Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4478
Views
0
Helpful
4
Replies

WDS Using local Authentication

garn321123
Level 1
Level 1

‎12-06-2009 05:22 PM - edited ‎07-03-2021 06:19 PM

I am attempting to set up a WDS using 1240 series access points as the WDS APs. I believe that I have the set up correctly done, but  1240 series AP that is the infrastructure client say the the RADIUS server is dead that is on the 1240 wds-server, below are the configurations of the 1240 aps:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Current configuration : 2060 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname wds-infrastructure

!

enable secret 5 $1$WAa4$.q5Q8IQOxlW6Ge9X5A9340

!

aaa new-model

!

!

aaa group server radius wds-server

server 192.168.10.1 auth-port 1812 acct-port 1813

!

aaa authentication login wds-server group wds-server

!

aaa session-id common

!

!

!

dot11 ssid infrastructure

authentication open eap wds

authentication network-eap wds

authentication key-management cckm

!

power inline negotiation prestandard source

eap profile wds

method fast

method leap

!

!

!

username Cisco password 7 01300F175804

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm

!

ssid infrastructure

!

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

dfs band 3 block

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.10.2 255.255.255.0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

radius-server host 192.168.10.1 auth-port 1812 acct-port 1813 key 7 0214055F02131C

bridge 1 route ip

!

!

wlccp ap username user password 7 13151601181B0B382F

wlccp authentication-server infrastructure wds-server

wlccp wds priority 100 interface BVI1

!

line con 0

line vty 0 4

!

end

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Current configuration : 2241 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname wds-server

!

enable secret 5 $1$WAa4$.q5Q8IQOxlW6Ge9X5A9340

!

aaa new-model

!

!

aaa group server radius wds-server

server 192.168.10.1 auth-port 1812 acct-port 1813

!

aaa authentication login wds-server group wds-server

!

aaa session-id common

!

!

!

dot11 ssid infrastructure

authentication open eap wds

authentication network-eap wds

authentication key-management cckm

!

power inline negotiation prestandard source

eap profile wds

method fast

method leap

!

!

!

username Cisco password 7 106D000A0618

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm

!

ssid infrastructure

!

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

dfs band 3 block

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.10.1 255.255.255.0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

radius-server local

nas 192.168.10.1 key 7 08334D4A000C16

nas 192.168.10.2 key 7 111B18011E0718

user user nthash 7 0403535259071B6B283C204F34295D557D0A0078651706375F455323010C000577

!

radius-server host 192.168.10.1 auth-port 1812 acct-port 1813 key 7 0214055F02131C

bridge 1 route ip

!

!

wlccp ap username user password 7 13151601181B0B382F

wlccp authentication-server infrastructure wds-server

wlccp wds priority 200 interface BVI1

!

line con 0

line vty 0 4

!

end

here are some output from the devices:

wds-infrastructure

*Mar 1 00:11:45.325: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.10.1:1812,1813 is not responding.

*Mar 1 00:11:45.325: %RADIUS-4-RADIUS_ALIVE: RADIUS server 192.168.10.1:1812,1813 has returned.

wds-infrastructure

command: debug wlccp wds all

*Mar 1 00:13:51.468: WDS: WLCCP_TYPE_AAA (START) rcvd, Org = 0023.5e02.8318, Rsp = 0023.5e02.8318, Req 0023.5e02.8318, id 1

auth 4 key 0

*Mar 1 00:13:51.468: WDS: WLCCP_TYPE_AAA (EAPOL) sent with Source IP = 192.168.10.2, Org = 0023.5e02.8318, Rsp = 0023.5e02.8

318, Req 0023.5e02.8318, auth 4, key 0

*Mar 1 00:13:51.469: WDS: WLCCP_TYPE_AAA (START) rcvd, Org = 0023.5e02.8318, Rsp = 0023.5e02.8318, Req 0023.5e02.8318, id 1

auth 4 key 0

*Mar 1 00:13:51.470: WDS: WLCCP_TYPE_AAA (EAP Request) rcvd, Org = 0023.5e02.8318, Rsp = 0023.5e02.8318, Req 0023.5e02.8318,

id 2 auth 0 key 0

*Mar 1 00:13:51.470: WDS: WLCCP_TYPE_AAA (EAP Request) rcvd, Org = 0023.5e02.8318, Rsp = 0023.5e02.8318, Req 0023.5e02.8318,

id 2 auth 0 key 0

*Mar 1 00:14:22.640: WDS: WLCCP_TYPE_AAA (EAPOL) sent with Source IP = 192.168.10.2, Org = 0023.5e02.8318, Rsp = 0023.5e02.8

318, Req 0023.5e02.8318, auth 4, key 0

*Mar 1 00:14:22.640: WDS: DOT11_AAA_FAILURE ...

*Mar 1 00:14:22.640: WDS: WLCCP_TYPE_AAA (FINISH) sent with Source IP = 192.168.10.2, Org = 0023.5e02.8318, Rsp = 0023.5e02.

8318, Req 0023.5e02.8318, auth 4, key 0

*Mar 1 00:14:22.640: WDS: DOT11_AAA_FAILURE ...

wds-infrastructure#show wlccp ap

WDS = 0023.5e02.8318, 192.168.10.2

state = wlccp_ap_st_init

IN Authenticator = 192.168.10.2

It looks like the client device is only attempting to talk to itself, or the WDS server is making no attempt to respond to the infrastructure ap. A constraints for this project are that there cannot be a stand alone RADIUS server.Any help would be greatly appreaciated.

 

Labels:
0 Helpful
4 Replies 4

m.gajsek
Level 1
Level 1

‎12-07-2009 07:27 AM

hello,

please check the "show wlccp ap" on the wds-server first.

I missing the comand " ip radius source-interface BVI1 "

miro

0 Helpful

garn321123
Level 1
Level 1
In response to m.gajsek

‎01-13-2010 12:01 PM

Sorry for the extremely late response but here is the ouput you requested:

wds-server#show wlccp ap
WDS = 0023.5e02.ac80, 192.168.10.1     
state = wlccp_ap_st_registered
IN Authenticator = 192.168.10.1    
MN Authenticator = 192.168.10.1

wds-infrastructure#show wlccp ap
WDS not discovered

Also I have added:

ip radius source-interface to both the server and the infrastructure device

0 Helpful

v.matiakis
Level 1
Level 1
In response to garn321123

‎07-02-2010 12:14 AM

Hi there,

I am just trying to configure the same topology. So did it work???

0 Helpful

Vinay Sharma
Level 7
Level 7
In response to garn321123

‎05-29-2011 07:50 AM

Hi,

Please mark the Question as Answered if the provided information is correct and issue is fixed.

thanks,
Vinay

Thanks & Regards
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card