.

And that username and password would be checked from the radius server.

Thanks
0
Comment
Question by:masdf123
  • 4
  • 4
8 Comments
 
LVL 25

Accepted Solution

by:
Ken Boone earned 2000 total points
ID: 34145307
something like this:

aaa group server radius rad_eap
 server 1.1.2.13 auth-port 1645 acct-port 1646
!
aaa group server radius rad_acct
 server 1.1.2.13 auth-port 1645 acct-port 1646

aaa authentication login eap_methods group rad_eap

dot11 ssid example-ssid
   vlan 29
   authentication network-eap eap_methods
   authentication open eap eap_methods

radius-server attribute 32 include-in-access-req format %h
radius-server host 1.1.2.13 auth-port 1645 acct-port 1646 key radius-pwd
radius-server host 1.1.2.13 auth-port 1812 acct-port 1813 key radius-pwd
radius-server vsa send accounting


The radius password has to match on the radius server.  You will also need a certificate on the radius server, as well as on the client.  
0
 
LVL 1

Author Comment

by:masdf123
ID: 34145653
Why do you have 2 lines?:

radius-server host 1.1.2.13 auth-port 1645 acct-port 1646 key radius-pwd
radius-server host 1.1.2.13 auth-port 1812 acct-port 1813 key radius-pwd
0
 
LVL 25

Assisted Solution

by:Ken Boone
Ken Boone earned 2000 total points
ID: 34146407
sorry you don't need the second line.  Radius can use 1812 and 1813 or 1645 and 1646.  So the rest of the config is refering to 1645 and 1646 in my example.  If your radius server uses 1812 and 1813 you will also need to change the previous lines in the aaa group commands and then ditch the 1645 and 1646 references.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
LVL 1

Author Comment

by:masdf123
ID: 34149027
For this to work with freeradius. I am enabling anything specific?
0
 
LVL 25

Expert Comment

by:Ken Boone
ID: 34149045
Not that I am aware of.  I have never set up freeradius.   I have used cisco's acs server and I have used microsoft IAS and NPS.  Radius is a standards based protocol.  I would think you would still need to define the AP as a radius client and configure the shared key password that will be used for the radius communications on the freeradius server.
0
 
LVL 1

Author Comment

by:masdf123
ID: 34149052
So something like EAP enabled?
0
 
LVL 1

Author Comment

by:masdf123
ID: 34149065
And when I connect this AP so a vlan port on the switch. Do I tell the switch about radius ?
0
 
LVL 25

Assisted Solution

by:Ken Boone
Ken Boone earned 2000 total points
ID: 34149256
No its just between the AP and radius.
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question