The phones and the laptops are both using LEAP. I have not actually tried uploading another configuration because this one was working fine last week. I will check another AP config and see what is different and then upload it if there is any differences. Thanks.

A good configuration made no difference. The 7920s will not authenticate through the AP when it is part of a WDS. They do fine when it is a standalone.

Can we see the "Show tech" of your main WDS AP, problem AP and working AP?

I would be happy to send a show tech. There will be a total of about 70 pages. What is the best way to get it to you?

You can attach only the configuration of 3 AP's and also mention the IOS version running on them.

Basant

Purchasing/IS - phones work ok through this

Product/Model Number: AIR-AP1220-IOS-UPGRD

Top Assembly Serial Number:

System Software Filename: c1200-k9w7-tar.123- 4.JA

System Software Version: 12.3(4)JA

Bootloader Version: 12.2(8)JA

ISShop - phones don't work through this

Product/Model Number: AIR-AP1120B-A-K9

Top Assembly Serial Number: FHK0806V1C5

System Software Filename: c1100-k9w7-tar.123- 8.JA2

System Software Version: 12.3(8)JA2

Bootloader Version: 12.2(8)JA

Doorscenter - Master WDS

Product/Model Number: AIR-AP1120B-A-K9

Top Assembly Serial Number: FHK0806V1C6

System Software Filename: c1100-k9w7-tar.123- 8.JA2

System Software Version: 12.3(8)JA2

Bootloader Version: 12.2(8)JA

VLAN 1 and VLAN 2 part of the configuration on the working and the not working AP I concentrated on looks OK to me.

Pls let me know, when you enter the WDS username and pwd in the "not working" AP, does it shows status as "registered" on the WDS status page of the main WDS AP?

If it shows "registered" then try to associate a 7920 phone to it and check its status in the WDS status page of the main WDS AP.

Does it shows "registered" or "association processing"?

The non-working AP does register with the WDS. There are laptops that can and do work through that AP when it is part of the WDS network. Just the 7920s don't. The 7920s are part of vlan 2. The laptops are part of vlan 1.

So for the DoorsCenter AP, this is configured as the highest priority WDS server (255). Can see you don't have a AAA group configured for clients to use, so it will fail. Not sure how other clients using EAP are working, so assume they are not.

If using f185560as3 or intermec SSID, then will not use WDS for authentication as they are open authentication SSIDs.

wlccp authentication-server infrastructure method_infrastructure

wlccp wds priority 255 interface BVI1

!

wlccp ap username doorscenter password xxx

On the ISSHOP AP, you have the following which would be correct, but other SSIDs using EAP wouldn't be able to authenticate if the Ap is registered to this WDS server.

Below can see the voice SSID is allowed though.

wlccp authentication-server infrastructure method_infrastructure

wlccp authentication-server client mac method_client

ssid v165ar39x0

wlccp authentication-server client eap method_client

ssid v165ar39x0

wlccp authentication-server client leap method_client

ssid v165ar39x0

wlccp wds priority 250 interface BVI1

So you nee dto add the following to the Doorscenter AP WDS config.

aaa group server radius client

server 172.30.8.190 auth-port 1812 acct-port 1813

!

aaa authentication login method_client group client

!

wlccp authentication-server client eap method_client

Also not recommended to mix match versions in the same WLAN.

Also for 7920, 3.0 or later supports EAP-FAST, which the 7920 gives precedence to in default Auto EAP mode. Can set to LEAP manually though. Will want to ensure dot11 holdoff time is not a long time if EAP-FAST is not enabled.

Also to do WPA, ensure the phone is set for AKM or set to EAP to do 802.1x + WEP128.

Thanks. I have made the changes in the WDS and the 7920s appear to be registering correctly. I will keep an eye on it.

Glad I could help.