Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCST & CCNA (Entry-level & Associate)
AP 1130AG Series (autonomous) RADIUS authentication problem
fbatista
Hi,
I hope someone can help me out in a configuration i'm trying to do for my company. Let me explain my problem, since i'm lost after reading so many documentation and trying so many configurations.
Basically we have 3 Cisco 1131AG Access Points that are supposed to work within our office in order to provide wirelless connectivity to our users. After figuring out how to revert the AP's from LWAPP mode into autonomous the idea was to configure the AP's to integrate with a remote Radius server (IAS from Midrosoft) or with the local Radius server that can be configured on the access point.
Until now i couldn't do it by myself and believe me when i said the the last few nights i have been working... today again (4.am) and no solution.
Could you please provide me some guidance? I would surely appreciate it.
I can provide some more details about the case.
Best regards
Francisco Batista
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
mikearama
I have several 1231's doing what you describe... other than using the 1200 series SDM, the process should be the same.
First, is it safe to assume that you're using local accounts on the Radius server? I mean, have you created the users accounts, or are you trying to tie into AD? For troubleshooting, having created user accounts manually is the place to start (removes possibility of ldap issues).
Let us know if this is the process you followed:
On the Security tab of the SDM, SSID Manager page, you want to set the Authentication method to something that includes EAP. For now, you might go Open, but then select "with EAP" in the drop-down list.
Now on the Server Manager page, under Corporate Servers, with Radius selected (our AP's worked with Radius, but not with Tacacs like the rest of our Cisco gear), enter the server IP and secret. Ports are optional as they're automatic, but I hardset ours to 1645 (Authentication) and 1646 (Accounting). Then, after you apply those changes, make sure your IP shows up in the Default Server Priorities dropdown for EAP Authentication (and Accounting, if you're using it).
That's it on the AP side. You've tuned the AP to now use EAP, pointing to a Radius server by IP for authentication.
On the Radius side, we use CiscoSecure ACS, but I assume the browsers are rather similar. Find the place in Network Configuration where you can add a AAA Client. Add the name, IP addy, and identical shared secret that you set on the AP. In CiscoSecure I have to explicitly say to authenticate using Radius (Cisco Aironet). Apply.
Is that the process you followed? Any deviations? Questions?
Mike
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
