WPA with ACS 4.2 not working

Unanswered Question
Nov 4th, 2008
User Badges:

I currently have 70+ AP in system, no controller and use no encryption. I want to move towards WPA or peap with the ACS as my AAA and I use microsoft AD and LDAP for user authenication. For test purposes I am using a self sign cert in the ACS. I have tha APs configured for open auth EAP, TKIP, Network EAP, keymanagement mandentory and WPA.


I have the dell wireless client set up for WPA-enterprise, PEAP and MS-Chap v2.


I constant recive the following error in the ACS External DB reports about an error condition and after several attempts Authen session timed out: Challenge not provided by client.


Scratching my head, and a little dazed and confused.


Can someone tell me what I am missing, or messed up. I have been working on this for 8 days.


Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
michael.m.williams Wed, 11/05/2008 - 10:01
User Badges:

Thank for the doc, but i still couldn't get it to work here is a copy of the debug dot11 aa authenicator all.


i keep getting a authentication fail


I ran a

ITSTESTAP#test aaa group radius mike xxxxxxx legacy


Attempting authentication test to server-group radius using radius

User was successfully authenticated.


And it works. I configed Ap to use WEP open authenication, but still get a fail


Mike



Attachment: 
Scott Fella Wed, 11/05/2008 - 12:02
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

What do you mean you configured the AP for WEP and it failed? You mean that you setup WEP encryption on that AP and a user configured for WEP failed?

michael.m.williams Wed, 11/05/2008 - 13:23
User Badges:

Sorry,


I used the Doc you sent me and started over from stracth in my AP config So I configed it for WEP encrption (open EAP, network EAP, wep key mandantory encryption key 2 (no key).


I then configed my client for peap ms-chap-2 and try to authenicate to LDAp and it failed.


After creating local user I can authicate. Getting closer.


But i can't auhtenicate with LDAP or AD account. When I do a test aaa group radius domain\username password legacy it gives me user succeffully authenicated. Any ideas?


Mike

Scott Fella Wed, 11/05/2008 - 13:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Well your radius server is the one passign the credentials... what shows up in the radius logs.


Your encryption is WPA2/AES PEAP/MSChapv2 correct?

michael.m.williams Wed, 11/05/2008 - 14:11
User Badges:

In the ACS under the failed atempts report tab I have "authenication type not support by external db"

michael.m.williams Thu, 11/06/2008 - 06:52
User Badges:

I have a remote agent installed on one of my domain machine and configured generic LDAP and also windows dats as my external databases, I want to use WPA as my encryption. What changes ti I need make or can i make then to use the two external database and no client cert to make this work?


mike

Actions

This Discussion

 

 

Trending Topics - Security & Network