08-28-2008 08:57 AM - edited 07-03-2021 04:23 PM
I recently purchased a cisco AIR-AP1252AG-A-K9 stand alone wireless access point to serve guest users at a reference area. In trying to get this working, I've used the "debug dot1x all" and "debug eap all" commands, but can't seem to see any info. from the console when I'm attempting wireless connections. I'm spinning my wheels without seeing anything. Suggestions for any other trouble shooting techniques would be appreciated.
08-28-2008 09:28 AM
What does your configuration look like and what encryption if any are you trying to use?
08-28-2008 11:55 AM
The problem was found. I needed to have "authentication key-management wpa version 1" under the "ssid bibliotheca". The following config. connnects my guest users vi wpa ver 1, TKIP and a username and password that is authenticated on my ACS server. Thanks for jumping on this question so quickly. The corrected config. follows:
---------
hostname LegAoem2A
!
enable secret xxx
!
aaa new-model
!
!
aaa group server radius rad_eap
server 10.191.135.4 auth-port 1645 acct-port 1646
!
aaa group server radius rad_acct
server 10.191.135.4 auth-port 1645 acct-port 1646
!
aaa authentication login default group tacacs+ local line
aaa authentication login CONSOLE group tacacs+ local line
aaa authentication login VTY group tacacs+ local line
aaa authentication login AUX group tacacs+ local line
aaa authentication login eap_methods group rad_eap
aaa authentication enable default group tacacs+ enable
aaa authorization exec default local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
aaa session-id common
ip domain name legis.state.wi.us
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.104.1 192.168.104.50
!
ip dhcp pool WIRELESS
network 192.168.104.0 255.255.255.0
domain-name legis.state.wi.us
dns-server 165.x.x.20 165.189.140.21
default-router 192.168.104.10
lease 3
!
!
!
dot11 ssid bibliotheca
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa version 1
accounting acct_methods
guest-mode
!
power inline negotiation prestandard source
!
!
username admin password xxx
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid bibliotheca
!
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid bibliotheca
!
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.104.20 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.104.10
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging 10.191.136.25
tacacs-server host 10.191.135.4
tacacs-server key xxx
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.191.135.4 auth-port 1645 acct-port 1646 key xxx
radius-server retransmit 2
radius-server timeout 20
radius-server deadtime 30
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
password xxx
login authentication CONSOLE
line vty 0 4
password xxx
login authentication VTY
line vty 5 15
password xxx
login authentication VTY
!
sntp server 10.191.34.104 version 2
end
LegAoem2A#
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: