Beginner stuff

david.wolover · ‎08-28-2008

I recently purchased a cisco AIR-AP1252AG-A-K9 stand alone wireless access point to serve guest users at a reference area. In trying to get this working, I've used the "debug dot1x all" and "debug eap all" commands, but can't seem to see any info. from the console when I'm attempting wireless connections. I'm spinning my wheels without seeing anything. Suggestions for any other trouble shooting techniques would be appreciated.

Scott Fella · ‎08-28-2008

What does your configuration look like and what encryption if any are you trying to use?

-Scott
*** Please rate helpful posts ***

david.wolover · ‎08-28-2008

The problem was found. I needed to have "authentication key-management wpa version 1" under the "ssid bibliotheca". The following config. connnects my guest users vi wpa ver 1, TKIP and a username and password that is authenticated on my ACS server. Thanks for jumping on this question so quickly. The corrected config. follows:

---------

hostname LegAoem2A

!

enable secret xxx

!

aaa new-model

!

aaa group server radius rad_eap

server 10.191.135.4 auth-port 1645 acct-port 1646

!

aaa group server radius rad_acct

server 10.191.135.4 auth-port 1645 acct-port 1646

!

aaa authentication login default group tacacs+ local line

aaa authentication login CONSOLE group tacacs+ local line

aaa authentication login VTY group tacacs+ local line

aaa authentication login AUX group tacacs+ local line

aaa authentication login eap_methods group rad_eap

aaa authentication enable default group tacacs+ enable

aaa authorization exec default local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

!

aaa session-id common

ip domain name legis.state.wi.us

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.104.1 192.168.104.50

!

ip dhcp pool WIRELESS

network 192.168.104.0 255.255.255.0

domain-name legis.state.wi.us

dns-server 165.x.x.20 165.189.140.21

default-router 192.168.104.10

lease 3

!

dot11 ssid bibliotheca

authentication open eap eap_methods

authentication network-eap eap_methods

authentication key-management wpa version 1

accounting acct_methods

guest-mode

!

power inline negotiation prestandard source

!

username admin password xxx

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

ssid bibliotheca

!

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

ssid bibliotheca

!

dfs band 3 block

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.104.20 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.104.10

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

logging 10.191.136.25

tacacs-server host 10.191.135.4

tacacs-server key xxx

radius-server attribute 32 include-in-access-req format %h

radius-server host 10.191.135.4 auth-port 1645 acct-port 1646 key xxx

radius-server retransmit 2

radius-server timeout 20

radius-server deadtime 30

radius-server vsa send accounting

bridge 1 route ip

!

line con 0

password xxx

login authentication CONSOLE

line vty 0 4

password xxx

login authentication VTY

line vty 5 15

password xxx

login authentication VTY

!

sntp server 10.191.34.104 version 2

end

LegAoem2A#