This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Wireless
- ExtremeWireless (WiNG)
- How to configure RFS4000 with Radius authenticatio...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to configure RFS4000 with Radius authentication AD
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-18-2021 09:35 AM
I configure radius external Authentication AD with RFS4000 But not working,
rfs4000-F8A311#sh running-config
!
! Configuration of RFS4000 version 5.9.1.10-002R
!
!
version 2.5
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
aaa-policy SRV-DC3-NPS
authentication server 1 host 172.16.1.3 secret 0 ADMSRVL0C@L
authentication server 1 proxy-mode through-rf-domain-manager
!
association-acl-policy FiltrageMAC
permit 00-10-40-A8-9C-7B 00-10-40-A8-9C-7B precedence 1
permit 00-10-40-A8-9D-62 00-10-40-A8-9D-62 precedence 2
permit 00-10-40-A8-9D-83 00-10-40-A8-9D-83 precedence 3
permit 00-10-40-A8-9D-BF 00-10-40-A8-9D-BF precedence 4
permit 00-10-40-A8-BD-78 00-10-40-A8-BD-78 precedence 5
permit 3E-4A-68-A4-FD-53 3E-4A-68-A4-FD-53 precedence 6
permit 00-10-40-A8-9D-0E 00-10-40-A8-9D-0E precedence 7
permit 00-10-40-A8-9C-BA 00-10-40-A8-9C-BA precedence 8
permit 00-10-40-A8-9D-95 00-10-40-A8-9D-95 precedence 9
permit 00-10-40-A8-BD-6F 00-10-40-A8-BD-6F precedence 10
permit 00-10-40-A8-BD-51 00-10-40-A8-BD-51 precedence 11
!
wlan 1
ssid WMS
vlan 1
bridging-mode local
encryption-type ccmp
authentication-type none
wpa-wpa2 psk 0 B@TTU2016XU
!
wlan GX
description Wifi Magasin MACFilter
ssid GX
vlan 1
bridging-mode local
encryption-type none
authentication-type none
use association-acl-policy FiltrageMAC
!
smart-rf-policy Smart
!
!
management-policy default
telnet
http server
https server
ftp username ftpuser password 1 cef6a511381477f8df605e3b81c2ec41d28d419c24daa7931 rootdir flash:/
ssh
user admin password 1 849fdef1e1303ec60f2d49c3ebb57a2a3d5a22f83f77deef5e1a0465ad8d73a1 role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
ex3500-management-policy default
snmp-server community public ro
snmp-server community private rw
snmp-server notify-filter 1 remote 127.0.0.1
snmp-server view defaultview 1 included
!
l2tpv3 policy default
!
profile rfs4000 default-rfs4000
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface radio1
interface radio2
interface up1
interface ge1
interface ge2
interface ge3
interface ge4
interface ge5
interface wwan1
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
service pm sys-restart
router ospf
router bgp
adoption-mode controller
!
profile ap82xx default-ap82xx
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface radio1
interface radio2
interface radio3
interface ge1
interface ge2
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface wwan1
interface pppoe1
use firewall-policy default
use client-identity-group default
service pm sys-restart
router ospf
adoption-mode controller
--More-- Jun 15 19:28:32 2021: %DATAPLANE-4-IPMACCONFLICT: IP-MAC CONFLICT: Conflict in ip-mac binding between packet and snoop table data : Vlan = 1, Pkt Src Mac: 50-3D-E5-78-5A-80, Pkt Dst Mac: 3C-A8-2A-82-CF-9D, Pkt Src IP : 172.16.2.186, Snoop Table Mac: A0-A4-C5-72-AC-13, Snoop Table IP: 172.16.2.186 . !
profile ap81xx default-ap81xx
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface radio1
interface radio2
interface radio3
interface bluetooth1
shutdown
interface ge1
interface ge2
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface wwan1
interface pppoe1
use firewall-policy default
use client-identity-group default
service pm sys-restart
router ospf
adoption-mode controller
!
