Setting up Radius server on Autonomous1200 series AP

Similar Messages

• Set-up Radius Server to ACS 4.2 and AD server

  Hi Guys,
  I would like to ask help from you on how to set-up Radius server in ACS 4.2  (step-by-step guide or link), wireless client will be authenticated via Active Directory when connecting to our Wireless AP so it means that our Wireless AP is added as client to Radius server.
  Thanks in advance!
  regards,
  Gagamboy

  Hi Colin
  thanks for your answer, we had the this setting correct. I was able to solve the problem yesterday, we had some faults in the AD mapping.
  I didn't know that when I select more AD groups for one ACS group in one step, that the user / host has to be in every of these AD groups (AND conjunction).
  Now I only added one AD group for my ACS group and it works. The error message "AD user restriction" was not very helpful for finding this fault ;-)
  Regards
  Dominic

• How to set local radius with AP 1240AG series

  Hi,
  I have been trying to set up a AP with AIR-AP1242AG-Ak9 as a local authenticator radius but with no success. I have followed the steps from a lot of posts but no go, even with the most simple and understanable post like this one: 
  https://supportforums.cisco.com/document/101121/configuring-autonomous-ap-local-radius-authentication
  The guy at the end of the post says:
  Configuring AP
  1. Go to Security>Encryption Manager
  2. Specify Encryption (can be WEP or WPA)
  3. Specify that WEP is Mandatory
  4. Specify the key accordingly
  5. Click Apply
  6. Go to Security>SSID Manage
  7. Select the desired SSID
  But when I go via GUI fist of all:
  I dont understand why it says it can be WEP o WPA because if I select WEP and follow the rest of the steps, I got an error message: WPA mandatory is supported only with Cipher TKIP or AES CCMP or AES CCMP +TKIP <see encryption managerpage>
  Besides WEP, as far as I kknow it only works with a password only and I want the PC clients to aunthenticate with the AP itself as a Radius local server so it should ask for a username and password defined in the AP.
  Second of all, the steps from the guy states on item 4, specfy the key acordinly? what this means? I only see keys filed in hexa.
  third of all, if I do the steps in the error above, it allows me to set WPA with key management Mandatory but only by selecting the Cipher drop down menu, so which item should I pick ?there are a lot like AES CCMP, AES CCMP+TKIP, etc
  But whenever another PC tries to login, it asks for the username and password, but it never get passed just saying error on the network.
  I include the debug for the local radius below
  I also included the config of the AP
  All I want is the AP ask for a username and password, login successfully and thats it.
  anybody else or someone that has a function config to share with me? I would appreciate it, cause I have been more than 12 hours in a row trying to set it up but no go 

  Here is a one of my post related to this topic,see if that helps,
  http://mrncciew.com/2013/03/03/autonomous-ap-as-local-radius-server/
  If supported use WPA2 with AES as that is most secure. Do not use WEP. If WPA2/AES is not supported then try to use WAP with TKIP.
  Here is other useful configuration example on the same topic
  https://rscciew.wordpress.com/2014/07/24/autonomous-ap-with-local-radius-server-eap-fast/
  HTH
  Rasika
  **** Pls rate all useful responses ***

• WLC 5508 Radius Server

  what is the authentication list precedence for radius authentication?
  global list       network user checkbox
  per wlan        aaa server add
  global list       network user uncheck
  i  have 3 radius server, 2 of which are use for gloabl authentication(all  ap are hreap) and a 3rd one use only for 1 site, when the 2 first radius  server fails the wlc use the 3rd one, but the 3rd only has database for  1 site users,
  do  i need to uncheck the network user checkbox on the 3rd radius and  create a hreap group then associate the 3rd one?  i dont want the 3rd  radius to be able for the gloabl list to take this as normal globla  radius. any commnets?

  Osvaldo,
  Your observation is correct and this should be documented on the WLC help tab if you search for keyword network user under radius auth.
  Quote:
  Network User—Network user authentication check box. If this option is enabled, this entry is considered as the network user RADIUS authenticating server entry. If you did not set the RADIUS server entry on the WLAN configuration (WLANs > Edit > Security > AAA Servers), you must enable this option for networkusers.
  Management—Management authentication check box. If this option is enabled, this entry is considered as the management RADIUS authenticating server entry. If you enable this option, authentication requests go to the RADIUS server
  AAA server defined on WLAN takes precedence over global.

