7920 and 1100 Series Access Points

Unanswered Question

I started having an issue last week. I have numerous 1100 series Access Points in our network. We have laptops that authenticate through one vlan (1) and wireless IP phones (7920s) that authenticate through another vlan (2). I have a WDS system configured with oen master and 7 backups. Everything was working fine until last week. Now the AP where the 7920s authenticate is now giving an authentication failure message. The 7920 will authenticate with others APs with no problem. They will also authenticate with the questionable AP if I take it out of the WDS network. Laptops have no problem authenticating with the questionable AP. I have upgraded the fireware and cannot see any problems. Any ideas? Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
csannedhi Mon, 02/12/2007 - 13:23

What authentication method are you using on the 7920 phones compared to wireless laptops? What happens if you use laptop authentication schme on the phones also?

Have you tried to upload successful AP configuration to the failed AP?

basyadav Tue, 02/13/2007 - 15:39

Can we see the "Show tech" of your main WDS AP, problem AP and working AP?

basyadav Wed, 02/14/2007 - 08:52

You can attach only the configuration of 3 AP's and also mention the IOS version running on them.

Basant

Purchasing/IS - phones work ok through this

Product/Model Number: AIR-AP1220-IOS-UPGRD

Top Assembly Serial Number:

System Software Filename: c1200-k9w7-tar.123- 4.JA

System Software Version: 12.3(4)JA

Bootloader Version: 12.2(8)JA

ISShop - phones don't work through this

Product/Model Number: AIR-AP1120B-A-K9

Top Assembly Serial Number: FHK0806V1C5

System Software Filename: c1100-k9w7-tar.123- 8.JA2

System Software Version: 12.3(8)JA2

Bootloader Version: 12.2(8)JA

Doorscenter - Master WDS

Product/Model Number: AIR-AP1120B-A-K9

Top Assembly Serial Number: FHK0806V1C6

System Software Filename: c1100-k9w7-tar.123- 8.JA2

System Software Version: 12.3(8)JA2

Bootloader Version: 12.2(8)JA

Attachment: 
basyadav Thu, 02/15/2007 - 13:15

VLAN 1 and VLAN 2 part of the configuration on the working and the not working AP I concentrated on looks OK to me.

Pls let me know, when you enter the WDS username and pwd in the "not working" AP, does it shows status as "registered" on the WDS status page of the main WDS AP?

If it shows "registered" then try to associate a 7920 phone to it and check its status in the WDS status page of the main WDS AP.

Does it shows "registered" or "association processing"?

migilles Thu, 02/15/2007 - 15:47

So for the DoorsCenter AP, this is configured as the highest priority WDS server (255). Can see you don't have a AAA group configured for clients to use, so it will fail. Not sure how other clients using EAP are working, so assume they are not.

If using f185560as3 or intermec SSID, then will not use WDS for authentication as they are open authentication SSIDs.

wlccp authentication-server infrastructure method_infrastructure

wlccp wds priority 255 interface BVI1

!

wlccp ap username doorscenter password xxx

On the ISSHOP AP, you have the following which would be correct, but other SSIDs using EAP wouldn't be able to authenticate if the Ap is registered to this WDS server.

Below can see the voice SSID is allowed though.

wlccp authentication-server infrastructure method_infrastructure

wlccp authentication-server client mac method_client

ssid v165ar39x0

wlccp authentication-server client eap method_client

ssid v165ar39x0

wlccp authentication-server client leap method_client

ssid v165ar39x0

wlccp wds priority 250 interface BVI1

So you nee dto add the following to the Doorscenter AP WDS config.

aaa group server radius client

server 172.30.8.190 auth-port 1812 acct-port 1813

!

aaa authentication login method_client group client

!

wlccp authentication-server client eap method_client

Also not recommended to mix match versions in the same WLAN.

Also for 7920, 3.0 or later supports EAP-FAST, which the 7920 gives precedence to in default Auto EAP mode. Can set to LEAP manually though. Will want to ensure dot11 holdoff time is not a long time if EAP-FAST is not enabled.

Also to do WPA, ensure the phone is set for AKM or set to EAP to do 802.1x + WEP128.

Actions

This Discussion