profile ap7522 default-ap7522
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
--More-- Jun 15 19:28:33 2021: %DATAPLANE-4-DOSATTACK: BAD_PACKET: Bcast/Mcast ICMP not allowed : Src IP : 172.16.3.125, Dst IP: 224.0.0.1, Src Mac: 00-72-78-9C-7B-4E, Dst Mac: 01-00-5E-00-00-01, ICMP type = 9, ICMP code = 0, Prot wlan 1 bss 1 primary
wlan GX bss 2 primary
interface radio2
shutdown
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
service pm sys-restart
router ospf
adoption-mode controller
!
profile ap7532 default-ap7532
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
service pm sys-restart
router ospf
adoption-mode controller
!
profile ap7502 default-ap7502
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface fe1
interface fe2
interface fe3
no power
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
service pm sys-restart
adoption-mode controller
!
profile ap71xx default-ap71xx
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface radio1
interface radio2
interface radio3
interface ge1
interface ge2
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface wwan1
interface pppoe1
use firewall-policy default
use client-identity-group default
service pm sys-restart
adoption-mode controller
!
profile ap6532 default-ap6532
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
service pm sys-restart
adoption-mode controller
!
profile ap650 default-ap650
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
service pm sys-restart
adoption-mode controller
!
profile ap6521 default-ap6521
autoinstall configuration
autoinstall firmware
interface radio1
wlan 1 bss 1 primary
wlan GX bss 2 primary
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
service pm sys-restart
adoption-mode controller
!
profile ap621 default-ap621
autoinstall configuration
autoinstall firmware
interface radio1
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
use firewall-policy default
use client-identity-group default
service pm sys-restart
adoption-mode controller
!
profile ap6511 default-ap6511
autoinstall configuration
autoinstall firmware
interface radio1
interface up1
interface fe1
interface fe2
interface fe3
interface fe4
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
service pm sys-restart
adoption-mode controller
!
profile ap6562 default-ap6562
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
placement outdoor
interface radio2
placement outdoor
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
service pm sys-restart
adoption-mode controller
!
profile ap6522 default-ap6522
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
service pm sys-restart
adoption-mode controller
!
profile ap622 default-ap622
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
use firewall-policy default
use client-identity-group default
service pm sys-restart
adoption-mode controller
!
rf-domain default
location AP
contact TA
country-code fr
use smart-rf-policy Smart
!
rfs4000 B4-C7-99-F8-A1-09
use profile default-rfs4000
use rf-domain default
hostname rfs4000-F8A109
license AP DEFAULT-6AP-LICENSE
license ADSEC DEFAULT-ADV-SEC-LICENSE
device-upgrade auto ap6521
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1-2,10
interface vlan1
ip address 172.16.1.201/16
ip address 192.168.0.1/24 secondary
ip dhcp client request options all
no shutdown
cluster name cl_bottu
cluster member ip 172.16.1.12 level 1
cluster member ip 172.16.1.201
cluster member ip 172.16.1.200 level 1
cluster member ip 172.16.1.13 level 1
cluster master-priority 1
logging on
logging console warnings
logging buffered warnings
!
rfs4000 B4-C7-99-F8-A3-11
use profile default-rfs4000
use rf-domain default
hostname rfs4000-F8A311
license AP DEFAULT-6AP-LICENSE
license AAP d8370195e5a2268312f2ad1b43eb92927ce131cf118579c3dd6558e28d72cc69cc1688b96d5e336b
license ADSEC DEFAULT-ADV-SEC-LICENSE
device-upgrade auto ap6521
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1-2
interface vlan1
ip address 172.16.1.200/16
ip address 192.168.0.1/24 secondary
ip dhcp client request options all
no shutdown
cluster name cl_bottu
cluster member ip 172.16.1.12 level 1
cluster member ip 172.16.1.201
cluster member ip 172.16.1.200 level 1
cluster member ip 172.16.1.13 level 1
cluster master-priority 200
logging on
logging console warnings
logging buffered warnings
!
