Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1185
Views
0
Helpful
7
Replies

Windows Vista/Xp Wireless client could not connect to AP-1131AG with WPA

rawsonfang
Level 1
Level 1

‎02-10-2010 11:20 AM - edited ‎07-03-2021 06:30 PM

This is my setup:

1. Cisco Automuous AP - 1131AG-A-K9figure with 3 VLANs and 3 SSIDs, one SSID for each VLAN.

2. Running code version: c1130-k9w7-mx.124-10b.JDA3

3. first SSID - faculty-1,VLAN201 , confiure with Cipers TKIP and WPA, and passphrase.

4. Seccondary SSID - faculty-2,VLAN202 , confiure with WEP

5. Third SSID- guest. VLAN203, no encryption.

6. Use Windows VISTA laptop with Window wireless client , could connect to both the secondary and third SSID, but the connection to First SSID with WPA keep failing.

Any idea,thanks for the advice.

Labels:
0 Helpful
7 Replies 7

Leo Laohoo
Hall of Fame
Hall of Fame

‎02-10-2010 05:09 PM

In order to help in troubleshooting, can you make all of the SSIDs use OPEN or no authentication?  If it still doesn't work, can you post your config?

0 Helpful

rawsonfang
Level 1
Level 1
In response to Leo Laohoo

‎02-11-2010 08:12 PM

All the SSIDs were configured with Open authentication, WEP and no authentication work, but WPA. attached please find the configuration.Thanks

+++++++++++++

DFx-WL-AP002#

hostname IDFx-WL-AP002

!

enable secret 5 $1$x2cF$CowZYf0R5M3yf14ZP695z/

!

no aaa new-model

!

!

!

dot11 ssid faculty-1

   wpa-psk ascii babb1122babb

   vlan 201

   authentication open

   authentication key-management wpa

   mobility network-id 201

   wpa-psk ascii babb1122babb

!

dot11 ssid faculty-2

   vlan 202

   authentication open

!

dot11 ssid guest

   vlan 203

   authentication open

   guest-mode

!

power inline negotiation prestandard source

!

!

username Cisco password 7 05280F1C2243

!

bridge irb

!

!

interface Dot11Radio1

encryption vlan 201 mode ciphers tkip

no ip address

no ip route-cache

!

encryption vlan 200 mode ciphers wep128

!

encryption vlan 202 key 1 size 40bit 7 397CB7630AE1 transmit-key

encryption vlan 202 mode wep mandatory

!

encryption vlan 201 mode ciphers aes-ccm

!

ssid faculty-1

!

ssid faculty-2

!

ssid guest

!

mbssid

station-role root

!

interface Dot11Radio0.200

encapsulation dot1Q 200 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.201

encapsulation dot1Q 201

no ip route-cache

bridge-group 201

bridge-group 201 subscriber-loop-control

bridge-group 201 block-unknown-source

no bridge-group 201 source-learning

no bridge-group 201 unicast-flooding

bridge-group 201 spanning-disabled

!

interface Dot11Radio0.202

encapsulation dot1Q 202

no ip route-cache

bridge-group 202

bridge-group 202 subscriber-loop-control

bridge-group 202 block-unknown-source

no bridge-group 202 source-learning

no bridge-group 202 unicast-flooding

bridge-group 202 spanning-disabled

!

interface Dot11Radio0.203

encapsulation dot1Q 203

no ip route-cache

bridge-group 203

bridge-group 203 subscriber-loop-control

bridge-group 203 block-unknown-source

no bridge-group 203 source-learning

no bridge-group 203 unicast-flooding

bridge-group 203 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 202 key 1 size 40bit 7 76A8B820E4B6 transmit-key

encryption vlan 202 mode wep mandatory

!

encryption vlan 201 mode ciphers tkip

!

ssid faculty-1

!

ssid faculty-2

!

ssid guest

!

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1.201

encapsulation dot1Q 201

no ip route-cache

bridge-group 201

bridge-group 201 subscriber-loop-control

bridge-group 201 block-unknown-source

no bridge-group 201 source-learning

no bridge-group 201 unicast-flooding

bridge-group 201 spanning-disabled

!

interface Dot11Radio1.202

encapsulation dot1Q 202

no ip route-cache

bridge-group 202

bridge-group 202 subscriber-loop-control

bridge-group 202 block-unknown-source

no bridge-group 202 source-learning

no bridge-group 202 unicast-flooding

bridge-group 202 spanning-disabled

!

interface Dot11Radio1.203

encapsulation dot1Q 203

no ip route-cache

bridge-group 203

bridge-group 203 subscriber-loop-control

bridge-group 203 block-unknown-source

no bridge-group 203 source-learning

no bridge-group 203 unicast-flooding

bridge-group 203 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.200

encapsulation dot1Q 200 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.201

encapsulation dot1Q 201

no ip route-cache

bridge-group 201

no bridge-group 201 source-learning

bridge-group 201 spanning-disabled

!

interface FastEthernet0.202

encapsulation dot1Q 202

no ip route-cache

bridge-group 202

no bridge-group 202 source-learning

bridge-group 202 spanning-disabled

!

interface FastEthernet0.203

encapsulation dot1Q 203

no ip route-cache

bridge-group 203

no bridge-group 203 source-learning

bridge-group 203 spanning-disabled

!

interface BVI1

ip address 10.128.1.2 255.255.255.0

no ip route-cache

!

ip default-gateway 10.128.1.254

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

Message was edited by: rawsonfang

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to rawsonfang

‎02-11-2010 08:29 PM

Can you also remove the encryption to VLAN 202 and 203?

