Can anyone share a working configuration for a Cisco Access Point and
PacketFence 1.9.1 running RADIUS on PacketFence.
I've followed the instructions in the 1.9.1 documentation and it doesn't work.
Any assistance would be appreciated.
I've copied my configuration below
Bob
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP1231
!
enable secret x
!
ip subnet-zero
ip domain name x
!
!
aaa new-model
!
!
aaa group server radius rad_eap
server 10.121.0.12 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
server 10.121.0.12 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods group rad_mac
aaa session-id common
dot11 syslog
dot11 vlan-name Isolation vlan 180
dot11 vlan-name Normal vlan 100
dot11 vlan-name Registration vlan 170
dot11 vlan-name guest vlan 190
!
dot11 ssid MACauth
vlan 180 backup 190
authentication open mac-address mac_methods
accounting acct-methods
mbssid guest-mode
!
dot11 ssid WPA2
vlan 170 backup 100
authentication open eap eap_methods
authentication key-management wpa
accounting acct-methods
mbssid guest-mode
!
!
!
username Cisco password x
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 170 mode ciphers aes-ccm
!
encryption vlan 100 mode ciphers aes-ccm
!
ssid MACauth
!
ssid WPA2
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
bridge-group 100 spanning-disabled
!
interface Dot11Radio0.170
encapsulation dot1Q 170
no ip route-cache
bridge-group 170
bridge-group 170 subscriber-loop-control
bridge-group 170 block-unknown-source
no bridge-group 170 source-learning
no bridge-group 170 unicast-flooding
bridge-group 170 spanning-disabled
!
interface Dot11Radio0.180
encapsulation dot1Q 180
no ip route-cache
bridge-group 180
bridge-group 180 subscriber-loop-control
bridge-group 180 block-unknown-source
no bridge-group 180 source-learning
no bridge-group 180 unicast-flooding
bridge-group 180 spanning-disabled
!
interface Dot11Radio0.190
encapsulation dot1Q 190
no ip route-cache
bridge-group 190
bridge-group 190 subscriber-loop-control
bridge-group 190 block-unknown-source
no bridge-group 190 source-learning
no bridge-group 190 unicast-flooding
bridge-group 190 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
!
interface FastEthernet0.170
encapsulation dot1Q 170
no ip route-cache
bridge-group 170
no bridge-group 170 source-learning
bridge-group 170 spanning-disabled
!
interface FastEthernet0.180
encapsulation dot1Q 180
no ip route-cache
bridge-group 180
no bridge-group 180 source-learning
bridge-group 180 spanning-disabled
!
interface FastEthernet0.190
encapsulation dot1Q 190
no ip route-cache
bridge-group 190
no bridge-group 190 source-learning
bridge-group 190 spanning-disabled
!
interface BVI1
ip address 10.255.0.13 255.255.255.0
no ip route-cache
!
ip default-gateway 10.255.0.1
ip http server
no ip http secure-server
snmp-server enable traps deauthenticate
snmp-server host 10.121.0.12 x deauthenticate
radius-server host 10.121.0.12 auth-port 1812 acct-port 1813 key x
radius-server vsa send authentication
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
