Wireless Auth errors

Unanswered Question
Jul 20th, 2010
User Badges:

I am trying to setup leap authentication on a 1100 AP, with local radius.


Getting the following debug errors:


*Mar  2 10:23:05.311: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,TIMEOUT) for 0023.6c85.32cd
*Mar  2 10:23:05.311: dot11_auth_dot1x_send_client_fail: Authentication failed for 0023.6c85.32cd
*Mar  2 10:23:05.311: %DOT11-7-AUTH_FAILED: Station 0023.6c85.32cd Authentication failed
*Mar  2 10:23:10.592: AAA/BIND(00000070): Bind i/f 
*Mar  2 10:23:10.592: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar  2 10:23:10.592: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.6c85.32cd
*Mar  2 10:23:10.592: dot11_auth_dot1x_send_id_req_to_client: Client 0023.6c85.32cd timer started for 30 se


Any ideas what could be wrong with my config:


aaa new-model
!
!
aaa group server radius rad_eap
server 172.16.1.35 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa session-id common
dot11 syslog
!
dot11 ssid XXX
   authentication open eap eap_methods
   authentication network-eap eap_methods
   guest-mode
!

interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 873B0AA56FCA transmit-key
encryption mode wep mandatory
!
broadcast-key change 300
!
!
ssid XXX
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
rts threshold 2312
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 172.16.1.35 255.255.255.0
no ip route-cache


radius-server local
  nas 172.16.1.35 key 7 14001305020B297D727E
  user xxxx nthash 7 0027435225792D535F796A6B2A3852444A59285D78097D7B6A177B325144545374
!        
radius-server attribute 32 include-in-access-req format %h
radius-server host 172.16.1.35 auth-port 1812 acct-port 1813 key 7 120E04191C040F527C7D
radius-server vsa send accounting
bridge 1 route ip

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Surendra BG Mon, 07/26/2010 - 06:36
User Badges:
  • Cisco Employee,

Hi,


I can see that we are using the internal radius server... Whats the authentication that we are using??


i mean whats the EAP flavour??


Regards

Surendra

Surendra BG Mon, 07/26/2010 - 06:39
User Badges:
  • Cisco Employee,

If you are not using any EAP authentication, then remove the below commands..


authentication open eap eap_methods
   authentication network-eap  eap_methods


and issue just "authentication open"


then try connecting the wireless using the WEP key that you have configured.


Regards

Surendra

Actions

This Discussion