Cisco WPA2 Enterprise Help


Recommended Posts

Im trying to get WPA2 enterprise working on my cisco 877w using a server 2008R2 NPS (already setup for console radius authentication)

I have a SSL cert for the radius server signed by an external ca and ive tried supplying a ad dns cert (nps server template) using the nps eap options but i keep getting a generic could not connect to the network exception after selecting use my windows user account. i also have no radius traffic shown on my firewall so it looks like its a ios isue

Is a positive ssl cert http://www.namecheap.com/ssl-certificates/comodo/positivessl-certificate.aspx adequate for this purpose or do i need to use my CA ?

my config is below i followed this guide http://www.windowsnetworking.com/articles_tutorials/Setting-up-Wi-Fi-Authentication-Windows-Server-2008-Part2.html

Is

version 15.1

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname Cisco877W

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200

logging console informational

!

aaa new-model

!

!

aaa group server radius SecureGateway

server 10.0.0.3

!

aaa authentication login authlist local group SecureGateway

!

!

!

!

!

aaa session-id common

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-3982983999

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3982983999

revocation-check none

rsakeypair TP-self-signed-3982983999

!

!

crypto pki certificate chain TP-self-signed-3982983999 quit

dot11 syslog

dot11 vlan-name GuestWiFi vlan 3

dot11 vlan-name DomainName-WiFi-Access vlan 2

!

dot11 ssid Guest_WiFi

vlan 3

mbssid guest-mode

!

dot11 ssid DomainName.us

vlan 2

authentication open eap SecureGateway

authentication network-eap SecureGateway

mbssid guest-mode

!

ip source-route

!

!

!

ip cef

ip domain name DomainName.us

ip name-server 8.8.8.8

!

!

!

!

username localadmin privilege 15 secret 5

!

!

!

!

!

!

!

!

interface ATM0

no ip address

no atm ilmi-keepalive

!

interface ATM0.1 point-to-point

pvc 8/35

pppoe-client dial-pool-number 1

!

!

interface FastEthernet0

switchport access vlan 10

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Dot11Radio0

no ip address

ip flow ingress

ip flow egress

!

encryption vlan 2 mode ciphers aes-ccm

!

encryption vlan 3 mode ciphers aes-ccm

!

ssid Guest_WiFi

!

ssid DomainName.us

!

mbssid

speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0

no preamble-short

station-role root access-point

!

interface Dot11Radio0.2

encapsulation dot1Q 2

ip address 10.0.1.1 255.255.255.0

ip flow ingress

ip flow egress

!

interface Dot11Radio0.3

encapsulation dot1Q 3

ip address 10.0.3.1 255.255.255.0

ip flow ingress

ip flow egress

!

interface Vlan1

ip address 10.0.0.10 255.255.255.0

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1412

!

interface Vlan2

no ip address

ip flow ingress

ip flow egress

!

interface Vlan3

no ip address

ip flow ingress

ip flow egress

!

interface Vlan10

ip address 10.0.2.1 255.255.255.0

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1412

!

interface Dialer0

ip address negotiated

ip mtu 1452

ip flow ingress

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname eircom

ppp chap password 7 0111140B5A0F040E2F481F

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip flow-export version 9

ip flow-export destination 10.0.0.1 2055

!

ip nat inside source list 1 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip radius source-interface FastEthernet1

logging 10.0.0.1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.0.0.0 0.0.0.255

access-list 1 permit 10.0.2.0 0.0.0.255

dialer-list 1 protocol ip permit

!

!

!

snmp-server community public RO

snmp-server enable traps snmp linkdown linkup coldstart warmstart

snmp-server host 10.0.0.1 version 2c public

!

radius-server local

!

radius-server host 10.0.0.3

radius-server key 7 !

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

privilege level 15

login authentication authlist

transport input ssh

!

sntp logging

sntp server 10.0.0.2

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.