BR350 pair using LEAP in a PtP with LEAP clients on the non-root bridge
I have two BR350 units, one root, one non-root w/clients. I have Funk's steel-belted radius 3.0 and i have two win2k laptops. one laptop is running the latest firmware and ACU version and is connecting to the non-root bridge doing LEAP. I have everything configured to the letter including a mac filter on the root bridge to disallow any connections except from the non-root. the client is showing up on the non-root and is authenticating successfully (according to RADIUS), but right after it is finished authenticating, it starts the LEAP process over again - bumping itself off. I'm running 11.23T code on both bridges. The bridges are using LEAP and connect fine - authenticating properly in RADIUS. I've read the cisco docs on configuring this situation and have done everything according to the docs....so there's no reason
it should be restarting the leap process like this. there's no interference on ch6 (where everything sits) because I've killed every source of 2.4GHz (including the microwave and phones) in the entire area...and besides, the link from bridge to bridge stays up fine. ;-)
here's the weird part - when i force it to associate to the root, it works fine...i do this by disallowing "broadcast SSID" on the non-root
and allowing it on the root. so, it seems to be an issue with the LEAP passthrough from non-root to RADIUS. i refresh the non-root page for the association table constantly and you never see it say "Assoc",
but the client says it's associated...right before it restarts the LEAP process and disconnects. ;-) hideous.
Re: BR350 pair using LEAP in a PtP with LEAP clients on the non-
After further investigation, it's worse than I thought. When the leap client attempts association with the non-root bridge, the bridge link from non-root to root suddenly breaks. After the client fails login (although its client says it succeeded), the bridge-to-bridge link comes back up. This cycle continues as long as the client keeps trying to authenticate. Talk about denial of service for a bridge link! woohoo!
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...