Cisco Aironet SSID with Radius

Hi Guys,

I have a ssid on my Cisco Aironet 1310 and a radius server running (freeradius)

What setting do I need to put on the AP so when a user tries to connect to that ssid he is prompted for a username and password and not a wpa ley.

And that username and password would be checked from the radius server.

Thanks
LVL 1
masdf123Asked:
Who is Participating?
 
Ken BooneConnect With a Mentor Network ConsultantCommented:
something like this:

aaa group server radius rad_eap
 server 1.1.2.13 auth-port 1645 acct-port 1646
!
aaa group server radius rad_acct
 server 1.1.2.13 auth-port 1645 acct-port 1646

aaa authentication login eap_methods group rad_eap

dot11 ssid example-ssid
   vlan 29
   authentication network-eap eap_methods
   authentication open eap eap_methods

radius-server attribute 32 include-in-access-req format %h
radius-server host 1.1.2.13 auth-port 1645 acct-port 1646 key radius-pwd
radius-server host 1.1.2.13 auth-port 1812 acct-port 1813 key radius-pwd
radius-server vsa send accounting


The radius password has to match on the radius server.  You will also need a certificate on the radius server, as well as on the client.  
0
 
masdf123Author Commented:
Why do you have 2 lines?:

radius-server host 1.1.2.13 auth-port 1645 acct-port 1646 key radius-pwd
radius-server host 1.1.2.13 auth-port 1812 acct-port 1813 key radius-pwd
0
 
Ken BooneConnect With a Mentor Network ConsultantCommented:
sorry you don't need the second line.  Radius can use 1812 and 1813 or 1645 and 1646.  So the rest of the config is refering to 1645 and 1646 in my example.  If your radius server uses 1812 and 1813 you will also need to change the previous lines in the aaa group commands and then ditch the 1645 and 1646 references.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
masdf123Author Commented:
For this to work with freeradius. I am enabling anything specific?
0
 
Ken BooneNetwork ConsultantCommented:
Not that I am aware of.  I have never set up freeradius.   I have used cisco's acs server and I have used microsoft IAS and NPS.  Radius is a standards based protocol.  I would think you would still need to define the AP as a radius client and configure the shared key password that will be used for the radius communications on the freeradius server.
0
 
masdf123Author Commented:
So something like EAP enabled?
0
 
masdf123Author Commented:
And when I connect this AP so a vlan port on the switch. Do I tell the switch about radius ?
0
 
Ken BooneConnect With a Mentor Network ConsultantCommented:
No its just between the AP and radius.
0
All Courses

From novice to tech pro — start learning today.