Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
2
Helpful
4
Replies

LEAP working with aironet AP 350 not on AP1100

hvd
Level 1
Level 1

‎02-18-2003 05:25 AM - edited ‎07-04-2021 08:31 AM

After struggeling a while with this, reading docs over and over I'm not geting there.

We're actively using LEAP on an aironet AP 350, aironet PCMCIA 350 and TACACS+ 3.0.Now we want to use the Aironet 1120B AP with same server & adapters in the same leap configuration. This although seems to a though thing to do. I've upgrage the clients firmware to the latest, installed the newest version of ACU, but no luck. When I use open authentication, communication is succesfull, when I select network-EAP authentication nothing seem to happen & nothing is logged or shown when debugged. Looks like no radio communication happens at all.

Could someone provide me an example of a working configuration with leap, or advise me something how to make this work.

Thanks a lot

Hans

Labels:
0 Helpful
4 Replies 4

derwin
Level 5
Level 5

‎02-18-2003 04:33 PM

Hans,

You also have to configure your radius servers have you done this ?

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/i1224ja/i1224icg/ivicgrad.htm

David

hvd
Level 1
Level 1
In response to derwin

‎02-19-2003 04:15 AM

David, thanks for your reply,

I forgot to mention that my access points are indeed configured for radius, and administration is validated through the tacacs servers using radius.

I've sniffed the network and radius packets when I telnet to the ap are sent & returned to/from the radius server. But nothing passes when a client wants to associate with the ap.

My 350 ap's are working fine with this server, so I doubt that the problem is in this area, I'm more thinking that something's not working between client & ap, since the ap doesn't report a thing.

I'm running ios 12.2(4) on the ap, it's a brand new ap since last week.

This is my config, maybe it gives you an idea ?

version 12.2

no service pad

service timestamps debug datetime

service timestamps log datetime

service password-encryption

!

hostname ap-test

!

aaa new-model

!

aaa authentication login default group radius

aaa authentication login eap_methods group radius

aaa authentication login mac_methods local

aaa authentication login pmip_methods group radius

aaa authorization ipmobile default group radius

aaa authorization network default group radius

aaa authorization network eap_methods group radius

aaa accounting network acct_methods start-stop group radius

aaa accounting network eap_methods start-stop group radius

aaa session-id common

enable secret 5 $xxxx

enable password 7 xxxxx

!

clock timezone STD 1

clock summer-time DST recurring last Sun Mar 2:00 last Sun Oct 2:00

ip subnet-zero

no ip source-route

ip domain-name intranet.network.be

ip name-server 194.116.20.1

!

ip ssh time-out 120

ip ssh authentication-retries 3

dot11 holdoff-time 600

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

encryption mode wep mandatory

!

ssid WLan/Intranet

vlan 1

authentication open

authentication network-eap eap_methods

infrastructure-ssid

!

speed basic-11.0

rts threshold 2312

power local 50

channel 2442

station-role root fallback shutdown

no cdp enable

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 194.116.3.228 255.255.255.0

no ip route-cache

!

ip radius source-interface BVI1

logging history debugging

logging 194.116.5.200

radius-server host 194.116.17.200 auth-port 1645 acct-port 1646

radius-server retransmit 3

radius-server attribute 32 include-in-access-req format %h

radius-server key 7 xxxxxxxxxxxxxx

radius-server vsa send accounting

bridge 1 route ip

!

line con 0

line vty 5 15

!

ntp clock-period 2814768

ntp server 194.116.5.201

end

Hans

0 Helpful

ndoshi
Cisco Employee
Cisco Employee

‎02-18-2003 05:41 PM

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/i1224ja/i1224icg/ivicgaut.htm

support for TACACS+ is for centralized validation of administrators attempting to gain access to your access point ?

Running Cisco IOS Release 12.2(8)JA ?

For leap configure the radius and see if it works

hvd
Level 1
Level 1
In response to ndoshi

‎02-25-2003 12:10 AM

I've upgrade the ios to 12.2(4)JA 1 but not better, same result.

I'm not able to find the 12.2(8)JA ios version,

if you could tell me where I can find it, I can test it out.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card