ap7522 B8-50-01-A8-DD-60
use profile default-ap7522
use rf-domain default
hostname ap7522-A8DD60
!
ap7522 B8-50-01-A8-DE-7C
use profile default-ap7522
use rf-domain default
hostname ap7522-A8DE7C
!
ap7522 B8-50-01-A8-DF-AC
use profile default-ap7522
use rf-domain default
hostname ap7522-A8DFAC
!
ap6521 FC-0A-81-44-80-08
use profile default-ap6521
use rf-domain default
hostname ap6521-448008
!
ap6521 FC-0A-81-44-83-B2
use profile default-ap6521
use rf-domain default
hostname ap6521-4483B2
!
ap6521 FC-0A-81-44-83-BA
use profile default-ap6521
use rf-domain default
hostname ap6521-4483BA
!
ap6521 FC-0A-81-44-86-70
use profile default-ap6521
use rf-domain default
hostname ap6521-448670
!
ap6521 FC-0A-81-44-86-F0
use profile default-ap6521
use rf-domain default
hostname ap6521-4486F0
!
ap6521 FC-0A-81-44-89-08
use profile default-ap6521
use rf-domain default
hostname ap6521-448908
!
ap6521 FC-0A-81-44-8B-04
use profile default-ap6521
use rf-domain default
hostname ap6521-448B04
!
ap6521 FC-0A-81-44-8B-08
use profile default-ap6521
use rf-domain default
hostname ap6521-448B08
!
ap6521 FC-0A-81-F1-12-2A
use profile default-ap6521
use rf-domain default
hostname ap6521-F1122A
!
ap6521 FC-0A-81-F1-12-72
use profile default-ap6521
use rf-domain default
hostname ap6521-F11272
!
ap6521 FC-0A-81-F1-12-F2
use profile default-ap6521
use rf-domain default
hostname ap6521-F112F2
!
ap6521 FC-0A-81-F1-81-C4
use profile default-ap6521
use rf-domain default
hostname ap6521-F181C4
!
ap6521 FC-0A-81-F1-83-1E
use profile default-ap6521
use rf-domain default
hostname ap6521-F1831E
!
ap6521 FC-0A-81-F1-85-14
use profile default-ap6521
use rf-domain default
hostname ap6521-F18514
!
ap6521 FC-0A-81-F1-B9-18
use profile default-ap6521
use rf-domain default
hostname ap6521-F1B918
!
ap6521 FC-0A-81-F1-B9-1A
use profile default-ap6521
use rf-domain default
hostname ap6521-F1B91A
!
ap6521 FC-0A-81-F1-B9-22
use profile default-ap6521
use rf-domain default
hostname ap6521-F1B922
!
ap6521 FC-0A-81-F1-C0-4C
use profile default-ap6521
use rf-domain default
hostname ap6521-F1C04C
!
ap6521 FC-0A-81-F1-C0-52
use profile default-ap6521
use rf-domain default
hostname ap6521-F1C052
!
ap6521 FC-0A-81-F1-C0-54
use profile default-ap6521
use rf-domain default
hostname ap6521-F1C054
!
ap6521 FC-0A-81-F1-C0-92
use profile default-ap6521
use rf-domain default
hostname ap6521-F1C092
!
!
end
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-18-2021 03:36 PM
Hello,
I don’t see a WLAN configured for EAP authentication, only a AAA policy configured for external radius.
Please add a new WLAN using EAP for “Select Authentication”, map your existing AAA policy to the WLAN, and select encryption type that will be used for EAP (802.1x).
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-18-2021 03:36 PM
Hello,
I don’t see a WLAN configured for EAP authentication, only a AAA policy configured for external radius.
Please add a new WLAN using EAP for “Select Authentication”, map your existing AAA policy to the WLAN, and select encryption type that will be used for EAP (802.1x).
