(RADIATOR) Re: RADIATOR RADIUS for Cisco AP 350

Mon Nov 11 15:52:11 CST 2002

On Tue, 12 Nov 2002, Mike McCauley wrote:

> Hello Bon,
> 
> How is your project coming along?

We are getting there but a bit slower than I plan. I got tied up by the
responsibility for taking a lead on a multi-institutional grant proposal
that was just completed a week ago. This activity pushes back the RADIUS
project schedule for a month. ETA now is the end of this semester.

> When will be able to make some joint announcements?

I hope to be able to do so toward the end of Dec or early Jan.

> We have a 340 here, which I think is very similar to your 350.
> 
> It is very important that you get the latest firmware for both the AP and the 
> client wireless card (if its a Cisco wireless card).

Mine is the latest already. System firmware 12.00T, Radio Firmware 5.02B

> 
> To get basic radius authentication working, you should only need to set up the 
> setup -> security -> authentication server page.

I did this part already, and more in my posting to the mailing list.

> 
> If your Radiatror is not receiving any requests from the AP when a client 
> tries to authenticate, it probably means that you have entered the wrong 
> address for your Radiator server, or the wrong port number. Note that the 
> default port that Radiator uses is 1645, but the default that Cisco use is 
> 1812. We usually change the Cisco config to 1645 on the Authenticator 
> Configuration page.

I am running both the AP and radius out of 1645, even Cisco said that 1645
is for their own ACS while 1821 should be used for radius. But I use 1645
on both ends. 

Even if I assume the problem is wrong address or port number, should I not
see the packets sending out using radius protocol while I monitor the
subnet using ethereal? Ethereal displays all the packets traffic in my
subnet.

I am not at the location of the AP now. I will do a screen dump of my AP
setup and email you the next few hours when I get to the location of the
AP.

Thanks for the help!

Bon

> 
> I have attached a snapshot of our 340 authetnication page (note its set for 
> EAP, not MAC auth).
> 
> >
> > regards
> >
> > Hugh
> >
> > On Monday, Nov 11, 2002, at 00:09 Canada/Eastern, Bon sy wrote:
> > > Hi Huge and others,
> > >
> > > 	Anyone in the list has ever tried to set up RADIATOR to work with
> > > Cisco AP 350/352. The system and radio firmware versions are 12.00T and
> > > 5.02B respectively.
> > >
> > > 	I started with very basic "MAC authentication" (under
> > > setup -> security -> authentication server). But the RADIATOR does not
> > > seem to pick up. The configuration that I added to the RADIATOR config
> > > file is just simply
> > >
> > > <Client 192.123.168.101>
> > >    secret SharedSecret
> > >    DupInterval 0
> > > </client>
> > >
> > > 	As a side note, the same RADIATOR config file works for Orinoco
> > > AP-500 and AP-1000, but not for Cisco Ap 350. I wonder anyone in the
> > > list
> > > can shed lights on the proper settings on the side of the Cisco AP 350
> > > that I should start checking.
> > >
> > > 	Many thanks in advance!
> > >
> > > Bon
> >
> > NB: I am travelling this week, so there may be delays in our
> > correspondence.
> 
> -- 
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
> 
> Radiator: the most portable, flexible and configurable RADIUS server 
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
> TTLS etc on Unix, Windows, MacOS etc.
> 

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.