07-07-2008 10:58 AM - edited 07-03-2021 04:07 PM
I have a 4404 controller with a Microsoft IAS server running radius. I can connect to the WLAN when I have no encryption. When I turn on WPA2 with AES and try to connect it fails. I ran the debug dot1x events enable and here is the output. There is one line that states AAA Error no Server.
Mon Jul 7 18:29:58 2008: 00:13:02:14:c7:b3 Sending EAP-Request/Identity to mobile 00:13:02:14:c7:b3 (EAP Id 1)
Mon Jul 7 18:29:59 2008: 00:13:02:14:c7:b3 Received EAPOL EAPPKT from mobile 00:13:02:14:c7:b3
Mon Jul 7 18:29:59 2008: 00:13:02:14:c7:b3 Received Identity Response (count=1) from mobile 00:13:02:14:c7:b3
Mon Jul 7 18:29:59 2008: 00:13:02:14:c7:b3 Processing AAA Error 'No Server' (-7) for mobile 00:13:02:14:c7:b3
Mon Jul 7 18:29:59 2008: 00:13:02:14:c7:b3 Processing RSN IE type 48, length 22 for mobile 00:13:02:14:c7:b3
Mon Jul 7 18:29:59 2008: 00:13:02:14:c7:b3 Received RSN IE with 0 PMKIDs from mobile 00:13:02:14:c7:b3
Mon Jul 7 18:29:59 2008: 00:13:02:14:c7:b3 Station 00:13:02:14:c7:b3 setting dot1x reauth timeout = 0
Mon Jul 7 18:29:59 2008: 00:13:02:14:c7:b3 Stopping reauth timeout for 00:13:02:14:c7:b3
I can ping the server from the 4404, have re-entered the shared secret several times. I even deleted and re-added the radius information with no luck.
Does anyone have any ideas?
Seth
07-07-2008 06:46 PM
Send a 'show wlan summary' and a 'show wlan
07-07-2008 07:24 PM
Take a look at the event viewer in the IAS box to see if it even receiving anything from the WLC. Also you have the IAS set to Radius Standard when you created the Radius Client?
07-14-2008 06:39 AM
Here are outputs
show>wlan summary
Number of WLANs.................................. 2
WLAN ID WLAN Profile Name / SSID Status Interface Name
------- ------------------------------------- -------- --------------------
1 EOC / EOC Enabled management
2 Guest / EOCGuest Enabled guest
Here is the output from the show wlan 1 command:
(Cisco Controller) show>wlan 1
WLAN Identifier.................................. 1
Profile Name..................................... EOC
Network Name (SSID).............................. EOC
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. Infinity
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Quality of Service............................... Silver (best effort)
WMM.............................................. Allowed
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
--More-- or (q)uit
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 172.23.4.4 1812
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
--More-- or (q)uit
CCKM.................................... Disabled
CKIP ......................................... Disabled
IP Security................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
Cranite Passthru.............................. Disabled
Fortress Passthru............................. Disabled
H-REAP Local Switching........................ Disabled
Infrastructure MFP protection................. Enabled (Global Infrastructure MFP Disabled)
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Mobility Anchor List
WLAN ID IP Address Status
------- --------------- ------
07-14-2008 05:48 PM
This wlan looks like it is setup correcdtly for 802.1x and wpa2/AES. What errors do you see in the IAS server event viewer.
07-15-2008 12:30 PM
Nothing is showing up in the event viewever. Can anyone direct me to a guide on setting up IAS 2003 to work with the WLC?
Thanx
07-18-2008 07:56 AM
This is the guide we used for configuring IAS.
You should atleast see the WLC hitting the IAS server in the IAS server logs. Are you looking in the IAS logs or just the system event viewer?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide