Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Problems with clients on a 1220 AP with LEAP auth

I am having some problems with all clients on one access point that have this state:

0018.de99.bafe 0.0.0.0 4500-radio TN1AP01OFF self EAP-Assoc

Here is the config:

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

!

hostname xx

!

logging buffered informational

aaa new-model

!

!

aaa group server radius rad_eap

server 10.1.50.160 auth-port 1645 acct-port 1646

!

aaa authentication login default group tacacs+ local

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authentication enable default group tacacs+ enable

aaa authorization console

aaa authorization exec default group tacacs+ local

aaa session-id common

enable secret 5

!

username imperbalene privilege 15 secret 5

clock timezone CST -6

clock summer-time CST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

ip subnet-zero

ip domain name accuridecorp.com

!

no dot11 igmp snooping-helper

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode wep mandatory

!

ssid accuwireless

authentication open eap eap_methods

authentication network-eap eap_methods

!

speed basic-1.0 basic-2.0 basic-5.5 basic-11.0

rts threshold 2339

rts retries 32

power local 100

packet retries 32

channel 2462

fragment-threshold 2338

station-role root

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

description bvi1

ip address 10.150.0.101 255.255.0.0

no ip route-cache

!

ip default-gateway 10.150.0.1

ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/iv

ip http authentication aaa

ip radius source-interface BVI1

logging trap debugging

logging 10.1.50.5

snmp-server community diff133>>// RO

no snmp-server enable traps tty

snmp-server host 10.1.50.5 diff133>>//

tacacs-server host 10.1.50.160 key

radius-server host 10.1.50.160 auth-port 1645 acct-port 1646

radius-server retransmit 3

radius-server key 7

radius-server authorization permit missing Service-Type

radius-server vsa send accounting

radius-server vsa send authentication

I have a Cisco ACS server on the backend authenticating just fine, but it seems either the clients are misconfigured or there is something in the AP that needs to be changed.

1 REPLY
New Member

Re: Problems with clients on a 1220 AP with LEAP auth

What is the behavior you're seeing?

1.) The client shows up in the association table on the AP, so WLAN configs must match.

2.) ACS shows a passed authentication? So the clients have an appropriate IP address and are able to pass traffic...

Can you ping the GW of the network?

137
Views
0
Helpful
1
Replies
CreatePlease to create content