0 Helpful

rawsonfang
Level 1
Level 1
In response to Leo Laohoo

‎02-12-2010 06:40 AM

Vlan203 - SSID- guest, works fine without encryption. so sure if this was due to my Laptop issue because of Windows Vista bug with WPA compatibility?

Thanks

0 Helpful

braggb001
Level 1
Level 1
In response to rawsonfang

‎02-12-2010 12:47 PM

rawsonfang....

      I may be missing something, but I think I'm seeing 2 "interface Dot11Radio1" in your configuration.  Is this a typo?  Also, under the first Dot11Radio1 you are using AES and TKIP....as a best practice you should stick to TKIP with WPA and AES with WPA2.  Let me know if this helps.

0 Helpful

rawsonfang
Level 1
Level 1
In response to braggb001

‎02-13-2010 10:16 AM

Hi,

This is latest config:

IDFx-WL-AP002#sh run

Building configuration...

Current configuration : 4456 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname IDFx-WL-AP002

!

enable secret 5 $1$x2cF$CowZYf0R5M3yf14ZP695z/

!

no aaa new-model

!

!

!

dot11 ssid faculty-1

vlan 201

authentication open

authentication key-management wpa

mobility network-id 201

wpa-psk ascii 7 00251125005E0D272E006D6F28382436330A0E072E2E2209311626

no ids mfp client

!

dot11 ssid faculty-2

vlan 202

authentication open

!

dot11 ssid guest

vlan 203

authentication open

guest-mode

!

power inline negotiation prestandard source

!

!

username Cisco password 7 05280F1C2243

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 202 key 1 size 128bit 7 5C8396957C974FD578D183FB82F3 transmit-k

ey

encryption vlan 202 mode wep mandatory

!

encryption vlan 201 mode ciphers tkip

!

ssid faculty-1

!

ssid faculty-2

!

ssid guest

!

station-role root

!

interface Dot11Radio0.200

encapsulation dot1Q 200 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.201

encapsulation dot1Q 201

no ip route-cache

bridge-group 201

bridge-group 201 subscriber-loop-control

bridge-group 201 block-unknown-source

no bridge-group 201 source-learning

no bridge-group 201 unicast-flooding

bridge-group 201 spanning-disabled

!

interface Dot11Radio0.202

encapsulation dot1Q 202

no ip route-cache

bridge-group 202

bridge-group 202 subscriber-loop-control

bridge-group 202 block-unknown-source

no bridge-group 202 source-learning

no bridge-group 202 unicast-flooding

bridge-group 202 spanning-disabled

!

interface Dot11Radio0.203

encapsulation dot1Q 203

no ip route-cache

bridge-group 203

bridge-group 203 subscriber-loop-control

bridge-group 203 block-unknown-source

no bridge-group 203 source-learning

no bridge-group 203 unicast-flooding

bridge-group 203 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 202 key 1 size 128bit 7 8EC1CAB5D9AFBDB688B9CEDE6DC1 transmit-k

ey

encryption vlan 202 mode wep mandatory

!

encryption vlan 201 mode ciphers tkip

!

ssid faculty-1

!

ssid faculty-2

!

ssid guest

!

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1.201

encapsulation dot1Q 201

no ip route-cache

bridge-group 201

bridge-group 201 subscriber-loop-control

bridge-group 201 block-unknown-source

no bridge-group 201 source-learning

no bridge-group 201 unicast-flooding

bridge-group 201 spanning-disabled

!

interface Dot11Radio1.202

encapsulation dot1Q 202

no ip route-cache

bridge-group 202

bridge-group 202 subscriber-loop-control

bridge-group 202 block-unknown-source

no bridge-group 202 source-learning

no bridge-group 202 unicast-flooding

bridge-group 202 spanning-disabled

!

interface Dot11Radio1.203

encapsulation dot1Q 203

no ip route-cache

bridge-group 203

bridge-group 203 subscriber-loop-control

bridge-group 203 block-unknown-source

no bridge-group 203 source-learning

no bridge-group 203 unicast-flooding

bridge-group 203 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.200

encapsulation dot1Q 200 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.201

encapsulation dot1Q 201

no ip route-cache

bridge-group 201

no bridge-group 201 source-learning

bridge-group 201 spanning-disabled

!

interface FastEthernet0.202

encapsulation dot1Q 202

no ip route-cache

bridge-group 202

no bridge-group 202 source-learning

bridge-group 202 spanning-disabled

!

interface FastEthernet0.203

encapsulation dot1Q 203

no ip route-cache

bridge-group 203

no bridge-group 203 source-learning

bridge-group 203 spanning-disabled

!

interface BVI1

ip address 10.128.1.2 255.255.255.0

no ip route-cache

!

ip default-gateway 10.128.1.254

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

login local

!

end

IDFx-WL-AP002#$

0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to rawsonfang

‎02-15-2010 05:39 AM

Do you have a WLSM?  I assume no, since you didn't mention it in the first place.  If you don't, remove the mobility network-id 201 from faculty-1 and see if that helps

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card