Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Wireless Auth errors

I am trying to setup leap authentication on a 1100 AP, with local radius.


Getting the following debug errors:

*Mar  2 10:23:05.311: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,TIMEOUT) for 0023.6c85.32cd
*Mar  2 10:23:05.311: dot11_auth_dot1x_send_client_fail: Authentication failed for 0023.6c85.32cd
*Mar  2 10:23:05.311: %DOT11-7-AUTH_FAILED: Station 0023.6c85.32cd Authentication failed
*Mar  2 10:23:10.592: AAA/BIND(00000070): Bind i/f 
*Mar  2 10:23:10.592: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar  2 10:23:10.592: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.6c85.32cd
*Mar  2 10:23:10.592: dot11_auth_dot1x_send_id_req_to_client: Client 0023.6c85.32cd timer started for 30 se

Any ideas what could be wrong with my config:

aaa new-model
!
!
aaa group server radius rad_eap
server 172.16.1.35 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa session-id common
dot11 syslog
!
dot11 ssid XXX
   authentication open eap eap_methods
   authentication network-eap eap_methods
   guest-mode
!

interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 873B0AA56FCA transmit-key
encryption mode wep mandatory
!
broadcast-key change 300
!
!
ssid XXX
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
rts threshold 2312
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 172.16.1.35 255.255.255.0
no ip route-cache

radius-server local
  nas 172.16.1.35 key 7 14001305020B297D727E
  user xxxx nthash 7 0027435225792D535F796A6B2A3852444A59285D78097D7B6A177B325144545374
!        
radius-server attribute 32 include-in-access-req format %h
radius-server host 172.16.1.35 auth-port 1812 acct-port 1813 key 7 120E04191C040F527C7D
radius-server vsa send accounting
bridge 1 route ip

2 REPLIES
Cisco Employee

Re: Wireless Auth errors

Hi,

I can see that we are using the internal radius server... Whats the authentication that we are using??

i mean whats the EAP flavour??

Regards

Surendra

Cisco Employee

Re: Wireless Auth errors

If you are not using any EAP authentication, then remove the below commands..

authentication open eap eap_methods
   authentication network-eap  eap_methods

and issue just "authentication open"

then try connecting the wireless using the WEP key that you have configured.

Regards

Surendra

307
Views
0
Helpful
2
Replies