#Setup Basic AAA
radius server
address ipv4 X.X.X.X auth-port 1812 acct-port 1813
key
aaa group server radius rad_ACS5
server name
#Note, make sure it doesn't spit back a message, otherwise you have something named wrong.
aaa authentication login eap_method_acs group rad_ACS5
#Setup Management Interface
interface BVI1
ip address X.X.X.X Y.Y.Y.Y
no shut
ip default-gateway z.z.z.z
ip route 0.0.0.0 0.0.0.0 z.z.z.z
#Setup SSID
dot11 ssid
vlan
authentication open eap eap_method_acs
authentication key-management wpa version 2
mbssid guest-mode
#Do for each vlan. If vlans are higher than allowed bridge-group, put a unique bridge-group id for each vlan
int gi 0.
encapsulation dot1q
bridge-group
int dot11 0.
encapsulation dot1q
bridge-group
int dot11 1.
encapsulation dot1q
bridge-group
#setup dot11 interfaces
interface dot11radio X
mbssid
#For Each Vlan you will override to do the following
encryption vlan mode ciphers aes-ccm
ssid
no shut
Setup ACS (or other radius server to return Radius Attribute: 64,65,81 for the appropriate VLAN.
