cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3559
Views
0
Helpful
7
Replies

Wireless 1200 AP Authentication Failed

rodonohu1
Level 1
Level 1

Hi,

I'm prett new to setting up Cisco WAP. I have tried to copy the config from a working one in another other and changed it to suit my own. I'm attaching a config. The problem is that the AP doesnt automatically get picked up by Wireless cards and when i manually set it up, i get authentication issues - DOG11-7-Auth_Failed from the station MAC-ADDRESS

Any idea? I am confused how the Vlan i have set it up on communicates. Please help?

1 Accepted Solution

Accepted Solutions

heres a link. Haven't experienced this issue myself but APPEARS to be a possible misconfiguration on the client end.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml

View solution in original post

7 Replies 7

robert.wright
Level 1
Level 1

Suggestion before i look at anymore of your config. Please sanitize all of your configs you post on the forums. You have a few passwords in there.

Just glancing over i dont see anything that sticks out, have you reference the associated log files on your radius/acs boxes for failed attempts? Also appears your authenicating via mac address so possibly the mac addy isnt present as an authorized device?

Thanks for the feedback.

I've been working on alot and built up the config again from scratch.

the problem is definatly around the authentication.

When I set it up as follows, I can't see the wireless netork:

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 1 key 1 size 128bit 7 3EF6C4C5A0DD03D60ACFBC40F93B transmit-key

encryption vlan 1 mode wep mandatory mic key-hash

!

encryption vlan 18 key 1 size 128bit 7 02DC3457EC1AAFC9DF2FAECDF0DF transmit-key

encryption vlan 18 mode wep mandatory mic key-hash

!

ssid EmP1R3D

vlan 18

authentication open mac-address mac_methods eap eap_methods

authentication network-eap eap_methods mac-address mac_methods

but if i put it in guest mode, then i can see the secured network but can't log on to it. When i try to connect it just times out trying. On the client, it doesn't seem to be able to exchange keys,etc. this is where I am in the dark and have difficulty figuring it out.

I've checked the ACS box and it shows on passed authentications that its fine. I just can't get up user authentication box at this point on the client.

I've also checked this on my ACS failed attempts now: I keep getting the following that points it could be related to PEAP

EAP-TLS or PEAP authentication failed during SSL handshake

where could this issue lie?

heres a link. Haven't experienced this issue myself but APPEARS to be a possible misconfiguration on the client end.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml

Excatly. I found this yesterday and it worked. The client didn't have the correct Certs so it couldn't authenticate. Cumbersome process but worked.

Thanks for your helpe Robert.

m.rana.ku
Level 1
Level 1

Hi,

In the following video step by step process has been shown How to Configure Cisco AIRONET 3602i Autonomous/Standalone Access Point using CLI with WPAv2 Authentication Key.

 

https://www.youtube.com/channel/UCmZZ2BNGXQH1HPS3uIVnr7A?sub_confirmation=1

 

https://www.youtube.com/watch?v=JkUfTXuwj2U

 

============ For 2.4 GHz Radio Interface ============

Step 1: Access Cisco AP|Reset AP| Assign static IP for BVI1 Interface |Default-gateway IP
ap>enable
Password: Cisco [Cisco AP default Password]
## Reset the Access Point with pressing and holding mode button ##
ap#configure terminal
ap(config)#interface bvI 1
ap(config-if)#ip address 192.168.2.4 255.255.255.0 [According to my network setup]
ap(config-if)#exit
ap(config)#ip default-gateway 192.168.2.1 [According to my network setup]

Step 2: Creating SSID | Authentication | Applying WPAv2 Authentication

ap(config)#dot11 ssid Cisco_WLAN [ Create SSID named Cisco_WLAN]
ap(config-ssid)#guest-mode [Broadcast SSID]
ap(config-ssid)#authentication open [allows any device to authenticate]
ap(config-ssid)#authentication key-management wpa version 2 [Applying WPAv2 Authentication]
ap(config-ssid)#wpa-psk ascii Cisco123 [Applying WPA Shared Key ]
ap(config-ssid)#exit

Step 3: Enable Encryption to 4.2GHz Radio interface | Apply SSID to interface| Enable Radio Interface

ap(config)#interface dot11Radio 0 [Selecting 4.2 GHz Radio interface]
ap(config-if)#encryption mode ciphers aes-ccm [Enabling CIPHER AES-CCM Encryption to interface]
ap(config-if)#ssid Cisco_WLAN [Applying SSID to Radio interface]
ap(config-if)#channel least-congested [Selecting Channel type]
ap(config-if)#no shutdown [Finally Enabling the 4.2 GHz Radio Interface]
ap(config-if)#exit
ap(config)#exit
================ For 5 GHz Radio Interface =======================

Step 2: Creating SSID | Authentication | Applying WPAv2 Authentication

ap(config)#dot11 ssid Cisco_WLAN 5GHz [ Create SSID named Cisco_WLAN 5GHz ]
ap(config-ssid)#guest-mode [Broadcast SSID]
ap(config-ssid)#authentication open [allows any device to authenticate]
ap(config-ssid)#authentication key-management wpa version 2 [Applying WPAv2 Authentication]
ap(config-ssid)#wpa-psk ascii Cisco123 [Applying WPA Shared Key ]
ap(config-ssid)#exit

Step 3: Enable Encryption to 5 GHz Radio interface | Apply SSID to interface| Enable Radio Interface

ap(config)#interface dot11Radio 1 [Selecting 5 GHz Radio interface]
ap(config-if)#encryption mode ciphers aes-ccm [Enabling CIPHER AES-CCM Encryption to interface]
ap(config-if)#ssid Cisco_WLAN 5GHz [Applying SSID to Radio interface]
ap(config-if)# channel 36 [Selecting Channel type]
ap(config-if)#no shutdown [Finally Enabling the 5 GHz Radio Interface]
ap(config-if)#exit
ap(config)#exit

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: