Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Wi-Fi Deployment Issues

It seems that I am in a spot of bother with our mass deployment of Wi-Fi.

Essentially we have 30 1200 AP’s which are used to connect to Dell and HP PDA’s using LEAP.

You might find this peculiar:

I have a laptop with a Cisco 350 PCMCIA card which authenticates perfectly and holds the assigned static address [10.x.x.x]. I can also ping relevant gateways.

Using an IPAQ 5400 [older model] with the same IP address range and authentication technique I could ping all relevant gateways.

Here’s the issue:

I decided to try the IPAQ 5550 [due to 5400 EOL] and Dell Axim X3 [both new models]. The IPAQ will not authenticate even through installation of third party software [Odyssey LEAP client].

The same configuration was then entered onto the Dell: Static address, Leap client, etc. Although the ACS server showed as authenticated, the static address previously entered does not show. The device seems to revert back to 169.x.x.x. [not an address range within the organisation].

I have trouble shooted as much as possible but am of the opinion that this could be a bigger issue!

Any suggestions would be useful.

Thanks.

6 REPLIES
Bronze

Re: Wi-Fi Deployment Issues

The range of IP addresses (from 169.254.0.1 through 169.254.255.254) used for APIPA is reserved by the Internet Assigned Numbers Authority (IANA). Any IP addresses within this range are not used on the Internet. Unless the devices are CCX compliant OR are running a supplicant such as Funk or Meetinghouse which is CCX compliant, these devices will not be able to run LEAP. Try out first without LEAP , then debug the authenication like radius , AAA. if satisfactory test with LEAP.

New Member

Re: Wi-Fi Deployment Issues

I am aware of the reserved address range and had presumed CCX compliance. The issue is that implementation has occurred within a multi user environment including public domain, therefore, although successful, I do not want to pursue encryption techniques outside of LEAP.

New Member

Re: Wi-Fi Deployment Issues

You mention that your ACS server shows them connected...Have you tried looking at any debugs from the AP1200's. If you are running IOS, then some of these debugs might be helpful in determining the LEAP acknowledgments are succesfull or not

debug radius authentication

debug dot11 aaa dot1x all

The second debug will give a lot more detail, but may be able to break it down using only

debug dot11 aaa dot1x process

HTH

New Member

Re: Wi-Fi Deployment Issues

HTH,

I had previously tried this. Without naming names (!) the issue is down to hardware/ vendor compatibility with open standard LEAP using 3rd party software. In other words the IP address is not carried.

New Member

Re: Wi-Fi Deployment Issues

Do you have CMIC, CKIP, or broadcast key rotation enabled on the APs? If so, you might want to try disabling these for troubleshooting purposes.

Anonymous
N/A

Re: Wi-Fi Deployment Issues

I have run into similar problems with authentication. Our Odyssey Radius server requires Mac addresses to be inputed in lower case. Check that out.

274
Views
0
Helpful
6
Replies
CreatePlease login to create content