×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

LEAP working with aironet AP 350 not on AP1100

Unanswered Question
Feb 18th, 2003
User Badges:

After struggeling a while with this, reading docs over and over I'm not geting there.


We're actively using LEAP on an aironet AP 350, aironet PCMCIA 350 and TACACS+ 3.0.Now we want to use the Aironet 1120B AP with same server & adapters in the same leap configuration. This although seems to a though thing to do. I've upgrage the clients firmware to the latest, installed the newest version of ACU, but no luck. When I use open authentication, communication is succesfull, when I select network-EAP authentication nothing seem to happen & nothing is logged or shown when debugged. Looks like no radio communication happens at all.


Could someone provide me an example of a working configuration with leap, or advise me something how to make this work.


Thanks a lot

Hans


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (2 ratings)
Loading.
hvd Wed, 02/19/2003 - 04:15
User Badges:

David, thanks for your reply,


I forgot to mention that my access points are indeed configured for radius, and administration is validated through the tacacs servers using radius.

I've sniffed the network and radius packets when I telnet to the ap are sent & returned to/from the radius server. But nothing passes when a client wants to associate with the ap.


My 350 ap's are working fine with this server, so I doubt that the problem is in this area, I'm more thinking that something's not working between client & ap, since the ap doesn't report a thing.


I'm running ios 12.2(4) on the ap, it's a brand new ap since last week.


This is my config, maybe it gives you an idea ?


version 12.2

no service pad

service timestamps debug datetime

service timestamps log datetime

service password-encryption

!

hostname ap-test

!

aaa new-model

!

aaa authentication login default group radius

aaa authentication login eap_methods group radius

aaa authentication login mac_methods local

aaa authentication login pmip_methods group radius

aaa authorization ipmobile default group radius

aaa authorization network default group radius

aaa authorization network eap_methods group radius

aaa accounting network acct_methods start-stop group radius

aaa accounting network eap_methods start-stop group radius

aaa session-id common

enable secret 5 $xxxx

enable password 7 xxxxx

!

clock timezone STD 1

clock summer-time DST recurring last Sun Mar 2:00 last Sun Oct 2:00

ip subnet-zero

no ip source-route

ip domain-name intranet.network.be

ip name-server 194.116.20.1

!

ip ssh time-out 120

ip ssh authentication-retries 3

dot11 holdoff-time 600

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

encryption mode wep mandatory

!

ssid WLan/Intranet

vlan 1

authentication open

authentication network-eap eap_methods

infrastructure-ssid

!

speed basic-11.0

rts threshold 2312

power local 50

channel 2442

station-role root fallback shutdown

no cdp enable

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 194.116.3.228 255.255.255.0

no ip route-cache

!

ip radius source-interface BVI1

logging history debugging

logging 194.116.5.200

radius-server host 194.116.17.200 auth-port 1645 acct-port 1646

radius-server retransmit 3

radius-server attribute 32 include-in-access-req format %h

radius-server key 7 xxxxxxxxxxxxxx

radius-server vsa send accounting

bridge 1 route ip

!

line con 0

line vty 5 15

!

ntp clock-period 2814768

ntp server 194.116.5.201

end


Hans

hvd Tue, 02/25/2003 - 00:10
User Badges:

I've upgrade the ios to 12.2(4)JA 1 but not better, same result.

I'm not able to find the 12.2(8)JA ios version,

if you could tell me where I can find it, I can test it out.


Actions

This Discussion

 

 

Trending Topics - Security & Network