[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1787
  • Last Modified:

Cisco Aironet SSID with Radius

Hi Guys,

I have a ssid on my Cisco Aironet 1310 and a radius server running (freeradius)

What setting do I need to put on the AP so when a user tries to connect to that ssid he is prompted for a username and password and not a wpa ley.

And that username and password would be checked from the radius server.

Thanks
0
masdf123
Asked:
masdf123
  • 4
  • 4
3 Solutions
 
Ken BooneNetwork ConsultantCommented:
something like this:

aaa group server radius rad_eap
 server 1.1.2.13 auth-port 1645 acct-port 1646
!
aaa group server radius rad_acct
 server 1.1.2.13 auth-port 1645 acct-port 1646

aaa authentication login eap_methods group rad_eap

dot11 ssid example-ssid
   vlan 29
   authentication network-eap eap_methods
   authentication open eap eap_methods

radius-server attribute 32 include-in-access-req format %h
radius-server host 1.1.2.13 auth-port 1645 acct-port 1646 key radius-pwd
radius-server host 1.1.2.13 auth-port 1812 acct-port 1813 key radius-pwd
radius-server vsa send accounting


The radius password has to match on the radius server.  You will also need a certificate on the radius server, as well as on the client.  
0
 
masdf123Author Commented:
Why do you have 2 lines?:

radius-server host 1.1.2.13 auth-port 1645 acct-port 1646 key radius-pwd
radius-server host 1.1.2.13 auth-port 1812 acct-port 1813 key radius-pwd
0
 
Ken BooneNetwork ConsultantCommented:
sorry you don't need the second line.  Radius can use 1812 and 1813 or 1645 and 1646.  So the rest of the config is refering to 1645 and 1646 in my example.  If your radius server uses 1812 and 1813 you will also need to change the previous lines in the aaa group commands and then ditch the 1645 and 1646 references.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
masdf123Author Commented:
For this to work with freeradius. I am enabling anything specific?
0
 
Ken BooneNetwork ConsultantCommented:
Not that I am aware of.  I have never set up freeradius.   I have used cisco's acs server and I have used microsoft IAS and NPS.  Radius is a standards based protocol.  I would think you would still need to define the AP as a radius client and configure the shared key password that will be used for the radius communications on the freeradius server.
0
 
masdf123Author Commented:
So something like EAP enabled?
0
 
masdf123Author Commented:
And when I connect this AP so a vlan port on the switch. Do I tell the switch about radius ?
0
 
Ken BooneNetwork ConsultantCommented:
No its just between the AP and radius.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now