Thanks Andrew, I've reviewed that document and I don't see what I'm missing. I've attaching the config minus the IP's and SSID's, Here's where I'm at, The data SSID network works perfectly, my laptop can authenticate with the AP retrieve an IP after authenticating with the Radius server (MS IAS). The Phone SSID (768) I'm able to make the connection to the AP with my laptop configured to that IP, I must statically assign the IP to my laptop, I'm unable to ping the 768 VLAN on the switch that the AP connects to, from my laptop. From the AP I'm able to ping the 768 VLAN. Any ID's

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers wep128

!

encryption vlan 767 mode ciphers wep128

!

encryption vlan 768 mode ciphers tkip

!

broadcast-key change 60

!

broadcast-key vlan 767 change 420

!

!

ssid

!

ssid

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

channel 2462

station-role root

no dot11 qos mode

!

interface Dot11Radio0.767

encapsulation dot1Q 767 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.768

encapsulation dot1Q 768

no ip route-cache

bridge-group 255

bridge-group 255 subscriber-loop-control

bridge-group 255 block-unknown-source

no bridge-group 255 source-learning

no bridge-group 255 unicast-flooding

bridge-group 255 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

speed 100

full-duplex

hold-queue 160 in

!

interface FastEthernet0.767

encapsulation dot1Q 767 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.768

encapsulation dot1Q 768

no ip route-cache

bridge-group 255

no bridge-group 255 source-learning

bridge-group 255 spanning-disabled

!

interface BVI1

ip address <###.###.###.### MMM.MMM.MMM.MMM>

no ip route-cache

!

ip default-gateway <###.###.###.###>

no ip http server

ip http authentication aaa

ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

!

access-list 111 permit tcp any any neq telnet

radius-server attribute 32 include-in-access-req format %h

radius-server host 172.16.128.70 auth-port 1812 acct-port 1813 key 7

radius-server vsa send accounting

!

control-plane

!

bridge 1 route ip

!

!

!

line con 0

access-class 111 in

line vty 0 4

access-class 111 in

line vty 5 15

access-class 111 in

!

sntp server <###.###.###.###>

sntp broadcast client

end

Hi,

Nothing in that config looks particularly problematic, but there are so many potential issues (switch configs, IAS configs, etc) that it's difficult to say for sure where the problems might lie - it could be authentication, encryption, dhcp, etc...

Cisco have heaps of info on how to configure voice over wireless, such as the following:

http://www.cisco.com/en/US/products/hw/phones/ps379/products_implementation_design_guide_chapter09186a00802a09ee.html

Even if you're not using cisco phones most of the config is relevant. I'd recommend not to configure encryption until after everything else works - and don't forget QoS...

HTH

Andrew.