Hallo This,
her we go.
Lade die config auf den AP.
Du kannst dann über den Web browser Dir die config
genauer anschauen
Have fun
cheers
Mike
aaa new−model
!−−− This command reinitializes the authentication,
!−−− authorization and accounting functions
!
!
aaa group server radius rad_eap
server 192.168.2.108 auth−port 1812 acct−port 1813
!−−− a server group for RADIUS is created called "rad_eap"
!−−− using the server at 192.168.2.108 on ports 1812 and 1813
!
aaa authentication login eap_methods group rad_eap
!
!−−− authentication [user validation] is to be done for
!−−− users in a group called "eap_methods" who will use server group "rad_eap"
!
bridge irb
!
interface Dot11Radio0
no ip address
no ip route−cache
!
encryption key 1 size 128bit 12345678901234567890123456 transmit−key
!−−− The value here seeds the initial key for use with
!−−− broadcast [255.255.255.255] traffic. If more than one VLAN is
Cisco − LEAP Authentication with Local RADIUS Server
!−−− used, then keys must be set for each VLAN.
encryption mode wep mandatory
!−−− This defines the policy for the use of WEP. If more than one
!−−− VLAN is used, the policy must be set to mandatory for each VLAN.
!
ssid labap1200
authentication network−eap eap_methods
!−−− Expect that users attaching to SSID "labap1200" will be
!−−− requesting authentication with the type 128 Network EAP authentication
!−−− bit set in the headers of those requests, and group those users into
!−−− a group called "eap_methods."
!
speed basic−1.0 basic−2.0 basic−5.5 basic−11.0
rts threshold 2312
channel 2437
station−role root
bridge−group 1
bridge−group 1 subscriber−loop−control
bridge−group 1 block−unknown−source
no bridge−group 1 source−learning
no bridge−group 1 unicast−flooding
bridge−group 1 spanning−disabled
!
!
!
interface FastEthernet0
no ip address
no ip route−cache
duplex auto
speed auto
bridge−group 1
no bridge−group 1 source−learning
bridge−group 1 spanning−disabled
!
interface BVI1
ip address 192.168.2.108 255.255.255.0
!−−− Address of this unit
no ip route−cache
!
ip default−gateway 192.168.2.1
ip http server
ip http help−path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip radius source−interface BVI1
snmp−server community cable RO
snmp−server enable traps tty
radius−server local
!
!−−− Engages Local RADIUS Server feature
nas 192.168.2.108 key shared_secret
!−−− Identifies itself as a RADIUS server, reiterating
!−−− "localness" and defining key between server (itself) and AP
!
group testgroup
!−−− Groups are optional
!
user user1 nthash password1 group testgroup
!
Cisco − LEAP Authentication with Local RADIUS Server
!−−− Individual user
!
user user2 nthash password2 group testgroup
!−−− Individual user
!
radius−server host 192.168.2.108 auth−port 1812 acct−port 1813 key shared_secret
!−−− Defines where RADIUS server is and key between AP (itself) and server
!
radius−server retransmit 3
radius−server attribute 32 include−in−access−req format %h
radius−server authorization permit missing Service−Type
radius−server vsa send accounting
bridge 1 route ip
!
!
line con 0
line vty 5 15
!
end