• How to set two radius servers one is window NPS another is cisco radius server

  how to set two radius servers one is window NPS another is cisco radius server
  when i try the following command, once window priority is first , i type cisco radius user name, it authenticated fail
  i can not use both at the same time
  radius-server host 192.168.1.3  is window NPS
  radius-server host 192.168.1.1 is cisco radius
  http://blog.skufel.net/2012/06/how-to-integrating-cisco-devices-access-with-microsoft-npsradius/
  conf t
  no aaa authentication login default line
  no aaa authentication login local group radius
  no aaa authorization exec default group radius if-authenticated
  no aaa authorization network default group radius
  no aaa accounting connection default start-stop group radius
  aaa new-model
  aaa group server radius IAS
   server 192.168.1.1 auth-port 1812 acct-port 1813
   server 192.168.1.3 auth-port 1812 acct-port 1813
  aaa authentication login userAuthentication local group IAS
  aaa authorization exec userAuthorization local group IAS if-authenticated
  aaa authorization network userAuthorization local group IAS
  aaa accounting exec default start-stop group IAS
  aaa accounting system default start-stop group IAS
  aaa session-id common
  radius-server host 192.168.1.1 auth-port 1812 acct-port 1813
  radius-server host 192.168.1.2 auth-port 1812 acct-port 1813
  radius-server host 192.168.1.3 auth-port 1645 acct-port 1646
  radius-server host 192.168.1.3 auth-port 1812 acct-port 1813
  privilege exec level 1 show config
  ip radius source-interface Gi0/1
  line vty 0 4
   authorization exec userAuthorization
   login authentication userAuthentication
   transport input telnet
  line vty 5 15
   authorization exec userAuthorization
   login authentication userAuthentication
   transport input telnet
  end
  conf t
  aaa group server radius IAS
   server 192.168.1.3 auth-port 1812 acct-port 1813
   server 192.168.1.1 auth-port 1812 acct-port 1813
  end

  The first AAA server listed in your config will always be used unless/until it becomes unavailable. At that point the NAD would move down to the next AAA server defined on the list and use that one until it becomes unavailable and then move to third one, and so on. 
  If you want to use two AAA servers at the same time then you will need to put a load balancer in front of them. Then the virtual IP (vip) will be listed in the NADs vs the individual AAA servers' IPs. 
  I hope this helps!
  Thank you for rating helpful posts!

• Cisco aironet 2600 series AP configuration with windows 2008 R2 Radius server.

  I want to know the configuration of Cisco aironet 2600 series AP with windows 2008 R2 Radius server.  
  I have
  1. AD & DHCP Server
  2. Cisco Aironet 2600 Access Point.
  I want to connect wifi devices through this AP. Authentication should be through Radius server and AD.

  Hi , 
  Below link should support your requirement 
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116584-configure-wirelesslan-00.html
  Minimal command : -
  AP(config)# aaa new-model
   AP(config)# radius-server host 172.20.0.1 auth-port 1645 acct-port 1645 key XXXXXX
   AP(config)# radius-server deadtime 10
  HTH
  Sandy

• Configuring Cisco Aironet 1140 for Radius and setting up a Radius server

  guys i need some help setting up my Radius to work with cisco aironet 1140, i am new at this however i was tasked with setting up a Radius server and setting our AP with WPA2- enterprise so users can log into our AP using AD credentials.
  When i try to setup on the AP a new SSID i do not see the option for WPA2- enterprise?

  Here are other links with examples:
  https://supportforums.cisco.com/thread/331581
  http://targetcisco.blogspot.com/2011/03/cisco-autonomous-access-point.html
  http://downloads.avaya.com/css/P8/documents/100041614
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Setting Radius server for Airport Extreme

  Hi all,
  I have AP Airport Extreme. I updated it to the latest version of firmware and Airport utility.
  I am trying to set the AP to connect to Microsoft Radius server (Windows server 2003). The problem is that in the security, I don't have WPA/WPA2 Enterprise. I only have WPA/WPA2 personal. I do have option to configure the radius properties (IP, Port, etc'...).
  What should I do in order to set my AP to connect to Microsoft Windows server 2003?
  Thanks for your help.

  About the only one I'm aware of is the D-Link DPR-1260, which supports up to 4 printers. I have the predecessor to this print server, but it was horribly unreliable, requiring a reboot at least once a day, so YMMV. I settled on a Buffalo WLI-TX4-G54HP wireless-to-Ethernet bridge (with built-in 4-port Ethernet switch) and use my Belkin F1UP0001 in Ethernet mode. This combination gives me the option of adding network-enabled printers at a later date.

