Commit ee818dc0 authored by Theo Maillart's avatar Theo Maillart

Working RADIUS AP

parent 49cca359
......@@ -9,33 +9,65 @@ service password-encryption
hostname ap
!
logging rate-limit console 9
enable secret 5 $1$A0I8$Eo2ruCFQr8NjfwxMN5rrJ.
enable secret 5 $1$RSfi$ckJu3R7kAhzBFcvHmyvfm1
!
no aaa new-model
aaa new-model
!
!
aaa group server radius rad_eap
server 100.81.0.2 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
server 100.81.0.2 auth-port 1812 acct-port 1813
!
aaa group server radius rad_admin
server 100.81.0.2 auth-port 1812 acct-port 1813
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius RadiusServers
!
aaa authentication login default group radius local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login localauth local
aaa authentication ppp default if-needed group radius local
aaa authorization exec default group radius local
aaa authorization network default group radius local
aaa accounting delay-start
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
!
dot11 syslog
dot11 vlan-name VLAN_ADMIN vlan 21
dot11 vlan-name VLAN_INVITE vlan 23
dot11 vlan-name VLAN_PERSONNEL vlan 22
dot11 vlan-name VLAN_ADM vlan 81
dot11 vlan-name VLAN_INVITE vlan 83
dot11 vlan-name VLAN_PERS vlan 82
!
dot11 ssid invite
vlan 23
dot11 ssid Invite83
vlan 83
authentication open
mbssid guest-mode
!
dot11 ssid per
!
dot11 ssid pers
vlan 22
authentication open
authentication key-management wpa version 2
dot11 ssid Personnel82
vlan 82
authentication open eap auth-cisco
authentication network-eap eap_methods
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 094D540C0B110E0702
!
!
!
username Cisco password 7 14341B180F0B
username Cisco password 7 123A0C041104
!
!
bridge irb
......@@ -45,24 +77,18 @@ interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 22 mode ciphers aes-ccm
!
encryption vlan 23 key 1 size 128bit 7 99D4382450CB68F37A8CFED14E18 transmit-key
encryption vlan 23 mode wep mandatory
!
broadcast-key vlan 22 change 180
!
encryption vlan 82 mode ciphers aes-ccm
!
ssid invite
ssid Invite83
!
ssid pers
ssid Personnel82
!
mbssid
channel 2437
station-role root
!
interface Dot11Radio0.21
encapsulation dot1Q 21 native
interface Dot11Radio0.81
encapsulation dot1Q 81 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
......@@ -71,50 +97,42 @@ interface Dot11Radio0.21
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.22
encapsulation dot1Q 22
interface Dot11Radio0.82
encapsulation dot1Q 82
no ip route-cache
bridge-group 22
bridge-group 22 subscriber-loop-control
bridge-group 22 block-unknown-source
no bridge-group 22 source-learning
no bridge-group 22 unicast-flooding
bridge-group 22 spanning-disabled
!
interface Dot11Radio0.23
encapsulation dot1Q 23
bridge-group 82
bridge-group 82 subscriber-loop-control
bridge-group 82 block-unknown-source
no bridge-group 82 source-learning
no bridge-group 82 unicast-flooding
bridge-group 82 spanning-disabled
!
interface Dot11Radio0.83
encapsulation dot1Q 83
no ip route-cache
bridge-group 23
bridge-group 23 subscriber-loop-control
bridge-group 23 block-unknown-source
no bridge-group 23 source-learning
no bridge-group 23 unicast-flooding
bridge-group 23 spanning-disabled
bridge-group 83
bridge-group 83 subscriber-loop-control
bridge-group 83 block-unknown-source
no bridge-group 83 source-learning
no bridge-group 83 unicast-flooding
bridge-group 83 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 22 mode ciphers aes-ccm
encryption vlan 82 mode ciphers aes-ccm
!
encryption vlan 13 key 1 size 128bit 7 99D4382450CB68F37A8CFED14E18 transmit-key
ssid Invite83
!
encryption vlan 23 mode wep mandatory
ssid Personnel82
!
broadcast-key vlan 22 change 180
!
!
ssid invite
!
ssid pers
!
dfs band 1 3 block
mbssid
channel dfs
no dfs band block
channel 5180
station-role root
!
interface Dot11Radio1.21
encapsulation dot1Q 21 native
interface Dot11Radio1.81
encapsulation dot1Q 81 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
......@@ -123,53 +141,52 @@ interface Dot11Radio1.21
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.22
encapsulation dot1Q 22
interface Dot11Radio1.82
encapsulation dot1Q 82
no ip route-cache
bridge-group 22
bridge-group 22 subscriber-loop-control
bridge-group 22 block-unknown-source
no bridge-group 22 source-learning
no bridge-group 22 unicast-flooding
bridge-group 22 spanning-disabled
!
interface Dot11Radio1.23
encapsulation dot1Q 23
bridge-group 82
bridge-group 82 subscriber-loop-control
bridge-group 82 block-unknown-source
no bridge-group 82 source-learning
no bridge-group 82 unicast-flooding
bridge-group 82 spanning-disabled
!
interface Dot11Radio1.83
encapsulation dot1Q 83
no ip route-cache
bridge-group 23
bridge-group 23 subscriber-loop-control
bridge-group 23 block-unknown-source
no bridge-group 23 source-learning
no bridge-group 23 unicast-flooding
bridge-group 23 spanning-disabled
bridge-group 83
bridge-group 83 subscriber-loop-control
bridge-group 83 block-unknown-source
no bridge-group 83 source-learning
no bridge-group 83 unicast-flooding
bridge-group 83 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
hold-queue 160 in
!
interface FastEthernet0.21
encapsulation dot1Q 21 native
interface FastEthernet0.81
encapsulation dot1Q 81 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.22
encapsulation dot1Q 22
interface FastEthernet0.82
encapsulation dot1Q 82
no ip route-cache
bridge-group 22
no bridge-group 22 source-learning
bridge-group 22 spanning-disabled
bridge-group 82
no bridge-group 82 source-learning
bridge-group 82 spanning-disabled
!
interface FastEthernet0.23
encapsulation dot1Q 23
interface FastEthernet0.83
encapsulation dot1Q 83
no ip route-cache
bridge-group 23
no bridge-group 23 source-learning
bridge-group 23 spanning-disabled
bridge-group 83
no bridge-group 83 source-learning
bridge-group 83 spanning-disabled
!
interface BVI1
ip address dhcp
......@@ -178,13 +195,15 @@ interface BVI1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host 100.81.0.2 auth-port 1812 acct-port 1813 key 7 071C331C18
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
password 7 05280F1C2243
login local
!
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment