I want to use EAP-Fast with my cisco 1200 and laptop with PC-350 cisco card. I have the latest 1200 sofitwae and the 6.4 latest client pc cisco software.
My client associates to the laptop, then asks for usename/password/domain and says provisioning failed. I have reveiwed all the docs on CCO, I ahve the locl radius server configured.
Does anyone know which piece I am missing?
"Provisioniing failed" sounds like a PAC problem.
Post the config and I will have a look
radius server configured.
Drop the ZZZ to reply
Cheers ...
hostname ap ! ! username xxx privilege 15 password xxx ip subnet-zero ! aaa new-model ! ! aaa group server radius rad_eap server 172.16.100.50 auth-port 1645 acct-port 1646 ! aaa group server radius rad_mac ! aaa group server radius rad_acct ! aaa group server radius rad_admin ! aaa group server tacacs+ tac_admin ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa authentication login default local aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authorization exec default local aaa accounting network acct_methods start-stop group rad_acct aaa session-id common ! ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers tkip ! ssid ciscoap authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa authentication client username rocco password test ! speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 station-role root no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 172.16.100.50 255.255.255.0 no ip route-cache ! ip http server ip http authentication aaa no ip http secure-server ip http help-path
On Wed, 13 Apr 2005 11:49:05 +0100, z400d3 wrote:
locl radius server configured.
I have had a look at this and two things immediatly spring to mind.
(1) Initially set users and groups globally rather than attached to an ssid
(2) For local authentication you need to be using ports 1812 and 1813,
1645 and 1646 are for remote authenticationReplace "aaa group server radius rad_eap server 172.16.100.50 auth-port 1645 acct-port 1646"
With "aaa group server radius rad_eap server 172.16.100.50 auth-port 1812 acct-port 1813
Overall, I would simplify the config and get the EAP side of things working with eap-leap on an open ssid before adding anything like mac address filtering, fast etc.
I can supply you with example configs if you need them.
locl radius server configured.
Drop the ZZZ to reply
Cheers ...
You will also need to change
radius-server host 172.16.1.50 auth-port 1645 acct-port 1646 key 7 KEY
to ...
radius-server host 172.16.1.50 auth-port 1812 acct-port 1813 key 7 KEY
locl radius server configured.
Drop the ZZZ to reply
Cheers ...
Thanks alot, I am able to get auithenticated now. I would still however like to see you example configs. THanks
locl radius server configured.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.