Client authenticate,but cannot get an IP

Unanswered Question
Feb 7th, 2010

Hi Pros,

              I have a 871w configure, the clients are able to authenticate, but cannot get an IP address from the DATA_VLAN. There is the message displays:

SSID[DOT11 SSID VPN-SPARE-TEST] : DISABLE, not associate with a configured vlan.There is configuration below.

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname VPN-spare-test
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$CK7J$6iuL6UJlAWBCuJI0pgdKx1
!
aaa new-model
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-740471620
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-740471620
revocation-check none
rsakeypair TP-self-signed-740471620
!
!
crypto pki certificate chain TP-self-signed-740471620
certificate self-signed 01
  30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 37343034 37313632 30301E17 0D303230 33303230 33303331
  305A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3734 30343731
  36323030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  B5542D25 4952FC94 90E5A22B 5B3967EC 2040AF90 A8B86ED8 8F19C169 6546B2C0
  A440F7E0 8032050D 41124FC0 181273C7 D4D1320A 22604D86 93358E76 6A8C6C3D
  EF30AA1C 443EC56A 25F6ECFC 8BA5749D C80BC254 CABA41CD 617F82F3 2166910A
  43BED725 44EA6C97 E03F79F3 967864B6 B4E4AF00 F173A7F8 400A5897 52805A7D
  02030100 01A36E30 6C300F06 03551D13 0101FF04 05300301 01FF3019 0603551D
  11041230 10820E56 504E2D73 70617265 2D746573 74301F06 03551D23 04183016
  80144EA4 15B3E4A6 5F96C56F 4537CE2A 45DD1857 A768301D 0603551D 0E041604
  144EA415 B3E4A65F 96C56F45 37CE2A45 DD1857A7 68300D06 092A8648 86F70D01
  01040500 03818100 5CF9AC8C 72CD7E0A 828AA2B3 9907314D B09D67FF 7E80776F
  792C9C50 DA70EB2C 702B42B8 76F6CCC3 EA1C5CF5 92A057F0 6FDB5B4A 09232350
  BA6612BC F26EFC05 8EDADC33 1F583E42 92018070 1AFEAA70 0E603259 D39E13FA
  AA324125 5A544657 D332D738 56FA89EF F01DA068 F0DC7ACA A36315AC 67B9AF44
  F641CFA0 6C473291
   quit
dot11 syslog
!
dot11 ssid VPN-SPARE-TEST
vlan 1
max-associations 5
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 105819174804020A1E01673F213B27647242
!
dot11 ssid dot11 ssid VPN-SPARE-TEST
!
ip source-route
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.xxx.x 192.168.xxx.xx
ip dhcp excluded-address 192.168.xxx.x 192.168.xxx.x
ip dhcp excluded-address 10.x.x.x 10.169.x.x
ip dhcp excluded-address 10.x.x.x 10.169.x.x
!
ip dhcp pool DHCPPOOL-VOICE
   network 10.169.xxx.0 255.255.255.0
   option 150 ip 10.x..x
   default-router 10.x.x.x
   dns-server 10.x.x.x
!
ip dhcp pool DATA_POOL
   network 192.x.x.x 255.255.255.0
   dns-server 10.x.x.x
   default-router 192.x.x.x
   domain-name vancouver.infosatad.com
   netbios-name-server 10.x.x.x
!
!
ip cef
no ip domain lookup
!
password encryption aes
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key 543b338199 address x.x.x.x no-xauth
crypto isakmp keepalive 20 3
!
!
crypto ipsec transform-set noc_vpn esp-3des esp-md5-hmac
!
crypto ipsec profile nocvpn
set transform-set noc_vpn
!
!
archive
log config
  hidekeys
!
!
!
bridge irb
!
!
interface Tunnel1
bandwidth 1000
ip address 10.x.x.x 255.255.255.240
no ip redirects
ip mtu 1420
ip nhrp authentication nocvpn
ip nhrp map multicast x.x.x.x
ip nhrp map 10.x.x.x 204.x.x.x
ip nhrp network-id 8199
ip nhrp nhs 10.x.x.x
delay 1000
tunnel source FastEthernet4
tunnel mode gre multipoint
tunnel key 543403819
tunnel protection ipsec profile nocvpn
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
switchport priority default 3
spanning-tree portfast
!
interface FastEthernet3
switchport access vlan 2
switchport voice vlan 2
switchport priority extend cos 5
spanning-tree portfast
!
interface FastEthernet4
ip address dhcp
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
broadcast-key vlan 1 change 10
!
!
ssid VPN-SPARE-TEST
!
ssid dot11 ssid VPN-SPARE-TEST
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
!
interface Dot11Radio0.2
encapsulation dot1Q 2
!
interface Vlan1
description DATA-VLAN
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan2
description VOICE-VLAN
ip address 10.x.x.x 255.255.255.0
!
interface BVI1
description DATA_BRIGING
ip address 192.168.20.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
ip http secure-server
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
exec-timeout 999 0
no modem enable
line aux 0
line vty 0 4
access-class 20 in
exec-timeout 5 0
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
end

Thanks in advance Pros,

Jean Paul

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode