Configuration steps
IOS configuration on R1
| aaa new-model | The first command, aaa new-model, tells the router that you are using either TACACS+ or RADIUS for authentication. |
| radius-server host 192.168.1.2 key p@ssword | Tells the router the IP address of the RADIUS server and the shared secret. |
| aaa authentication login default group radius local | The aaa authentication command is used to start RADIUS authentication on the router as a defaul method for login. |
line vty 0 15 login authentication default | Configuration of the vty interfaces for login |
Configure WPA entreprise on a Linksys wireless access point
WPA enterprise configuration with radius authentication
This tutorial describes how to configure WPA entreprise WIFI authentication on a LinksysTM WRT300N wireless router in Packet Tracer 7.2.1
Linksys WRT300N : 192.168.1.1/24
RADIUS Server : 192.168.1.2/24
Laptop : 192.168.1.3/24
Tip : For security reasons, it is highly recommended to secure the RADIUS server behind a router (using ACL) or a firewall in production networks.
Configuration steps
- Add a Linksys AP and configure it's IP address to 192.168.1.1 (netmask 255.255.255.0)
- Add a Server-PT device and configure it's IP address to 192.168.1.2 (netmask 255.255.255.0)
- On the Server configuration page, configure the AAA Service with the following settings :
- Client Name : Linksys (Chose a name. Doesn't need to match AP name)
- Client IP : IP address of the Linksys AP
- Client password : A shared secret with the AP (here : deltapassword)
- Create a new user (name : user1 - Password : test)
- Configure the wireless settings of the Linksys AP like in the screenshot above (WPA TKIP / Radius server IP / Shared secret)
- Add a laptop device and configure it with a PT-LAPTOP-NM-1W module (Drag and drop to replaces the original ethernet module)
- Configure the wireless settings of the laptop like in the screenshot above (WPA TKIP / User ID, Password)
- The connection should establish between the laptop and the AP.