I posted a question a week or so ago about setting up an 877W with wireless and VPN back to headend site. The requirement is for the remote site (5 + users) to VPN to main site but have wireless locally with authentication via PEAP into headend site were ACS into AD is configured. I have installed the Router, but at the minute only with VPN access. I was not able to get the wireless working! I'm having issues with the BVI/Radio/Vlan interfaces. The remote site is to only have one subnet with some wireless and some not. My subnet is 172.16.0.96/28. Do i only need one Ip address on the router, as i can't assign the Vlan and BVI interface in the same subnet? Should my Default Gateway be the BVI Interface? I have also configured WEP 128 (Customer asked for) but Windows displays this an 'Open Network' and only one laptop can see it? And this can't connect. i tried to forget the PEAP and just get wireless working locally for some security but with no luck :-(
I have posted the config, can somebody help me and tell me what i have done wrong?
I'm struggling with excatly the same problem. Got a few access points on our LAN using PEAP fine but can't seem to get it working on a 877w. Can get the VPN connection back to our concentrator working. Has anyone got any ideas.
The common configuration for this type of scenario is to bridge the VLAN1 and Dot11radio interfaces together in order to place both wired and wireless clients on the same VLAN/network.
If the customer's requirement is to allow both static WEP128 and PEAP clients to co-exist on a single SSID, then that's not going to work. PEAP uses dynamic encryption keys, so when EAP is configured on the SSID, the encryption keys are dynamic. You'd have to create a separate SSID on a separate VLAN to support static WEP in addition to PEAP on the same router.
Try reconfiguring (based upon your attached configs) as follows to support PEAP on VLAN 1 (use CONSOLE port, not telnet when configuring):
int do 0
no encryption key 1
no encryption mode wep mandatory
encryption vlan 1 mode wep mandatory
no bridge-group 1
int do 0.1
int vlan 1
no ip address
int bvi 1
ip address 172.16.0.97 255.255.255.240
ip radius source-interface bvi 1
bridge 1 route ip
bridge 1 protocol ieee
The 'radius source-interface bvi 1' forces the router to use 22.214.171.124 as the source of all RADIUS packets; therefore, you want to make sure the ACS Server has this router configured as an AAA Client with ip address 126.96.36.199.
Try this out, if it works, then do a 'wr mem' on the router to save the config to nvram.
That?s a great help, but I'm still having problems getting peap working. I have checked our firewall and the ACS server and am not getting any failed attempts but I am getting failed attempts when I remove the AAA account so I know it's hitting the ACS server. According to the debugging on the router It looks to be a problem with the shared key, but I have checked and doubled checked that. I have attached both the router config and the debugging. Can anyone shed any light? Thanks is advance,
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...