Cisco Cisco Access Registrar 5.0 Guide De Dépannage

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Configuring EAP−Cisco Wireless (Cisco LEAP)

This section covers the basic configurations of Cisco LEAP on the Cisco AR server, the AP, and various
clients.

Step−by−Step Instructions

Follow these instructions to configure LEAP:

Change the port on the Cisco AR server.

The AP sends RADIUS information on User Datagram Protocol (UDP) ports 1812 (authentication)
and 1813 (accounting). Since the Cisco AR listens on UDP ports 1645 and 1646 by default, you must
configure the Cisco AR to listen on UDP ports 1812 and 1813.

Issue the cd /radius/advanced/ports command.

Issue the add 1812 command to add port 1812.

If you plan to do accounting, issue the add 1813 command to add port 1813.

Save the configuration, and then restart the services.

To add the AP to the Cisco AR server, issue these commands:

cd /Radius/Clients

♦

add ap350−1

♦

cd ap350−1

♦

set ipaddress 171.69.89.1

♦

set sharedsecret cisco

♦

To configure the Wired Equivalent Privacy (WEP) key session timeout, issue these commands:

Note: 802.1x specifies a reauthentication option. The Cisco LEAP algorithm utilizes this option to
expire the current WEP session key for the user and issue a new WEP session key.

cd /Radius/Profiles

♦

add ap−profile

♦

cd ap−profile

♦

cd attributes

♦

set session−timeout 600

♦

To create a user group that uses the profiles added in Step 3, issue these commands:

cd /Radius/Usergroups

♦

add ap−group

♦

cd ap−group

♦

set baseprofile ap−profile

♦

Users in this user group inherit the profile and in turn receive the session timeout.

To create users in a user list and to add the users to the user group defined in Step 4, issue these
commands:

cd /Radius/Userlists

♦

add ap−users

♦

cd ap−users

♦