• WLC "radius server overwrite interface" setting

  Hello
  I'm looking at using "radius server overwrite interface" on a WLAN as a replacement for Called-Station-ID for Radius to match on SSID.
  When I enable "radius server overwrite interface" on a WLAN and join a client to the SSID I can see (via packet capture) that the WLC is correctly sourcing the Radius packets with the WLAN's "dynamic" interface IP Address. The problem is that the Radius server doesn't repond to these requests. Radius is configured with rules to match the new IP address but I see nothing (pass or fail) in the logs.
  Interestingly, the packet captures shows the correct NAS IP address (the WLAN interface IP Address) but always shows the WLC hostname as NAS-ID (regardless of NAS-ID settings on the WLAN or WLAN interface)
  I've tried WLC software 7.4.110.0, 7.4.121.0 and 7.6.100.0 with the same results but Radius never responds. Radius is Cisco ACS 5.5.0.46. Any ideas as to why this is happening?
  Thanks
  Andy

  Hi Scott
  installed ACS 5.4 0.46.6 and I still have the same problem - ACS doesn't respond to request from WLC when  "radius server overwrite interface" is enabled on WLAN and nothing appears in the logs. With  "radius server overwrite interface" disabled on the WLAN, authentication is a success and I can see this in the logs.
  I had a look a the packet captures I took earlier and the attributes in the Access-Request look ok - the only attribute I wasn't sure about was Message-Authenticator. Found this ietf document http://www.ietf.org/rfc/rfc2869.txt which mentions "silent discards" of Radius packets with non existent or incorrect Message-Authenticator attributes. I'm not sure if this is what I'm seeing on ACS when it receives the  "radius server overwrite interface" Access-Request packets. ACS is under contract so I will contact TAC about this.
  Mt production ACS cluster was upgraded from latest version of 5.3 to 5.5 with no loss of historic logs (logging after upgrade worked fine also). The upgrade did take a while with the log-collector. When it had completed I checked the Data Upgrade Status under Monitoring configuration and it showed that the upgrade was successful.
  Thanks for your help with this.
  Cheers
  Andy

• Access denied when ssh in window server 2008 after set it as radius server

  yesterday i succeed to use aaa to login and can see aaa in sh aaa session
  https://murison.wordpress.com/2010/11/11/cisco-radius-configuration-with-server-2008-r2/
  today i simulate again, it access denied, do not know where is wrong
  win 192.168.2.12 ---  switch 192.168.2.5 --- 192.168.2.1 R1
  R1
  conf t
  hostname router1
  int FastEthernet0/0
  ip address 192.168.2.1 255.255.255.0
  no shut
  end
  conf t
  ip route 192.168.2.0 255.255.255.0 192.168.2.5
  end
  enable
  configure terminal
  enable secret cisco
  end
  conf t
  aaa new-model
  username radiusclient privilege 15 password 0 cisco
  crypto key generate rsa
  ip ssh time-out 60
  ip ssh version 2
  line vty 0 4
  transport input ssh
  exit
  line vty 5 15
  transport input ssh
  exit
  ip domain-name radius1.local
  radius-server host 192.168.2.12
  radius-server key cisco
  aaa group server radius NPSSERVER
  server 192.168.2.12
  exit
  aaa authentication login default group NPSSERVER local
  aaa authorization exec default group NPSSERVER local
  exit
  R2
  conf t
  vlan 10
  int vlan 10
  ip address 192.168.2.5 255.255.255.0
  end
  conf t
  hostname router2
  int FastEthernet1/0
  switchport
  switchport access vlan 10
  switchport mode access
  shutdown
  no shut
  end
  conf t
  hostname router2
  int FastEthernet1/1
  switchport
  switchport access vlan 10
  switchport mode access
  shutdown
  no shut
  end
  conf t
  hostname router2
  int FastEthernet1/2
  switchport
  switchport access vlan 10
  switchport mode access
  shutdown
  no shut
  end
  R3
  conf t
  hostname router3
  int FastEthernet0/0
  ip address 192.168.2.7 255.255.255.0
  no shut
  end
  conf t
  ip route 192.168.2.0 255.255.255.0 192.168.2.5
  end

  Hi,
  The configuration looks fine. What do you see in radius server as the reason for authentication failure?
  Regards,
  Kanwal
  Note: Please mark answers if they are helpful.

