Jump to content



Photo

Cisco WPA2 Enterprise Help

cisco wpa2 enterprise

  • Please log in to reply
No replies to this topic

#1 TPreston

TPreston

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 18-July 12
  • Location: Ireland
  • OS: Windows 8.1 Emterprise & Server 2012R2/08R2 Datacenter
  • Phone: Nokia Lumia 1520 Black

Posted 03 October 2012 - 09:39

Im trying to get WPA2 enterprise working on my cisco 877w using a server 2008R2 NPS (already setup for console radius authentication)

I have a SSL cert for the radius server signed by an external ca and ive tried supplying a ad dns cert (nps server template) using the nps eap options but i keep getting a generic could not connect to the network exception after selecting use my windows user account. i also have no radius traffic shown on my firewall so it looks like its a ios isue

Is a positive ssl cert http://www.namecheap...ertificate.aspx adequate for this purpose or do i need to use my CA ?

my config is below i followed this guide http://www.windowsne...2008-Part2.html

Is

version 15.1
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cisco877W
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200
logging console informational
!
aaa new-model
!
!
aaa group server radius SecureGateway
server 10.0.0.3
!
aaa authentication login authlist local group SecureGateway
!
!
!
!
!
aaa session-id common
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3982983999
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3982983999
revocation-check none
rsakeypair TP-self-signed-3982983999
!
!
crypto pki certificate chain TP-self-signed-3982983999 quit
dot11 syslog
dot11 vlan-name GuestWiFi vlan 3
dot11 vlan-name DomainName-WiFi-Access vlan 2
!
dot11 ssid Guest_WiFi
vlan 3
mbssid guest-mode
!
dot11 ssid DomainName.us
vlan 2
authentication open eap SecureGateway
authentication network-eap SecureGateway
mbssid guest-mode
!
ip source-route
!
!
!
ip cef
ip domain name DomainName.us
ip name-server 8.8.8.8
!
!
!
!
username localadmin privilege 15 secret 5
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
switchport access vlan 10
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Dot11Radio0
no ip address
ip flow ingress
ip flow egress
!
encryption vlan 2 mode ciphers aes-ccm
!
encryption vlan 3 mode ciphers aes-ccm
!
ssid Guest_WiFi
!
ssid DomainName.us
!
mbssid
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
no preamble-short
station-role root access-point
!
interface Dot11Radio0.2
encapsulation dot1Q 2
ip address 10.0.1.1 255.255.255.0
ip flow ingress
ip flow egress
!
interface Dot11Radio0.3
encapsulation dot1Q 3
ip address 10.0.3.1 255.255.255.0
ip flow ingress
ip flow egress
!
interface Vlan1
ip address 10.0.0.10 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
!
interface Vlan2
no ip address
ip flow ingress
ip flow egress
!
interface Vlan3
no ip address
ip flow ingress
ip flow egress
!
interface Vlan10
ip address 10.0.2.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname eircom
ppp chap password 7 0111140B5A0F040E2F481F
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip flow-export version 9
ip flow-export destination 10.0.0.1 2055
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip radius source-interface FastEthernet1
logging 10.0.0.1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 10.0.2.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
snmp-server community public RO
snmp-server enable traps snmp linkdown linkup coldstart warmstart
snmp-server host 10.0.0.1 version 2c public
!
radius-server local
!
radius-server host 10.0.0.3
radius-server key 7 !
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
login authentication authlist
transport input ssh
!
sntp logging
sntp server 10.0.0.2