Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
534
Views
0
Helpful
6
Replies

Wi-Fi Deployment Issues

b.darji
Level 1
Level 1

‎02-24-2004 10:26 AM - edited ‎07-04-2021 09:23 AM

It seems that I am in a spot of bother with our mass deployment of Wi-Fi.

Essentially we have 30 1200 AP’s which are used to connect to Dell and HP PDA’s using LEAP.

You might find this peculiar:

I have a laptop with a Cisco 350 PCMCIA card which authenticates perfectly and holds the assigned static address [10.x.x.x]. I can also ping relevant gateways.

Using an IPAQ 5400 [older model] with the same IP address range and authentication technique I could ping all relevant gateways.

Here’s the issue:

I decided to try the IPAQ 5550 [due to 5400 EOL] and Dell Axim X3 [both new models]. The IPAQ will not authenticate even through installation of third party software [Odyssey LEAP client].

The same configuration was then entered onto the Dell: Static address, Leap client, etc. Although the ACS server showed as authenticated, the static address previously entered does not show. The device seems to revert back to 169.x.x.x. [not an address range within the organisation].

I have trouble shooted as much as possible but am of the opinion that this could be a bigger issue!

Any suggestions would be useful.

Thanks.

Labels:
0 Helpful
6 Replies 6

vmoopeung
Level 5
Level 5

‎03-01-2004 12:03 PM

The range of IP addresses (from 169.254.0.1 through 169.254.255.254) used for APIPA is reserved by the Internet Assigned Numbers Authority (IANA). Any IP addresses within this range are not used on the Internet. Unless the devices are CCX compliant OR are running a supplicant such as Funk or Meetinghouse which is CCX compliant, these devices will not be able to run LEAP. Try out first without LEAP , then debug the authenication like radius , AAA. if satisfactory test with LEAP.

0 Helpful

b.darji
Level 1
Level 1
In response to vmoopeung

‎03-01-2004 12:33 PM

I am aware of the reserved address range and had presumed CCX compliance. The issue is that implementation has occurred within a multi user environment including public domain, therefore, although successful, I do not want to pursue encryption techniques outside of LEAP.

0 Helpful

pallette
Level 1
Level 1

‎03-14-2004 12:10 AM

You mention that your ACS server shows them connected...Have you tried looking at any debugs from the AP1200's. If you are running IOS, then some of these debugs might be helpful in determining the LEAP acknowledgments are succesfull or not

debug radius authentication

debug dot11 aaa dot1x all

The second debug will give a lot more detail, but may be able to break it down using only

debug dot11 aaa dot1x process

HTH

0 Helpful

b.darji
Level 1
Level 1
In response to pallette

‎03-14-2004 04:55 AM

HTH,

I had previously tried this. Without naming names (!) the issue is down to hardware/ vendor compatibility with open standard LEAP using 3rd party software. In other words the IP address is not carried.

0 Helpful

jasony15
Level 1
Level 1
In response to b.darji

‎03-18-2004 08:54 PM

Do you have CMIC, CKIP, or broadcast key rotation enabled on the APs? If so, you might want to try disabling these for troubleshooting purposes.

0 Helpful

Not applicable

‎03-19-2004 11:19 AM

I have run into similar problems with authentication. Our Odyssey Radius server requires Mac addresses to be inputed in lower case. Check that out.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card