I am using Cisco ACS and Cisco AP AIR-AP1231G-A-K9. They are configured so that client can be authenticated using PEAP. However, as soon as join the AP to WDS. It stops working and no clients can now be authenticated by PEAP.
This certainly looks like a problem between the WDS and the ACS Server. Have a look at the following;
Wireless Domain Services Configuration
In order to use WDS, you must designate one AP or the WLSM as the WDS. A WDS AP must use a WDS user name and password to establish a relationship with an authentication server. The authentication server can be either an external RADIUS server or the Local RADIUS Server feature in the WDS AP. The WLSM must have a relationship with the authentication server, even though WLSM does not need to authenticate to the server.
Other APs, called infrastructure APs, communicate with the WDS. Before registration occurs, the infrastructure APs must authenticate themselves to the WDS. An infrastructure server group on the WDS defines this infrastructure authentication.
One or more client server groups on the WDS define client authentication.
When a client attempts to associate to an infrastructure AP, the infrastructure AP passes the credentials of the user to the WDS for validation. If the WDS sees the credentials for the first time, WDS turns to the authentication server to validate the credentials. The WDS then caches the credentials, in order to eliminate the need to return to the authentication server when the same user attempts authentication again.
Actually in my production environment, I have WDS with ACS for LEAP authentication working for a long time. When I recently want to migrate LEAP users to use PEAP, I couldn't get it to work.
ACS is configured with PEAP support. As soon as change the client to PEAP, the authentication fails but I can't see any "Failed Attempt" in ACS. But if I remove the WDS config from the AP, PEAP works and I can see the "Passed Attempt" in ACS. The AP IOS is also the latest. I wonder if PEAP can actually work with WDS? Thanks.
Problem fixed. All SSID configured in the Infrastructure APs must be specified under the "wlccp authentication-server client" config in the WDS. Otherwise, the WDS will not contact ACS; instead it will pick the "Permanant Local" list and hence the authentication will fail.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...