Hi Guys,
I'm using two cisco 1242 AG access points to configure WDS feature. I've named the accesspoints as AP1(acts as WDS) and AP2. Since I've only two accesspoints, I've configured the AP1 to act both as a WDS and as a regular accesspoints.
Further I'm using the local radius server within the AP1 to authenticate both clients and infrastructure accesspoints. And both APs are connected to a router (which act as a dhcp server) via a unmanageble switch and both accesspoints are getting registered with WDS.
But the issue is when I tried to connect to the configured SSID, it promts me a "authendication window" but after entering the configured username and password, i'm not getting authenticated by the AP.
I've attached the configurations of both APs to for your reference. Can someone assist me with this regard.
////////////// AP1 ///////////
ap1#sh run
Building configuration...
Current configuration : 3403 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap1
!
enable secret 5 $1$AuxA$wvJa8q/5LgU9Var9/FqGz1
!
aaa new-model
!
!
aaa group server radius rad_eap
server 196.175.100.204 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius clients
server 196.175.100.204 auth-port 1812 acct-port 1813
server 196.175.100.204 auth-port 1645 acct-port 1646
!
aaa authentication login wds-server group rad_eap
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login method_clients group clients
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
!
!
dot11 ssid cisco123
authentication open eap method_clients
authentication network-eap method_clients
authentication key-management wpa
guest-mode
!
power inline negotiation prestandard source
!
!
username Cisco password 7 05280F1C2243
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid cisco123
!
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid cisco123
!
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 196.175.100.204 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com...config/help/eag
ip radius source-interface BVI1
radius-server local
no authentication eapfast
no authentication mac
nas 196.175.100.204 key 7 01100F175804
user AP1242 nthash 7 025327035B5629701F6F5A3A204F442E28567F7F740C1761074454455 2240F780A
user user1 nthash 7 075D796D6B5C4C5D444A5F2F20087373716B13764325355424770B0975 702B224D
user ap1 nthash 7 14454A2A29517F737770671606315F415A59700D08717759263944087E73 767300
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 196.175.100.204 auth-port 1812 acct-port 1813 key 7 070C285F4 D06
radius-server host 196.175.100.204 auth-port 1645 acct-port 1646 key 7 00071A150 754
radius-server vsa send accounting
bridge 1 route ip
!
!
wlccp ap username ap1 password 7 105A01180E0513075D
wlccp authentication-server infrastructure wds-server
wlccp authentication-server client mac method_clients
wlccp authentication-server client eap method_clients
wlccp authentication-server client leap method_clients
wlccp authentication-server client any method_clients
wlccp wds priority 254 interface BVI1
!
line con 0
line vty 0 4
!
end
ap1#
//////////////// AP2 ////////////////
ap2#sh run
Building configuration...
Current configuration : 2558 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap2
!
enable secret 5 $1$UuwI$Do4iUfHGJDBHSDl9pjAGu/
!
aaa new-model
!
!
aaa group server radius rad_eap
server 196.175.100.204 auth-port 1812 acct-port 1813
server 196.175.100.204 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
server 196.175.100.204 auth-port 1645 acct-port 1646
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
!
!
dot11 ssid cisco123
authentication open eap eap_methods1
authentication network-eap eap_methods1
authentication key-management wpa
!
power inline negotiation prestandard source
!
!
username Cisco password 7 05280F1C2243
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid cisco123
!
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid cisco123
!
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 196.175.100.205 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com...config/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host 196.175.100.204 auth-port 1645 acct-port 1646 key 7 030752180 500
radius-server vsa send accounting
bridge 1 route ip
!
!
wlccp ap username AP1242 password 7 045802150C2E
!
line con 0
line vty 0 4
!
end
ap2#
Regards,
Suren
0
WDS Configuration Issue
Started by
suren12
, Dec 27 2011 04:43 PM
No replies to this topic
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
