Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

871W using WEP and LEAP

I have configured the 871W for WEP and LEAP, and the client is prompted for the Username and Password. But it is not authenticating. I have attached the config of the router and the debug radius authentication.

871Wireless#wr T

Building configuration...

aaa new-model

aaa group server radius rad-eap

server 172.16.11.254 auth-port 1812 acct-port 1813

aaa authentication login eap-methods group rad-eap

dot11 vlan-name Data vlan 11

!

dot11 ssid DATA

vlan 11

authentication open eap eap-methods

authentication network-eap eap-methods

guest-mode

!

ip dhcp excluded-address 172.16.11.1 172.16.11.49

ip dhcp excluded-address 172.16.11.101 172.16.11.254

!

ip dhcp pool Wi-Fi-Data

network 172.16.11.0 255.255.255.0

default-router 172.16.11.254

dns-server 198.207.23.58 199.172.192.3

!

bridge irb

!

!

interface FastEthernet0

!

interface Dot11Radio0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

!

encryption key 1 size 128bit xxx transmit-key

encryption mode wep mandatory

!

ssid DATA

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Dot11Radio0.11

encapsulation dot1Q 11

no cdp enable

bridge-group 11

bridge-group 11 subscriber-loop-control

bridge-group 11 spanning-disabled

bridge-group 11 block-unknown-source

no bridge-group 11 source-learning

no bridge-group 11 unicast-flooding

!

!

interface BVI11

description *** Wireless Voice ***

ip address 172.16.11.254 255.255.255.0

!

!

radius-server local

nas 172.16.11.254 key xxx

user paul nthash xxx

radius-server host 172.16.11.254 auth-port 1812 acct-port 1813 key xxx

!

control-plane

!

bridge 11 protocol ieee

bridge 11 route ip

!

line con 0

line aux 0

line vty 0 4

1 REPLY
Gold

Re: 871W using WEP and LEAP

The one thing I noticed with your config is that the encryption statements don't include the vlan statements. You should have "encryption vlan 11 mode wep mandatory". You don't need to specify an encryption key. Since your doing dot1x the keys will be dynamically created.

213
Views
0
Helpful
1
Replies
CreatePlease to create content