Configuring 1300 as Non-Root Bridge
This examples sets a LEAP user name and passsword for the SSID test:
bridge# configure terminal
bridge(config)# configure interface dot1radio0
bridge(config)# station role non-root
bridge(config)# ssid test
Following command configure username and password for Leap authentication:
bridge(config-ssid)# authentication client username admin password p@ssw0rd
bridge(config-ssid)# end
-------------------------------------------------------------------------
Following command enable the local radius server on the bridge and ensure that local radius
server is used for authentication
bridge(config)#aaa new-model
bridge(config)# aaa group server radius rad_eap server 10.10.10.10 auth-port 1812 acct-port 1813
bridge(config)# aaa authentication login esp_methods group rad_eap
bridge(config)# station role root
bridge(config)# distance 1
following command enters the bridge into the local server config mode:
bridge(config)# radius-server local
By default LEAP, EAPFAST, & MAC authentication are supported. Using the no form for other 2 types
ensures that LEAP is used for authentication.
bridge(config)# no authentication eapfast
bridge(config)# no authentication mac
bridge(config)# interface dot11radio 0
bridge(config-if) # ssid bridge
Following command enable EAP authentication for the SSID
bridge(config-if-ssid)# authentication network-eap rad_eap
This step is optional. This value seeds the initial key for use with broadcast [255.255.255.255] traffic.
If more than one VLAN is used, then keys must be set for each VLAN,
bridge(config-if)# encryption vlan 1 key 1 size 128bit 1234567890123456789 transmit-
This defines the policy for the use of Wired Equivalent Privacy (WEP). If more than one VLAN is used,
the policy must be set to mandatory for each VLAN.
bridge(config-if )# encryption vlan 1 mode wep mandatory
bridge(config)# user admin password p@ssw0rd
This examples sets a LEAP user name and passsword for the SSID test:
bridge# configure terminal
bridge(config)# configure interface dot1radio0
bridge(config)# station role non-root
bridge(config)# ssid test
Following command configure username and password for Leap authentication:
bridge(config-ssid)# authentication client username admin password p@ssw0rd
bridge(config-ssid)# end
-------------------------------------------------------------------------
Following command enable the local radius server on the bridge and ensure that local radius
server is used for authentication
bridge(config)#aaa new-model
bridge(config)# aaa group server radius rad_eap server 10.10.10.10 auth-port 1812 acct-port 1813
bridge(config)# aaa authentication login esp_methods group rad_eap
bridge(config)# station role root
bridge(config)# distance 1
following command enters the bridge into the local server config mode:
bridge(config)# radius-server local
By default LEAP, EAPFAST, & MAC authentication are supported. Using the no form for other 2 types
ensures that LEAP is used for authentication.
bridge(config)# no authentication eapfast
bridge(config)# no authentication mac
bridge(config)# interface dot11radio 0
bridge(config-if) # ssid bridge
Following command enable EAP authentication for the SSID
bridge(config-if-ssid)# authentication network-eap rad_eap
This step is optional. This value seeds the initial key for use with broadcast [255.255.255.255] traffic.
If more than one VLAN is used, then keys must be set for each VLAN,
bridge(config-if)# encryption vlan 1 key 1 size 128bit 1234567890123456789 transmit-
This defines the policy for the use of Wired Equivalent Privacy (WEP). If more than one VLAN is used,
the policy must be set to mandatory for each VLAN.
bridge(config-if )# encryption vlan 1 mode wep mandatory
bridge(config)# user admin password p@ssw0rd
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.