cancel
Showing results for 
Search instead for 
Did you mean: 

Test wlan that will uses eap ms-chapv2 self-controller to authenticate

Test wlan that will uses eap ms-chapv2 self-controller to authenticate

Phil_storey
Contributor
I have created on onboard Radius and role based firewall, ( sort of )
so this is what I have done so far,

from the CLI
#conf
# radius-server-policy RADIUS
# commit write
#radius-group Guest
#guest
#..
radius-group Corp
#..
radius-user-pool CORP-USER
User UKROI password #976301234 group corp
#commit write
#profile rfs7000 default-rfs7000
#use radius-server--policy RADIUS
#commit write

# role-policy RBFW
#user-role Guest precedence 1
#assign vlan 999
#ssid contains Guest
#..
#user-role Corp precedence 2
#assign vlan 1000
#group exact Corp
#commit write
#aaa-policy INTERNAL-AAA
#authentication server 1 onboard-controller
I have created a wlan and assigned the aaa-policy INTERNAL_AAA

then in the ap profile under settings I have added the RBFW in the wireless client role policy

The problem I have
I only have two prodution vlan's so I can not put the AAA server to these, but I need to get to a server on the main VLAN

I can see the Dot1x wlan that is part of the test, If I use my mobile phone and try to connect it prompts for a usernsme and a password as it should, I then put thses details is
select the ms-chapv2, then you have an option about certificate he I select none
then under the username it show anonymous
then drop to password enter this
then it shows connecting then gives up.
Now I think its due to the fact that Vlan 999 & 1000 do not have any dhcp server to give the device and IP

So can I setup a dhcp server on the RFS7k ( wing 5.8.5 ) that will only dish out addresses on the dot1x wlan ? then route off to our main vlan to attach to atest server

Lot of information and questions - but any help appreciated

24 REPLIES 24

Phil_storey
Contributor
anyone know if there Is a release for the RFS7k 5.8.6 ?

Phil_storey
Contributor
Bit more, its seems there maybe a bug in 5.8.5, when you look at the context for the radius server its configured, and looks like its running, but when you sh the radius server stats its not running, and any connection comes back with "No response from radiusd " This may also explain why I could never get conneted to the captive portal, when I was trying to set one up, I could get the web page and the login detais etc but just would not connect - This was a while a ago and just me seeing how it worked

Christopher_Fra
Extreme Employee
For a simple test, just use PEAP/MSCHAPv2 on the RFS on-board radius server and on the client side, ensure that you un-select to validate server certificate. You will not need a certificate on the RFS if using PEAP/MSCHAPv2.

Andrew_Webster
New Contributor III
You need to create the certificate on the RFS. The video I linked in earlier covers those steps.
GTM-P2G8KFN