Since the even with the configuration guides I found and uploaded configuration of the Wireless Controller still has some details not in the guides. I thought I would upload my confguration of my wireless as an example. I am using EAP based WPA/WPA2 security to a Windows 2003 Radius Server specifically an internal PKI . This is based on an existing IAS Server infrastructure and just adding the Wireless Controller as a new Radius Client. I have two SSIDs one for guests called GUEST-WIFI on an internet access vlan (VLAN 80) and a SECURED-WIFI for end-users on VLAN 1 using WPA/WPA2.
On the controller the following needs to be configured:
#
domain default enable system
#
port-security enable
#
dot1x authentication-method eap
#
radius scheme ias
server-type extended
primary authentication IASSERVERIP
primary accounting IASSERVERIP
key authentication SHAREDKEY
key accounting SHAREDKEY
timer realtime-accounting 3
user-name-format keep-original
nas-ip ACCESSCONTROLLERIP
undo stop-accounting-buffer enable
accounting-on enable
#
#
domain ias
authentication default radius-scheme ias
authorization default radius-scheme ias
accounting default radius-scheme ias
access-limit disable
state active
idle-cut disable
self-service-url disable
#
wlan radio-policy rp
beacon-interval 500
#
wlan service-template 1 clear
ssid GUEST-WIFI
bind WLAN-ESS 0
user-isolation enable
service-template enable
#
wlan service-template 2 crypto
ssid SECURED-WIFI
bind WLAN-ESS 1
cipher-suite tkip
cipher-suite ccmp
security-ie rsn
security-ie wpa
service-template enable
#
#
interface WLAN-ESS0
port access vlan 80
#
interface WLAN-ESS1
port-security port-mode userlogin-secure-ext
port-security tx-key-type 11key
dot1x mandatory-domain ias
#
#
wlan ap autoap model 7760_2750 id 3
serial-id auto
radio 1
radio-policy rp
service-template 1
service-template 2
radio enable
On the IAS server a new radius client needs to be configured.
