Working RADIUS AP

ee818dc0 · Theo Maillart · 49cca359 · ee818dc0
Commit ee818dc0 authored Dec 07, 2017 by Theo Maillart
Hide whitespace changes
Inline Side-by-side

Showing with 109 additions and 90 deletions

Cisco/configAP.txt Cisco/configAP.txt +109 -90

No files found.
--- a/Cisco/configAP.txt
+++ b/Cisco/configAP.txt
@@ -9,33 +9,65 @@ service password-encryption
 hostname ap
 !
 logging rate-limit console 9
-enable secret 5 $1$A0I8$Eo2ruCFQr8NjfwxMN5rrJ.
+enable secret 5 $1$RSfi$ckJu3R7kAhzBFcvHmyvfm1
 !
-no aaa new-model
+aaa new-model
+!
+!
+aaa group server radius rad_eap
+ server 100.81.0.2 auth-port 1812 acct-port 1813
+!
+aaa group server radius rad_mac
+!
+aaa group server radius rad_acct
+ server 100.81.0.2 auth-port 1812 acct-port 1813
+!
+aaa group server radius rad_admin
+ server 100.81.0.2 auth-port 1812 acct-port 1813
+!
+aaa group server tacacs+ tac_admin
+!
+aaa group server radius rad_pmip
+!
+aaa group server radius dummy
+!
+aaa group server radius RadiusServers
+!
+aaa authentication login default group radius local
+aaa authentication login eap_methods group rad_eap
+aaa authentication login mac_methods local
+aaa authentication login localauth local
+aaa authentication ppp default if-needed group radius local
+aaa authorization exec default group radius local 
+aaa authorization network default group radius local 
+aaa accounting delay-start 
+aaa accounting exec default start-stop group radius
+aaa accounting network default start-stop group radius
+aaa accounting network acct_methods start-stop group rad_acct
+!
+aaa session-id common
 !
 !
 dot11 syslog
-dot11 vlan-name VLAN_ADMIN vlan 21
-dot11 vlan-name VLAN_INVITE vlan 23
-dot11 vlan-name VLAN_PERSONNEL vlan 22
+dot11 vlan-name VLAN_ADM vlan 81
+dot11 vlan-name VLAN_INVITE vlan 83
+dot11 vlan-name VLAN_PERS vlan 82
 !
-dot11 ssid invite
-   vlan 23
+dot11 ssid Invite83
+   vlan 83
   authentication open 
   mbssid guest-mode
 !
-dot11 ssid per
-!
-dot11 ssid pers
-   vlan 22
-   authentication open 
-   authentication key-management wpa version 2
+dot11 ssid Personnel82
+   vlan 82
+   authentication open eap auth-cisco 
+   authentication network-eap eap_methods 
+   authentication key-management wpa
   mbssid guest-mode
-   wpa-psk ascii 7 094D540C0B110E0702
 !
 !
 !
-username Cisco password 7 14341B180F0B
+username Cisco password 7 123A0C041104
 !
 !
 bridge irb
@@ -45,24 +77,18 @@ interface Dot11Radio0
 no ip address
 no ip route-cache
 !
- encryption vlan 22 mode ciphers aes-ccm 
- !
- encryption vlan 23 key 1 size 128bit 7 99D4382450CB68F37A8CFED14E18 transmit-key
- encryption vlan 23 mode wep mandatory 
- !
- broadcast-key vlan 22 change 180
- !
+ encryption vlan 82 mode ciphers aes-ccm 
 !
- ssid invite
+ ssid Invite83
 !
- ssid pers
+ ssid Personnel82
 !
 mbssid
 channel 2437
 station-role root
 !
-interface Dot11Radio0.21
- encapsulation dot1Q 21 native
+interface Dot11Radio0.81
+ encapsulation dot1Q 81 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
@@ -71,50 +97,42 @@ interface Dot11Radio0.21
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
 !
-interface Dot11Radio0.22
- encapsulation dot1Q 22
+interface Dot11Radio0.82
+ encapsulation dot1Q 82
 no ip route-cache
- bridge-group 22
- bridge-group 22 subscriber-loop-control
- bridge-group 22 block-unknown-source
- no bridge-group 22 source-learning
- no bridge-group 22 unicast-flooding
- bridge-group 22 spanning-disabled
-!
-interface Dot11Radio0.23
- encapsulation dot1Q 23
+ bridge-group 82
+ bridge-group 82 subscriber-loop-control
+ bridge-group 82 block-unknown-source
+ no bridge-group 82 source-learning
+ no bridge-group 82 unicast-flooding
+ bridge-group 82 spanning-disabled