• Setting up a Radius server

  I have setup NPS for Radius / Mac authentication to my Meru Wireless controller, I've created user accounts for my mac clients. The request to connect to the wireless controller is setup and the connection is authenticated on the controller, the controller
  then sends the request to the AD Radius server with mac username and password for authentication and it fails. The NPS returns an error that the username and password have a mismatch.

  Hi,
  First please make sure that the username and password are correct. Do not forget to add the domain name after the username. Normally, it should like
  [email protected] or YOURDOMAIN\username.
  Please check if the NPS server has been registered in the domain controller. To verify this, please check if the NPS server has been added into the
  RAS and IAS Servers group in the domain controller.
  If issue persists, please provide the detailed configuration of your Network Policy. It may give some hints.
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Can't authenticate Mac VPN client from RADIUS server

  Hello,
  I'm a real noob here so please bear with me.
  I have been able to configure my PIX 515E to allow VPN connections onto my network, but what I need to do is set up some sort of user authentication to control access at a user level. From what I've read here and in the Configuration Guide I should be able to do this authentication with a RADIUS server. I'm running a Corriente Networks Elektron Security server which has RADIUS server capabilities. It is running on my (inside) interface at IP 192.168.10.26.
  I thought that I had everything configured properly but it never seems to authenticate. I connect, the XAUTH window pops up, I add my username and password as it's configured on my RADIUS server, but when I click OK it just cycles the progress bar at the bottom and eventually times out. The client log doesn't show me anything and the log on the RADIUS server shows me nothing. Any ideas? this seems like it should be simple because I can connect until I attempt to authenticate to the RADIUS server.
  TIA for any direction you can provide me.
  Christine

  If it helps, here is my config with a some of the non-related bits deleted:
  interface ethernet0 auto
  interface ethernet1 auto
  interface ethernet2 auto
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  nameif ethernet2 DMZ security50
  enable password ********* encrypted
  passwd ******* encrypted
  hostname pixfirewall
  domain-name acme.com
  fixup protocol dns maximum-length 512
  fixup protocol ftp 21
  fixup protocol http 80
  fixup protocol http 82
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol skinny 2000
  fixup protocol smtp 25
  access-list inside_outbound_nat0_acl permit ip any 192.168.10.0 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip host 192.168.10.26 192.168.10.192 255.255.255.224
  access-list inside_outbound_nat0_acl permit ip host 192.168.10.69 192.168.10.192 255.255.255.224
  access-list outside_cryptomap_dyn_20 permit ip any 192.168.10.0 255.255.255.0
  access-list outside_cryptomap_dyn_40 permit ip any 192.168.10.192 255.255.255.224
  mtu outside 1500
  mtu inside 1500
  mtu DMZ 1500
  ip address outside 207.XXX.XXX.130 255.255.255.0
  ip address inside 192.168.10.1 255.255.255.0
  ip address DMZ 192.168.100.1 255.255.255.0
  multicast interface inside
  ip audit info action alarm
  ip audit attack action alarm
  ip local pool CBI_VPN_Pool 192.168.10.201-192.168.10.220
  pdm location 192.168.10.50 255.255.255.255 inside
  pdm group CBI_Servers inside
  pdm logging warnings 100
  pdm history enable
  arp timeout 14400
  global (outside) 200 interface
  global (DMZ) 200 interface
  nat (inside) 0 access-list inside_outbound_nat0_acl
  nat (inside) 200 192.168.10.0 255.255.255.0 0 0
  static (inside,outside) 207.XXX.XXX.150 192.168.10.27 netmask 255.255.255.255 0 0
  static (inside,outside) 207.XXX.XXX.132 192.168.10.26 dns netmask 255.255.255.255 0 0
  access-group 100 in interface outside
  route outside 0.0.0.0 0.0.0.0 207.XXX.XXX.129 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  aaa-server radius-authport 1812
  aaa-server radius-acctport 1812
  aaa-server TACACS+ protocol tacacs+
  aaa-server RADIUS protocol radius
  aaa-server RADIUS (inside) host 192.168.10.26 ************* timeout 10
  aaa-server LOCAL protocol local
  http server enable
  http 192.168.10.3 255.255.255.255 inside
  no floodguard enable
  sysopt connection permit-ipsec
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
  crypto dynamic-map outside_dyn_map 40 match address outside_cryptomap_dyn_40
  crypto dynamic-map outside_dyn_map 40 set transform-set ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map client authentication RADIUS
  crypto map outside_map interface outside
  crypto map inside_map interface inside
  isakmp enable outside
  isakmp nat-traversal 3600
  isakmp policy 20 authentication pre-share
  isakmp policy 20 encryption des
  isakmp policy 20 hash md5
  isakmp policy 20 group 2
  isakmp policy 20 lifetime 86400
  vpngroup Test_VPN address-pool CBI_VPN_Pool
  vpngroup Test_VPN dns-server 142.77.2.101 142.77.2.36
  vpngroup Test_VPN default-domain acme.com
  vpngroup Test_VPN idle-time 1800
  vpngroup Test_VPN authentication-server RADIUS
  vpngroup Test_VPN user-authentication
  vpngroup Test_VPN user-idle-timeout 1200
  vpngroup Test_VPN password ********
  ssh timeout 5
  console timeout 0
  dhcpd address 192.168.10.100-192.168.10.254 inside
  dhcpd dns 142.77.2.101 142.77.2.36
  dhcpd lease 3600
  dhcpd ping_timeout 750
  dhcpd auto_config outside
  dhcpd enable inside

