AP 1130AG Series (autonomous) RADIUS authentication problem

fbatistafbatista Member Posts: 2 ■□□□□□□□□□
Hi,

I hope someone can help me out in a configuration i'm trying to do for my company. Let me explain my problem, since i'm lost after reading so many documentation and trying so many configurations.

Basically we have 3 Cisco 1131AG Access Points that are supposed to work within our office in order to provide wirelless connectivity to our users. After figuring out how to revert the AP's from LWAPP mode into autonomous the idea was to configure the AP's to integrate with a remote Radius server (IAS from Midrosoft) or with the local Radius server that can be configured on the access point.
Until now i couldn't do it by myself and believe me when i said the the last few nights i have been working... today again (4.am) and no solution.

Could you please provide me some guidance? I would surely appreciate it.

I can provide some more details about the case.

Best regards

Francisco Batista

Comments

  • mikearamamikearama Member Posts: 749
    I have several 1231's doing what you describe... other than using the 1200 series SDM, the process should be the same.

    First, is it safe to assume that you're using local accounts on the Radius server? I mean, have you created the users accounts, or are you trying to tie into AD? For troubleshooting, having created user accounts manually is the place to start (removes possibility of ldap issues).

    Let us know if this is the process you followed:

    On the Security tab of the SDM, SSID Manager page, you want to set the Authentication method to something that includes EAP. For now, you might go Open, but then select "with EAP" in the drop-down list.

    Now on the Server Manager page, under Corporate Servers, with Radius selected (our AP's worked with Radius, but not with Tacacs like the rest of our Cisco gear), enter the server IP and secret. Ports are optional as they're automatic, but I hardset ours to 1645 (Authentication) and 1646 (Accounting). Then, after you apply those changes, make sure your IP shows up in the Default Server Priorities dropdown for EAP Authentication (and Accounting, if you're using it).

    That's it on the AP side. You've tuned the AP to now use EAP, pointing to a Radius server by IP for authentication.

    On the Radius side, we use CiscoSecure ACS, but I assume the browsers are rather similar. Find the place in Network Configuration where you can add a AAA Client. Add the name, IP addy, and identical shared secret that you set on the AP. In CiscoSecure I have to explicitly say to authenticate using Radius (Cisco Aironet). Apply.

    Is that the process you followed? Any deviations? Questions?

    Mike
    There are only 10 kinds of people... those who understand binary, and those that don't.

    CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

    Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
Sign In or Register to comment.