Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco WDS on Aironet 1042 autonomous AP

Hello,


I'm trying to enable WDS with authentication on a Cisco 1042 AP. The unit itself will be the WDS master and Radius server as well it will serve clients (not that many). The AP is running version 12.4(25d).


After multiple tries of configurating, I keep getting the same issue: as soon as I connect to the SSID, I can enter the username and password but authentication fails - hence the message in my console: 

%DOT11-7-AUTH_FAILED: Station xxxx.xxxx.xxxx Authentication failed

. Every configuration I made was started from factory defaults of the AP.


My current tests are with one AP only and if tests go successfully, I will add more infrastructure AP's to the setup.


Can someone please have a look at the config file and explain to me what I'm doing incorrectly for the wireless client authentication?



hostname WDS_SERVER
!
logging rate-limit console 9
enable secret 5 $1$FcRQ$T5MglV/0ybzKEfk3DoN/J0
!
aaa new-model
!
!
aaa group server radius InfraAP
server 192.168.28.34 auth-port 1812 acct-port 1813
!
aaa group server radius Clients
server 192.168.28.34 auth-port 1812 acct-port 1813
!
aaa authentication login APlist group InfraAP
aaa authentication login WirelessClients group Clients
!
aaa session-id common
!
dot11 ssid Test
   authentication open eap WirelessClients
   authentication key-management wpa version 2 cckm
   guest-mode
!
username Cisco password 7 14341B180F0B
!
bridge irb
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid Test
!
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.28.34 255.255.255.0
no ip route-cache
!
radius-server local
  no authentication mac
  nas 192.168.28.34 key 7 047802150C2E
  user AP34 nthash 7 115B402731345C5C250F0D740E1111744A5E352025720C7E07075A533D460A0E76
  user test nthash 7 0529225E701E1F2F4B234E375B5B527F09710C1266004350305A5603090001722B
!
radius-server host 192.168.28.34 auth-port 1812 acct-port 1813 key 7 123A0C041104
bridge 1 route ip
!
wlccp ap username AP34 password 7 00051005014818160028425A
wlccp authentication-server infrastructure APlist
wlccp authentication-server client any WirelessClients
  ssid Test
wlccp wds priority 255 interface BVI1



The AP registered itself as being the WDS master so that's fine.


WDS_SERVER#sh wlcc ap
WDS = 5057.a8a1.97f6, 192.168.28.34
state = wlccp_ap_st_registered
IN Authenticator = 192.168.28.34
MN Authenticator = 192.168.28.34

The AP is also authenticated to the Radius server.

WDS_Server#sh radius local-server stat

Successes              : 1           Unknown usernames      : 0

Client blocks          : 0           Invalid passwords      : 0

Unknown NAS            : 0           Invalid packet from NAS: 4

NAS : 192.168.28.34

Successes              : 1           Unknown usernames      : 0

Client blocks          : 0           Invalid passwords      : 0

Corrupted packet       : 0           Unknown RADIUS message : 0

No username attribute  : 0           Missing auth attribute : 0

Shared key mismatch    : 0           Invalid state attribute: 0

Unknown EAP message    : 0           Unknown EAP auth type  : 4

Auto provision success : 0           Auto provision failure : 0

PAC refresh            : 0           Invalid PAC received   : 0

Username                  Successes  Failures  Blocks

AP34                              1         0       0

test                              0         0       0

I've tried the configuration from the Cisco config guide as well but without any luck (http://www.cisco.com/en/US/docs/wireless/access_point/12.4.25d.JA/Configuration/guide/scg12.4.25d.JA-chap12-wdsroam-rm.html)

What are your thoughts?


Thanks in advance.

Everyone's tags (4)
5 REPLIES

Re: Cisco WDS on Aironet 1042 autonomous AP

It seems you problem with the EAP type.

What eap type you use?

Look at this doc:

www.cisco.com/en/US/products/hw/wireless/ps458/products_configuration_example09186a008059a559.shtml

Your config you put is not clear.

Amjad

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"
New Member

Re: Cisco WDS on Aironet 1042 autonomous AP

Thanks Amjad. I already tried the guide you proposed and I couldn't connect to the SSID either.

Can you be more specific as to what is not clear in my config? Did I forget some critical items or did I use a wrong setting?

Thanks.

Re: Cisco WDS on Aironet 1042 autonomous AP

I mean the config is not shown line by line. Lines appear mixed. Each command should be in separate line but it is not the case. I don't know if it is a problem of the iPad application or it appears the same on web as well.

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"
New Member

Re: Cisco WDS on Aironet 1042 autonomous AP

Then it must be indeed something because of the use of the iPad app.

Have you had a chance to look at the config for what could be the culprit?

Thanks.

Cisco WDS on Aironet 1042 autonomous AP

I am using my laptop now and the lines look OK.

I don't know what the reason of the auth failures. Incorrect password entered would result the same error message. so we need to know the reason of the failure.

You may try the debug commands (all or some) in this link:

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml#comm

hopefully they'll guide us where the problem exactly resides.

also, you did not specify the config of the AP. provide it  please if possible.

Amjad

Rating useful replies is more useful than saying "Thank you"
1453
Views
0
Helpful
5
Replies
CreatePlease to create content