Wireless scanners on Lightweight AP's

Answered Question
Nov 27th, 2008

Hi,

I am installing a WLC and LWAPPs to replace heavyweight Cisco 1121 AP's. I have deployed the WLC and LWAPP's in the same subnet as the Original 1121's. I have replicated the 1121 settings on the controller.

The scanners associate with the SSID and pass authentication on the ACS server. However the linktest fails from the WLC the scanners can't ping theit servers either. However the WLC can ping the scanner's server.

It works fine when I bring the scanners back to a location with the heavyweight 1121's.

I have this problem too.
0 votes
Correct Answer by CFayNTAdmin83 about 8 years 1 week ago

Just out of curiousity, are you using Symbol / Motorola scanners? There was an EAP setting on the WLC that needed to be set in order to get my handhelds to play nice with 802.1X. Check to see if this setting is in place on the WLC...

key index = 3, not 0

To check, run this...

show advanced eap

Check the key index value. If it is zero, please try setting it to three.

config advanced eap key-index 3

Also, if this is indeed Motorola equipment, I recommend that you have the latest OS update (wireless Fusion drivers) installed...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
gamccall Thu, 11/27/2008 - 06:22

The first step I usually take when trying to troubleshoot connectivity for nontraditional clients is to associate my laptop to the same SSID and see if I can replicate the problem- if I can, then figuring it is usually a lot easier from my laptop.

The first obvious questions to ask in this scenario are, do your clients get DHCP addresses, and can they ping their gateway?

eoinwhite Thu, 11/27/2008 - 07:01

Hi,

So the scanners are statically addressed and cant even ping their default gateway. (Remeber they can if I bring them to an area where the old 1121's are) The Layer 3 interface-default gateway is on a PIX.

The scanners use a "wavelink" application to and communicate with an "avalanche" server The current setup uses 802.1x with WEP encryption.

The scanner has a configuration simular to this ... http://ja.pastebin.ca/raw/34326.

How could I test it on my laptop ?

eoinwhite Fri, 11/28/2008 - 04:01

So I tested this on my laptop and it works fine.

What I did was I created a second SSID (on the same VLAN as the Scanners) but this time used just a WPA key to authenticate.

The only difference between the 2 SSID's is the SSID for the scanners uses 802.1x with WEP encryption and the SSID for the laptop uses a WPA key.

When I check the Controller I can see the scanner associated and authenticated and when i check the ACS I can see the scanner has passed authentication. Yet the scanner cant ping anything.

On the heavyweight AP's on the same VLAN the scanner works fine ???

I am confused.

Correct Answer
CFayNTAdmin83 Mon, 12/01/2008 - 12:40

Just out of curiousity, are you using Symbol / Motorola scanners? There was an EAP setting on the WLC that needed to be set in order to get my handhelds to play nice with 802.1X. Check to see if this setting is in place on the WLC...

key index = 3, not 0

To check, run this...

show advanced eap

Check the key index value. If it is zero, please try setting it to three.

config advanced eap key-index 3

Also, if this is indeed Motorola equipment, I recommend that you have the latest OS update (wireless Fusion drivers) installed...

gamccall Wed, 12/03/2008 - 07:02

Good tip. Will standard Windows still connect using the modified key index value?

CFayNTAdmin83 Thu, 12/04/2008 - 08:01

Hi I just wanted to note on the other question that was asked. Yes, with the eap index set to 3, you can still have phones, laptops, scanners, etc. connect without problems. I have multiple site locations with this config (key-index 3) and they run without any authentication issues...

Jason Aarons Tue, 12/02/2008 - 19:10

The same thing fixed my Symbol handhelds, I could assoicate but not ping anything.

config advanced eap key-index 3

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode