[SPAM] - RE: (RADIATOR) Cisco Aironet 1200 and Radiator - Bayesian Filter detected spam

Dejan Tanasijevic dejan at HEMOFARM.CO.YU
Fri Sep 9 05:00:26 CDT 2005


Hello
Here is example of config MAC authetication through http access on cisco
1200. If somebody need,I could send and complete CLI settings.

5.	Security/Server Management
a.	Corporate Servers (RADIUS)
b.	Server:xxxxxxx
c.	Shared Secret -xxxxxxxxx
d.	Apply
6.	Security/SSID Manager
b.	AuthenticationSettings/MethodsAccepted/  OpenAuthentication -
With MAC Authentication
c.	MAC Authentication Servers/Customize -your choose Radius server 
d.	Accounting Settings/ Accounting Server Priorities:/Customize -
choose  your Radius server


Thank you Hugh/Kliger

-----Original Message-----
From: Kliger, Sean C [mailto:skliger at fhcrc.org] 
Sent: Tuesday, September 06, 2005 5:50 PM
To: Hugh Irvine; Dejan Tanasijevic
Subject: [SPAM] - RE: (RADIATOR) Cisco Aironet 1200 and Radiator -
Bayesian Filter detected spam

Hugh/Dejan--

We use Cisco 1100 series APs rather than 1200 but both run Cisco's IOS
and the commands appear to be the same (see below).  We run two Radiator
servers, one is the primary for user auth and one is primary for
managment access auth.  Unfortunately for Dejan, we're using client
certificates.  Dynamic WEP keys are used with the keys changing every 60
minutes but we're using a 'migration mode' to get to WPA (but still with
client certs).  

aaa new-model
!
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
 server 140.107.42.130 auth-port 1645 acct-port 1646
 server 140.107.152.130 auth-port 1645 acct-port 1646
!
aaa group server radius rad_admin
 server 140.107.152.130 auth-port 1812 acct-port 1813
 server 140.107.42.130 auth-port 1812 acct-port 1813
!
aaa group server radius rad_pmip
!
aaa group server radius rad_eap
 server 140.107.42.130 auth-port 1645 acct-port 1646
 server 140.107.152.130 auth-port 1645 acct-port 1646
!
aaa authentication login default group rad_admin local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login pmip_methods group rad_pmip
aaa authorization exec default group radius
aaa authorization network default group radius local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
!
dot11 ssid whatever
   vlan whatever
   authentication open eap eap_methods
   authentication network-eap eap_methods
   authentication key-management wpa optional
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 140.107.42.130 auth-port 1645 acct-port 1646 key 0
keyhere
radius-server host 140.107.152.130 auth-port 1645 acct-port 1646 key 0
keyhere
radius-server host 140.107.152.130 auth-port 1812 acct-port 1813 key 0
keyhere
radius-server host 140.107.42.130 auth-port 1812 acct-port 1813 key 0
keyhere
radius-server vsa send accounting

--Sean

-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Hugh Irvine
Sent: Friday, September 02, 2005 4:31 PM
To: Dejan Tanasijevic
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Cisco Aironet 1200 and Radiator


Hello Dejan -

As it happens I was trying to get a Cisco Aironet configured for  
Radius yesterday, and unfortunately could not find the magic formula,  
so I would be very interested in an example configuration too.

A quick search on the Ciso web site gives this, but I haven't had a  
chance to do a configuration with it yet.

http://www.cisco.com/en/US/products/hw/wireless/ps430/ 
products_installation_and_configuration_guide_chapter09186a00801486a0.ht

ml

regards

Hugh



On 2 Sep 2005, at 23:13, Dejan Tanasijevic wrote:

> I would like to use Radiator as Radius server for 5 Cisco Aironet  
> 1200. Cisco offer two types of authetification EAP or WPA. Is it  
> possible to authetificate wireless clients (802.11b or g) without  
> client or server  certificates. For example only by client MAC  
> address stored in localy database on Radius server. I need some  
> example of config for raditor and also if some have some suggestion  
> for Cisco or client setup. It is good solution if client only need  
> to give his mac address, without some complicated setup on client  
> computer (hotels visitors)
>
>
>
> Regards to all
>
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list