In the last post we learnt about the LEAP authentication of a Repeater. For more therortical conectps or musr remeber point please check this link:
Autonomous AP as Repeater with WPA2
Lets see the configuration of EAP-FAST authentication.
*** In the same way we can authentication Bridge, WGB.
Here are the configurations.
Root AP:
hostname Root-AP ! aaa new-model ! aaa group server radius rad_eap server 10.35.80.110 auth-port 1812 acct-port 1813 ! aaa authentication login eap_method group rad_eap ! dot11 ssid RSCCIEW vlan 80 authentication network-eap eap_method authentication key-management wpa version 2 infrastructure-ssid ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 80 mode ciphers aes-ccm ! ssid RSCCIEW ! station-role root ! interface Dot11Radio0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 10.35.80.110 255.255.255.0 no ip route-cache ! ip default-gateway 10.35.80.254 radius-server local eapfast authority id 01234567890123456789012345678901 eapfast authority info CCIEW eapfast server-key primary 7 52B537935F17B2359E1DCA5291705E3E76 nas 10.35.80.110 key 7 070C285F4D06485744 nas 10.35.80.111 key 7 14141B180F0B7B7977 user repeater nthash 7 144231535C540C7A77096016074B51332753030D0877705A264F450A09720A7307 user sandeep nthash 7 101B2A415547345A5F25790801706510064152425325720D7D04075D523D4F780A ! radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 070C285F4D06485744
Repeater AP:
hostname Repeater-AP ! aaa new-model ! aaa group server radius rad_eap server 10.35.80.110 auth-port 1812 acct-port 1813 ! aaa authentication login eap_method group rad_eap ! dot11 ssid RSCCIEW vlan 80 authentication open eap eap_method authentication network-eap eap_method authentication key-management wpa version 2 dot1x credentials FAST dot1x eap profile FAST guest-mode infrastructure-ssid ! eap profile FAST method fast ! dot1x credentials FAST username sandeep password 7 01100F175804 ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 80 mode ciphers aes-ccm ! ssid RSCCIEW ! station-role repeater ! interface Dot11Radio0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 10.35.80.111 255.255.255.0 no ip route-cache ! radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 030752180500701E1D
This is the notification we get after authentication of a repeater:
*Dec 17 10:43:53.122: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio0, Associated To AP Root-AP 003a.9914.1370 [EAP-FAST WPAv2]
Client status:
Root-AP#sh dot11 associations 802.11 Client Stations on Dot11Radio0: SSID [RSCCIEW] : MAC Address IP address Device Name Parent State 2894.0fa8.a594 10.35.80.111 ap1240-Rptr Repeater-AP self EAP-Assoc ac7b.a1d1.c289 10.35.80.109 Rptr-client Repeater-AP 2894.0fa8.a594 EAP-Assoc Root-AP# Root-AP#sh dot11 associations ac7b.a1d1.c289 Address : ac7b.a1d1.c289 Name : Repeater-AP IP Address : 10.35.80.109 Interface : Dot11Radio 0 Device : Rptr-client Software Version : NONE CCX Version : NONE Client MFP : Off State : EAP-Assoc Parent : 2894.0fa8.a594 SSID : RSCCIEW VLAN : 80 Hops to Infra : 0 Clients Associated: 0 Repeaters associated: 0
That is all about Repeaters 🙂
Advertisements
One thought on “Autonomous AP as Repeater with EAP-FAST”