+!
+interface Dot11Radio0.83
+ encapsulation dot1Q 83
 no ip route-cache
- bridge-group 23
- bridge-group 23 subscriber-loop-control
- bridge-group 23 block-unknown-source
- no bridge-group 23 source-learning
- no bridge-group 23 unicast-flooding
- bridge-group 23 spanning-disabled
+ bridge-group 83
+ bridge-group 83 subscriber-loop-control
+ bridge-group 83 block-unknown-source
+ no bridge-group 83 source-learning
+ no bridge-group 83 unicast-flooding
+ bridge-group 83 spanning-disabled
 !
 interface Dot11Radio1
 no ip address
 no ip route-cache
 !
- encryption vlan 22 mode ciphers aes-ccm 
+ encryption vlan 82 mode ciphers aes-ccm 
 !
- encryption vlan 13 key 1 size 128bit 7 99D4382450CB68F37A8CFED14E18 transmit-key
+ ssid Invite83
 !
- encryption vlan 23 mode wep mandatory 
+ ssid Personnel82
 !
- broadcast-key vlan 22 change 180
- !
- !
- ssid invite
- !
- ssid pers
- !
- dfs band 1 3 block
- mbssid
- channel dfs
+ no dfs band block
+ channel 5180
 station-role root
 !
-interface Dot11Radio1.21
- encapsulation dot1Q 21 native
+interface Dot11Radio1.81
+ encapsulation dot1Q 81 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
@@ -123,53 +141,52 @@ interface Dot11Radio1.21
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
 !
-interface Dot11Radio1.22
- encapsulation dot1Q 22
+interface Dot11Radio1.82
+ encapsulation dot1Q 82
 no ip route-cache
- bridge-group 22
- bridge-group 22 subscriber-loop-control
- bridge-group 22 block-unknown-source
- no bridge-group 22 source-learning
- no bridge-group 22 unicast-flooding
- bridge-group 22 spanning-disabled
-!
-interface Dot11Radio1.23
- encapsulation dot1Q 23
+ bridge-group 82
+ bridge-group 82 subscriber-loop-control
+ bridge-group 82 block-unknown-source
+ no bridge-group 82 source-learning
+ no bridge-group 82 unicast-flooding
+ bridge-group 82 spanning-disabled
+!
+interface Dot11Radio1.83
+ encapsulation dot1Q 83
 no ip route-cache
- bridge-group 23
- bridge-group 23 subscriber-loop-control
- bridge-group 23 block-unknown-source
- no bridge-group 23 source-learning
- no bridge-group 23 unicast-flooding
- bridge-group 23 spanning-disabled
+ bridge-group 83
+ bridge-group 83 subscriber-loop-control
+ bridge-group 83 block-unknown-source
+ no bridge-group 83 source-learning
+ no bridge-group 83 unicast-flooding
+ bridge-group 83 spanning-disabled
 !
 interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
- hold-queue 160 in
 !
-interface FastEthernet0.21
- encapsulation dot1Q 21 native
+interface FastEthernet0.81
+ encapsulation dot1Q 81 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
 !
-interface FastEthernet0.22
- encapsulation dot1Q 22
+interface FastEthernet0.82
+ encapsulation dot1Q 82
 no ip route-cache
- bridge-group 22
- no bridge-group 22 source-learning
- bridge-group 22 spanning-disabled
+ bridge-group 82
+ no bridge-group 82 source-learning
+ bridge-group 82 spanning-disabled
 !
-interface FastEthernet0.23
- encapsulation dot1Q 23
+interface FastEthernet0.83
+ encapsulation dot1Q 83
 no ip route-cache
- bridge-group 23
- no bridge-group 23 source-learning
- bridge-group 23 spanning-disabled
+ bridge-group 83
+ no bridge-group 83 source-learning
+ bridge-group 83 spanning-disabled
 !
 interface BVI1
 ip address dhcp
@@ -178,13 +195,15 @@ interface BVI1
 ip http server
 no ip http secure-server
 ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
+ip radius source-interface BVI1 
+radius-server attribute 32 include-in-access-req format %h
+radius-server host 100.81.0.2 auth-port 1812 acct-port 1813 key 7 071C331C18
+radius-server vsa send accounting
 bridge 1 route ip
 !
 !
 !
 line con 0
 line vty 0 4
- password 7 05280F1C2243
- login local
 !
 end