06-18-2008 07:37 AM - edited 07-03-2021 04:02 PM
Hi guys,
I have 7921s with firmware 1.1.1, connecting to 1000 series LAP and 4402 controller running 4.2.99.
DHCP server is behind the controller on a 3560.
Call manager is 5.1.
When I configure my WLAN for 802.1X (I am using EAP-FAST), my authentication is successful.
As soon as I add WAP or WPA2 encryption, my phone is stuck to configuring IP (so authentication is successful).
I am obviously missing something obvious, but what? Any clue?
Thanks
Jerome
06-18-2008 10:35 AM
There was an issue (CSCso73067), which shows it was fixed in 4.2.118.0. 4.2.130.0 is posted on CCO now, so would give that one a try. Also the AP1000 series is not a recommended platform for voice deployments, but rather the 1130,1240 or 1250. So if you have one of those ap types, would try that as well.
06-18-2008 11:38 AM
Very interesting, I'll give a try on a 1242 to compare and check on a 4.2.130 code.
It's a lab environment, so the AP type doesn't really matter.
Can someone confirm that a 7921 CAN do WPA/WPA2 with 802.1X? I saw posts stating that WPA/WPA2 were supported with PSK, and that 802.1X could only do dynamic WEP, but this was for firmware 1.0.5... didn't see anything contradicting that in the later release notes...
Thanks!
jerome
06-18-2008 01:02 PM
Yes WPA1(TKIP) + CCKM is the preferred method. Were some issues prior to 4.2 with AP1000 using U-APSD for power save though, which is enabled when WMM is enabled.
See the 7921G Deployment Guide @ http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7921g/6_0/english/deployment/guide/7921dply.pdf.
06-20-2008 12:28 AM
Morning All.. I have exactly the same issue...
7921's running 1.1.1
WiSM (upgraded to see below)
EAP-FAST, WPA1 and TKIP
1000 series AP's (the majority anyway, also some 1131's and 1242's)
so last night I upgraded my controller version to 4.2.130.0 and this morning the issue is still present. Any other ideas?
Also, what are the issues with using 1000 series AP's and voice (other than it doesn't appear to work reliably!) is someone out there prepared to say it is technically not possible??
thanks in anticipation
Michael
06-20-2008 12:51 AM
Same problem here Michael. I tried yesterday to upgrade a controller to 4.2.130, using one AP 1030 and another AP 1242, EAP-FAST, WPA/WPA2, TKIP or AES, and the phone still stays stuck in configuring IP.
When configuring static IP, it stays stuck in "Opening X.X.X.X" where X.X.X.X is my Call Manager IP address. So the bug mentionned before wasn't corrected, or I am still missing something.
Does anyone use the 7921s with 802.1X (any flavor) and WAP/WPA2? Just curious.
Thanks
Jerome
06-20-2008 03:55 PM
Yes would say most customers are using WPA + CCKM with EAP-FAST.
For AP1000 support, yes is a supported AP platform, but were some issues in regards to U-APSD (power save) on that platform which was fixed in 4.2.
06-25-2008 08:33 AM
I have a 7921 (1.1.1 firmware) working with PEAP and WPA2.
Do you dot11 arp-cache set on the AP? I had an issue where is dot11 arp-cache was on the phone (when set for DHCP) would stick at "configuring IP".
I later found that I could enable dot11 arp-cache but I needed to have DTIM beacon rate either not set or set low. I have a TAC case open on this one.
07-29-2008 07:17 AM
It might be useful to others, I found out what was wrong in my case... WMM.
My config is a 4402 controller running 4.1.191-24M, behind which an ACS 4.2 is running, 7921 phones run 1.1.1.
When an SSID is configured for 802.1X (tried LEAP, EAP-FAST and PEAP with the same result), the WLAN can have most of the QOS profiles, and WMM can be allowed or not.
When moving on to WPA-WPA2, same authentication, the phone stays stuck on configuring IP or opening the CCM if using a static IP... until on the QOS tab, WMM is set to disabled. Immediately, everything works fine.
Weird, but good to know.
Thanks everyone for your help on this one
Jerome
07-29-2008 09:42 AM
I had noticed the same behavior with WMM. However, I was able to get it to work with WMM. Under the SSID do you have a Multiple BSSID Beacon rate set? Mine would work if the rate was left at the default (1 or 2 I think) but not work if higher than that.
Also check you Arp Caching setting.
08-17-2008 11:02 PM
I have WPA-WPA2, same authentication you mentioned, WMM is set to allowed and everything works fine..
08-25-2008 04:16 PM
As I mentioned, there are issues with U-APSD on the AP1000 platform in WLC versions earlier than 4.2. AP1000 is not supported in versions after 4.2 though. So would advise you to upgrade as disabling WMM is not really a recommended long-term solution for voice deployments. If you disable WMM, it will use PS-POLL, which is still power save so not such a big hit on 7921 battery life, but there is more management overhead and of course no QoS.
08-19-2008 11:40 PM
Hi all, I have the same problem on 871W + 7921G.
When I try to use 801.1X (PEAP)+IAS+WPA2 - the phone can`t take an IP from internal DHCP on 871W. Wnen I change WPA2 to WEP 40 or 128 bit, the phone takes an IP from internal DHCP. I try to disable WMM on 871W - it doesn`t help.
08-25-2008 04:19 PM
Not really the same issue as the rest of this thread in regards to the 871 wireless 802.11b/g router. This does not support U-APSD, but does support PS-POLL.
The 7921 wireless phone is not a fully supported on the wireless router platforms (i.e. multicast with power save clients), but not aware of any issues with WPA2/AES on that platform. If you use PEAP+WPA(TKIP), does it work? When you say you use WEP, does that mean you are still doing 802.1x or static WEP?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: