×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

AP Timed out authenticating to the WDS

Unanswered Question

Hi,

I have WDS setup with WLSE 2.13 and ACS 4.0. I have 8 1231 access points that behave correctly. I also have 1 1130 and 1 1242. Both of these get the error "AP Timed out authenticating to the WDS." My WDS device is currently a 1231, but I have also tried making it the 1242 and 1130. In all cases they time out. Has anybody else seen this behaviour?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
frankzehrer Tue, 11/21/2006 - 05:32
User Badges:
  • Silver, 250 points or more

Hi Brad,


be sure to have the WDS setup with the ACS like this:


http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml


If you have forgotten to enable LEAP for the WDS device or the secrets are not equal, you get teh message that the AP could not authenticate with the WDS.

If you used the ACS as RADIUS Server then have a look into the failed authentication log. There should be wrong NAS User entries.


If you want to test the WDS Setup with an AP local RADIUS Server have a look here:

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c0912.shtml


The setup is the same like in teh forst document instad of using the Local RADIUS as LEAP authentication Server. Remember WDS needs LEAP for internal authentication issues.


Best regards,

Frank


frankzehrer Tue, 11/21/2006 - 23:46
User Badges:
  • Silver, 250 points or more

Hi Brad,


how many APs do you have within the WDS?

Are the APs all in the same subnet / VLAN?

Do you have a sample config of the WDS AP, a working 1231 and a 1242?


How is the setup in the ACS? Do you have "Network Device Groups" in the "Network Configuration" section?


Issue the command "debug aaa authentication" on a working and not working AP and please post the result.


Also issue the command "debug wlccp wds ap mac-address H.H.H" where H.H.H should be a mac address of an not-working AP.


Best regards,

Frank

frankzehrer Fri, 12/01/2006 - 02:13
User Badges:
  • Silver, 250 points or more

Hi Brad,


i was a bit in busy the last days.

For a first look i can?t obviously find any failure or problem.


What kind of device is the mentioned:

wlccp wnm ip address 10.240.2.41


Is it a WLSE? Are the non-working devices managed within the wnm?



On the WDS Device issue the command:

sh radius local-server statistics


Successes : 9 Unknown usernames : 0

Client blocks : 0 Invalid passwords : 0

Unknown NAS : 0 Invalid packet from NAS: 0


NAS : 10.20.30.120

Successes : 9 Unknown usernames : 0

Client blocks : 0 Invalid passwords : 0

Corrupted packet : 0 Unknown RADIUS message : 0

No username attribute : 0 Missing auth attribute : 0

Shared key mismatch : 0 Invalid state attribute: 0

Unknown EAP message : 0 Unknown EAP auth type : 0

Auto provision success : 0 Auto provision failure : 0

PAC refresh : 0 Invalid PAC received : 0


Username Successes Failures Blocks

wds 9 0 0


Do you have any other messages than "Successes"?



If yes clear the statistics with:


clear radius local-server statistics


Reload the not working AP and have a look into the statistics!


This was the first step i used to find misconfigurations.


Best reagrds,

Frank

Actions

This Discussion

 

 

Trending Topics - Security & Network