Cisco 1200 EAP-TLS config

[salmans]

Does anyone have any documentation on configuring a Cisco 1200 aironet for EAP-TLS? I have config'd the CA/IAS/users/certificates stuff but cant get the dang 1200 to work. I've config'd a 3com WAP in the past for this with no probs but this 1200 is kickin my tail. Thanks in advance.

Do it right the first time, and there won't be a second time!

 

[ADB100]

I have pasted the relevent bits from my Aironet 1120G AP:

aaa new-model
!
!
aaa group server radius RAD-EAP
 server 10.1.1.1 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group RAD-EAP local
aaa accounting network acct_methods start-stop group RAD-EAP
!
dot11 ssid wireless
   authentication open eap eap_methods 
   authentication network-eap eap_methods 
   authentication key-management wpa
   accounting acct_methods
   guest-mode
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip 
 !
 broadcast-key change 320
 !
 !
 ssid wireless
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 channel 2462
 station-role root
 rts threshold 2312
 no dot11 qos mode
 no dot11 extension aironet
 no cdp enable
 dot1x reauth-period server
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
radius-server attribute 32 include-in-access-req format %h
radius-server attribute 32 include-in-accounting-req format %h
radius-server host 10.1.1.1 auth-port 1812 acct-port 1813 key secret-key
!

HTH

Andy

 

[salmans]

I did get it to work. Thank you for your post Andy.

Do it right the first time, and there won't be a second time!