Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AP problem Cisco aironet 1040

I have a Cisco aironet 1040.

On my Accespoint i have 2 vlans: 1 for my wifi phones and 1 for my network.

Wifi Lan has the SSID LAN with WPA enterprise authentication to a radius server(ms server 2008).

Wifi Phone has SSID PHONE and vlan 50 with local radius authentication.

This Works all fine, Except when i enable AP for my wifi phones.

When AP is enabled the authentication for my lan doesn’t go to my server but local.

How do I configure my accesspoints so that the cisco phones use the local radius server with AP and my windows computers connect using the ms radius server?

Hope some one can help

Attached is my current config.

16 REPLIES

Re: AP problem Cisco aironet 1040

aaa group server radius rad_eap

server auth-port 1645 acct-port 1646

!

aaa group server radius WDS-AUTH

server auth-port 1812 acct-port 1813

!

aaa group server radius VOICE-AUTH

server auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap

Both of the SSID are calling to eap_methods.  What you need to do is configure another aaa authentication line:

** aaa authentication login phone_method group VOICE-AUTH**

then call that as your network-eap:

dot11 ssid VOICE

   vlan 50

   authentication network-eap **phone_method**

   authentication key-management cckm

Change/add the lines between the **.

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

AP problem Cisco aironet 1040

Steve,

Thanks for your help!

we change the config to your example, but the windows client can't connect to the network.

There is no authentication with the autentication server.

A wireless Cisco Phone connect correct to the voice ssid

Some how the windows client do not connect “ms radius server” for autentication.

Debugging Station 38e7.d8d3.3b0a Authentication failed

Re: AP problem Cisco aironet 1040

Can you post your current config?

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: AP problem Cisco aironet 1040

Steve,

attached the config file

Re: AP problem Cisco aironet 1040

ok, so the config2 matches config1 with the exception of the ssid names which shouldn't matter.  If the client could connecet before, it should still be conecting now, unless you were matching on the SSID name in the AAA server.

Can you take a look at the eventvwr of the NPS and see what the System log says when the device failed to connect?

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: AP problem Cisco aironet 1040

Hello Steve,

I am sorry that was the wrong config file.

Hereby the correct one.

Problem is, when wlccp is configured, the client / ap never reaches the server.

Re: AP problem Cisco aironet 1040

try doing a:

no aaa authentication default local

and see if that allows everything to work as it should. 

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: AP problem Cisco aironet 1040

Hello Steve,

I tried what you told,

but I still get the error "Station 001c.bf69.65d5 Authentication failed" for my windows clients

Re: AP problem Cisco aironet 1040

What does your NPS say is the reason for the failure?

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: AP problem Cisco aironet 1040

Steve,

Nothing, the client doesn't reach the NPS server so there is no logging on the NPS server.

Re: AP problem Cisco aironet 1040

The config looks fine, it should be working.  Can you try:

test aaa radius group rad_eap new user test pass cisco

It doesnt' matter if we get a pass or fail, just that we see something back from the server.  Do you know if your NPS is configured to use 1645/1646 or 1812/1813?

You may also want to do a span of the AP port when you have a client trying to authenticate and see if the packet is being sent or not.

Alternately, you can debug the radius as well.

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: AP problem Cisco aironet 1040

Hi Steve,

The authentication goes well until

wlccp ap username AUTH-WDS password 7 xxxxxxxxxxxxxxxxxxxx

wlccp authentication-server infrastructure method_WDS-AUTH

wlccp authentication-server client eap eap_methods

wlccp authentication-server client leap method_VOICE

wlccp wds priority 61 interface BVI1

is loaded,my windows clients can't connect

Re: AP problem Cisco aironet 1040

Do you have more than one AP? If not there is no need to do WDS.

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: AP problem Cisco aironet 1040

Steve,

We got more then 5 AP's in our network

Re: AP problem Cisco aironet 1040

Ok. The config we the working on, it's the WDS master? Once you have the wlccp configured do a show WDS ap and make sure the other ap are joined.

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: AP problem Cisco aironet 1040

Steve,

The problem is the WDS authentication, is there maybe a solution to only use WDS authentication for my wifi phones?

3731
Views
0
Helpful
16
Replies
CreatePlease login to create content