Configure Cisco Aironet 1130 with PEAP/Ms-Chap2
Hi, after solving my problem with creating certificates i got another problem: I enabled MsCHAP in the Radius configuration and added the server as an radius authentication and accounting server and also enables aes-ccmp and wpa2 mendatory key. but if i want to login, i get the message "login faild" on the login prompt. and the radius server didn't get any requests... whats wrong in the configuration? radtest succes when i run it from my notebook from the same subnet, so it can't be the firewall... thanks for help and some hints ;) julian
Hi, Might be talking rubbish, but think I can rememer my Cisco AP's defaulting to ports 1645 and 1646 for auth and accounting, whereas free-radius and radtest use 1812 and 1813. If I'm wrong please correct me, but might be worth checking? Rupes On 19/12/2007, Julian Stöver <julian_st@gmx.de> wrote:
Hi, after solving my problem with creating certificates i got another problem: I enabled MsCHAP in the Radius configuration and added the server as an radius authentication and accounting server and also enables aes-ccmp and wpa2 mendatory key. but if i want to login, i get the message "login faild" on the login prompt. and the radius server didn't get any requests...
whats wrong in the configuration? radtest succes when i run it from my notebook from the same subnet, so it can't be the firewall...
thanks for help and some hints ;)
julian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hey, you're right, ciscos default radius ports are 1645 and 1646, but you can change it. so the ports are ok ;) Am 19.12.2007 um 21:54 schrieb Rupert Finnigan:
Hi,
Might be talking rubbish, but think I can rememer my Cisco AP's defaulting to ports 1645 and 1646 for auth and accounting, whereas free-radius and radtest use 1812 and 1813. If I'm wrong please correct me, but might be worth checking?
Rupes
On 19/12/2007, Julian Stöver <julian_st@gmx.de> wrote:
Hi, after solving my problem with creating certificates i got another problem: I enabled MsCHAP in the Radius configuration and added the server as an radius authentication and accounting server and also enables aes-ccmp and wpa2 mendatory key. but if i want to login, i get the message "login faild" on the login prompt. and the radius server didn't get any requests...
whats wrong in the configuration? radtest succes when i run it from my notebook from the same subnet, so it can't be the firewall...
thanks for help and some hints ;)
julian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Julian Stöver wrote:
after solving my problem with creating certificates i got another problem: I enabled MsCHAP in the Radius configuration
The default configuration already enables mschap. Why are you editing it to "enable" mschap?
and added the server as an radius authentication and accounting server and also enables aes-ccmp and wpa2 mendatory key.
Which means that there is no RADIUS happening. You cannot use wpa2 and 802.1x at the same time.
but if i want to login, i get the message "login faild" on the login prompt. and the radius server didn't get any requests...
Which is exactly how you configured the AP to work. Alan DeKok.
Hi, first, i'm sorry for this late answer, I was in holiday.
Julian Stöver wrote:
after solving my problem with creating certificates i got another problem: I enabled MsCHAP in the Radius configuration
The default configuration already enables mschap. Why are you editing it to "enable" mschap?
and added the server as an radius authentication and accounting server and also enables aes-ccmp and wpa2 mendatory key.
Which means that there is no RADIUS happening. You cannot use wpa2 and 802.1x at the same time.
but if i want to login, i get the message "login faild" on the login prompt. and the radius server didn't get any requests...
Which is exactly how you configured the AP to work.
My Access Point configuration is: - Security: -- Open Authentication with EAP -- Encryption: Cypher, AES-CCM -- Sessionid: Private WLAN -- EAP Authentication Server: 172.19.1.2 -- Key Management: Mandatory, WPA -- Accounting-Server 172.19.1.2 I hope you can use this informations, if something is missing, please tell me! Julian
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (3)
-
Alan DeKok -
Julian Stöver -
Rupert Finnigan