Workgroup Bridge using LEAP

Unanswered Question
Jun 13th, 2008

I am trying to setup an 1131AG (version 12.4.10b-JA) in Workgroup Bridge mode to connect to my wireless network, which is a Light Weight network (WCS version 4.2.81.0 and WLC version 4.2.112.0, the APs are 1131AGs in LWAPP mode). I am using LEAP for authentication. So far I've been pretty unsuccessful. The three popular error messages I seem to get depending on how I fiddle with things are:

%DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: No matching privacy setting (from 001a.307c.0670)

%DOT11-2-UPLINK_FAILED: Uplink to parent failed: Unsupported authentication type

%DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: No Cisco parent

The configuration on the WGB is as follows (using dot11radio0):

-------------------------------------------

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

enable secret xxxxxxxxxx

!

no aaa new-model

!

!

!

dot11 ssid TEST

dot1x credentials LEAP_cred

dot1x eap profile LEAP_prof

!

power inline negotiation prestandard source

eap profile LEAP_prof

method leap

!

!

dot1x credentials LEAP_cred

username isaironet

password xxxxxxxxxxxxxxx

!

username Cisco password xxxxxxxxxxxx

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode wep optional

!

ssid TEST

!

speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role workgroup-bridge

mobile station scan 2412 2437 2462

bridge-group 1

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

dfs band 3 block

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.1.1.1 255.255.255.0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

exec-timeout 60 0

line vty 0 4

login local

!

end

-------------------------------------------

If any body has any ideas of what I'm doing wrong I'd really appreciate a point in the right direction.

Thanks

Ben

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
owillins Thu, 06/19/2008 - 11:20

The reason of the error is connection to the parent access point failed for the displayed reason. The uplink will stop its connection attempts

c.fuller Wed, 01/14/2009 - 13:51

Benjamin, did you ever figure this out? I am dealing with the same problem right now using a 1231 autonomous AP as WGB. I'd actually like to configure it for EAP-FAST as opposed to LEAP, but can't find documentation that covers EAP-FAST. Only EAP-TLS.

Thanks

benjamin.nagle@... Thu, 01/15/2009 - 05:17

Yes, I finally figured it out and it was the dumbest thing. The person before me who had configured our WLANs on the WLC disabled Aironet Extensions in the WLAN profiles. Apparently Cisco WGB can't connect without that being on... can't believe I over looked it, but glad I got it fixed.

The config I posted I believe is actually fine and you might be able to look at it and figure out what you need to modify to get EAP-FAST to work.

c.fuller Fri, 01/16/2009 - 08:24

Thanks Benjamin. Glad you figured it out. When you say Aironet Extensions in the WLAN profile, are you referring to the IE (information element) check box under WLAN->Advanced configuration screen?

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode