wpa peap radius problem

Unanswered Question
Jul 6th, 2007
User Badges:

Hi,


i try to setup wpa with peap user auth with a 1130 AP and cisco secure acs 4.2 server.


auth keeps failing and I even don't see failes attempts in my acs server. The AP is in the AAA section of the ACS and the have the same shared secret.


The ACS server is working corectly because I use it the authenticate users to log in the the routers


I enabled all possible authentication methods but no luck.


I use the windows xp suplicant and even tried with funk software.


in the dot11 authenticator debug i can't see any radius lines see attached file


can anybody help me out ?



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Sat, 07/07/2007 - 12:04
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Does your AP have connectivity to the Radius server ?


Are you seeing absolutley nothing in your ACS failed attempts log ?


Could you post config of your AP ?


Jon

lhewlett Sun, 07/08/2007 - 21:08
User Badges:

Is this Aironet or LWAPP?


In aironet, there is a way to test authentication via the access points..."test aaa radius " or something like that...sorry I forget since I converted to LWAPP..


Also, make sure the DB (LDAP/AD,etc..) is configured and mapped correctly in ACS but you should see something like "NAS errors" or DB errors in ACS if the access points were somewhat communicating with ACS..


Post the configs if you can...

be04376 Mon, 07/09/2007 - 23:12
User Badges:

Hi,


This was aironet lwap


I've found the solution. The ACS server was dual homed on 2 networks, and the return radius pakket had a diffrent ip address as the request, so the AP didn't acceppted this packet.


Now i can auth to users in the acs database, but not to users in the ldap database. authentication type not supported by external db error

Actions

This Discussion

 

 

Trending Topics - Security & Network