It seems that I am in a spot of bother with our mass deployment of Wi-Fi.
Essentially we have 30 1200 APs which are used to connect to Dell and HP PDAs using LEAP.
You might find this peculiar:
I have a laptop with a Cisco 350 PCMCIA card which authenticates perfectly and holds the assigned static address [10.x.x.x]. I can also ping relevant gateways.
Using an IPAQ 5400 [older model] with the same IP address range and authentication technique I could ping all relevant gateways.
Heres the issue:
I decided to try the IPAQ 5550 [due to 5400 EOL] and Dell Axim X3 [both new models]. The IPAQ will not authenticate even through installation of third party software [Odyssey LEAP client].
The same configuration was then entered onto the Dell: Static address, Leap client, etc. Although the ACS server showed as authenticated, the static address previously entered does not show. The device seems to revert back to 169.x.x.x. [not an address range within the organisation].
I have trouble shooted as much as possible but am of the opinion that this could be a bigger issue!
The range of IP addresses (from 169.254.0.1 through 169.254.255.254) used for APIPA is reserved by the Internet Assigned Numbers Authority (IANA). Any IP addresses within this range are not used on the Internet. Unless the devices are CCX compliant OR are running a supplicant such as Funk or Meetinghouse which is CCX compliant, these devices will not be able to run LEAP. Try out first without LEAP , then debug the authenication like radius , AAA. if satisfactory test with LEAP.
I am aware of the reserved address range and had presumed CCX compliance. The issue is that implementation has occurred within a multi user environment including public domain, therefore, although successful, I do not want to pursue encryption techniques outside of LEAP.
You mention that your ACS server shows them connected...Have you tried looking at any debugs from the AP1200's. If you are running IOS, then some of these debugs might be helpful in determining the LEAP acknowledgments are succesfull or not
debug radius authentication
debug dot11 aaa dot1x all
The second debug will give a lot more detail, but may be able to break it down using only
I had previously tried this. Without naming names (!) the issue is down to hardware/ vendor compatibility with open standard LEAP using 3rd party software. In other words the IP address is not carried.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...