• Radius server not returning Filter-id information to access device

  I have set up a Radius server (v. 4.15 16 april 2003) on NW65sp2 server
  and I'm trying to use it to authenticate to a Watchguard Firebox II
  firewall. The authentication functions but apparently the firewall is
  not getting (or not parsing) the Filter-Id information to assign access
  rights via groups. When I login to the firewall with "user1", the
  response is "Authenticationsucceeded, but no access grantedfor user". If
  I define "user1" on the firewall and assign it to an access policy, then
  everything works. But if I define an access group "group1" and assign
  it to an access policy on the firewall and then assign "group1" to the
  eDir Access Profile object that is assigned to "user1", (Filter-Id =
  group1) I get the above authentication succesful, but no access granted.
  Is there a way to identify exactly what information is being sent from
  the Radius server to the access device so I can determine if the problem
  is on the Novell Radius server side or the Watchguard Firewall side?
  I've activated the Radius Debug Log, but that only tells me that it
  finds all the relevant objects in eDirectory and that authentication is
  successfull, but there is no indication that any other information is
  being sent to the access device.
  As I understand it, the filer-id's are supposed to allow a link between
  the eDir user objects and what access rights are allowed on the access
  device (firewall). Essentially this is how I define group memberships on
  the firewall using eDir user. Is this assumption correct?
  The goal of course is to allow access over the firewall without having
  to type in 500 user names on the firewall.
  Any ideas or tips on what I could check or configure differently would
  be helpful. thanks
  bill reading

  thanks for the feedback. I will take a look at the thread you mentioned
  and I'll get back to you with the trace as soon as I can arrange it.
  Scott Kiester wrote:
  > There is a thread titled "RADIUS Group with VASCO Digipass" in this group
  > from November where someone else was trying to use the filter-Id attribute
  > with their firewall. The customer was able to get this attribute to working
  > after tweaking his RADIUS configuration.
  >
  > Your understanding of the filter-Id attribute is correct. Either the RADIUS
  > server is not sending this attribute for some reason, or something on your
  > firewall has been misconfigured. A good starting point would be to take a
  > sniffer trace to see if the filter-Id attribute is in the access-request
  > packet. (You can use Ethereal, which is a free download from
  > www.ethereal.com, for the trace.) Post the trace here or send it to me at
  > [email protected] and I'll take a look at it.
  >
  >
  >>>>bill reading<[email protected]> 12/07/04 8:36 AM >>>
  >
  > I have set up a Radius server (v. 4.15 16 april 2003) on NW65sp2 server
  > and I'm trying to use it to authenticate to a Watchguard Firebox II
  > firewall. The authentication functions but apparently the firewall is
  > not getting (or not parsing) the Filter-Id information to assign access
  > rights via groups. When I login to the firewall with "user1", the
  > response is "Authenticationsucceeded, but no access grantedfor user". If
  > I define "user1" on the firewall and assign it to an access policy, then
  > everything works. But if I define an access group "group1" and assign
  > it to an access policy on the firewall and then assign "group1" to the
  > eDir Access Profile object that is assigned to "user1", (Filter-Id =
  > group1) I get the above authentication succesful, but no access granted.
  > Is there a way to identify exactly what information is being sent from
  > the Radius server to the access device so I can determine if the problem
  > is on the Novell Radius server side or the Watchguard Firewall side?
  > I've activated the Radius Debug Log, but that only tells me that it
  > finds all the relevant objects in eDirectory and that authentication is
  > successfull, but there is no indication that any other information is
  > being sent to the access device.
  >
  > As I understand it, the filer-id's are supposed to allow a link between
  > the eDir user objects and what access rights are allowed on the access
  > device (firewall). Essentially this is how I define group memberships on
  > the firewall using eDir user. Is this assumption correct?
  >
  > The goal of course is to allow access over the firewall without having
  > to type in 500 user names on the firewall.
  >
  > Any ideas or tips on what I could check or configure differently would
  > be helpful. thanks
  >
  > bill reading
  >
  >

