Monday 23 May 2011

Cisco Aironet SSID with Radius

Here you have a sample configuration:
aaa group server radius rad_eap
server 1.1.2.13 auth-port 1645 acct-port 1646
!
aaa group server radius rad_acct
server 1.1.2.13 auth-port 1645 acct-port 1646
aaa authentication login eap_methods group rad_eap
dot11 ssid example-ssid
vlan 29
authentication network-eap eap_methods
authentication open eap eap_methods
authentication key-management wpa
accounting rad_acct
interface Dot11Radio0
encryption vlan 1 mode ciphers tkip
ssid example-ssid
radius-server attribute 32 include-in-access-req format %h
radius-server host 1.1.2.13 auth-port 1645 acct-port 1646 key radius-pwd
radius-server host 1.1.2.13 auth-port 1812 acct-port 1813 key radius-pwd
radius-server vsa send accounting

You don't need the radius-server host 1.1.2.13 auth-port 1812 acct-port 1813 key radius-pwd line.
Radius can use 1812 and 1813 or 1645 and 1646. So the rest of the config is refering to 1645 and 1646 in my example. If your radius server uses 1812 and 1813 you will also need to change the previous lines in the aaa group commands and then ditch the 1645 and 1646 references.

NOTE: If the AP is not sending the ssid information to the radius server try adding this to your AP configuration:
radius-server vsa send
Sources:

Possibly Related Posts

No comments:

Post a Comment