• Using RSA RADIUS Server and WLC 7.4 to dynamically asssign users to VLAN

  Hello,
  What we are trying to do:
  John logs on to wifi using RSA fob for password. RSA sends back auth request with attibutes to WLC 7.4 that magically knows how to interpret the attributes and puts John on vlan 10. Mary logs on with her fob and gets put on VLAN 20.
  We dont have ISE. We dont have ACS. We have RSA Authentication Manager 7.0
  We have looked high and low for documentation for this kind of setup and we find stuff that is close to a match but not quite.
  Here is what we are seeing
  1. dynamic vlan assignment is not working -- radius server is set with the attributes
  2. RSA authentication works
  3. John and Mary are always put into the VLAN where the MGMT interface is
  4. I can see that attributes are making it back to the WLC by sniffing
  We are stuck at this point. Any help would be much appreciated,
  P.

  Here is a little more background:
  We have created a dynamic interface in VLAN 157
  Wireless LAN has been assigned to MGMT interface which is on VLAN 35
  This is a VWLC ver 7.4.100
  AP is attached to VWLC (only FlexConnect mode is supported)
  RADIUS Server has been configured
  Users are getting assigned to VLAN 35
  Also I have attached some screenshots and two packet captures so you can see what the RSA is sending back with your own eyes
  I dont see any atttributes in the capture when RSA sends to the VWLC
  I see attributes in the capture when RSA send to my local RADIUS Client (My PC)
  And to answer your question we have sending a VLAN ID (157)

• Bridging a WPA2 Enterprise Radius Server (Lion Server) to Apple TV

  Hello,
  I was wondering if anyone can help me out with this setup that I have with Lion Server. Recently I set up my Airport Extreme to use Radius and bind it to my Lion Server for Authentication. Radius works with most of my devices, except for my ATV2 (which is in a different room from the AIrport Extreme.) As most of you may know, ATV2 doesn't support WPA2 Enterprise networks.
  Ideally what I would like to do is have the Apple TV connect to my wireless network for all of my videos that are shared on a HD connected to my Lion Server. I was thinking about looking for a WPA2 enterprise wireless bridge with an Ethernet port so that I can connect the ATV to the bridge and have the bridge connect to my Airport Extreme. However, here is what I can not figure out. How can I get that bridge to authenticate to the Radius Server on Lion Server? From my understanding the Radius service on the Lion Server uses its own proprietary radius server to where I couldn't get the bridge to cnnect.
  Please let me know your thoughts. If it helps, I have a 1st generation TC that I can place in the other room. However, I couldn't see any functionality in Airport Utility that would allow me to bridge that box to the WPA 2 Enterprise network.

  Hello,
  I was wondering if anyone can help me out with this setup that I have with Lion Server. Recently I set up my Airport Extreme to use Radius and bind it to my Lion Server for Authentication. Radius works with most of my devices, except for my ATV2 (which is in a different room from the AIrport Extreme.) As most of you may know, ATV2 doesn't support WPA2 Enterprise networks.
  Ideally what I would like to do is have the Apple TV connect to my wireless network for all of my videos that are shared on a HD connected to my Lion Server. I was thinking about looking for a WPA2 enterprise wireless bridge with an Ethernet port so that I can connect the ATV to the bridge and have the bridge connect to my Airport Extreme. However, here is what I can not figure out. How can I get that bridge to authenticate to the Radius Server on Lion Server? From my understanding the Radius service on the Lion Server uses its own proprietary radius server to where I couldn't get the bridge to cnnect.
  Please let me know your thoughts. If it helps, I have a 1st generation TC that I can place in the other room. However, I couldn't see any functionality in Airport Utility that would allow me to bridge that box to the WPA 2 Enterprise network.