I took a 1220 that was running Vxworks and upgraded to IOS last night. The upgrade went fine, however afterwards I wasn't able to authenticate to our IAS server using PEAP with MD5.
I did an erase start and tried everything from scratch (also to make sure all filters were gone).
I am at the same point as before the erase start. When I look at the event log, the one item that stands out is:
NAS-Port-Type = Virtual
Has something changed in the IOS version that authenticates differently to IAS (Windows 2000 Server) ?
I didn't make any changes to my laptops or the IAS server.
I can however allow that port type instead of "Wireless - IEEE 802.11" and the authentication succeeds, but the vlan information doesn't get passed. So I am pretty sure that is not the correct way of configuring IAS.
I thought of the exact same thing. In fact I did an erase start and started from scratch. Also, I changed the shared secret on both ends just to make sure that wasn't the problem.
I have my Vxworks version back on there right now since it is working fine.
For some reason the AP is talking different to the IAS server. I am getting the requests to the IAS server and they are all being denied. I am 99 % sure it is not the configuration on the radius server. All my AP's are configured the same way. I am 100 % sure it is not the laptops as they work on the non-IOS version of the AP's.
So that leaves the AP. I have the radius server setup, wep manditory, and eap select for the radius server. I am getting ready to put a sniffer on their and see what the differences are between the one that is working (Vxworks) and the one that is not working (IOS upgraded version).
This is my 1st IOS version to play around with, but I have configured many Vxworks AP's and they are running per-user vlans, and filters and such. Either I am missing something somewhere on the IOS version, their is a bug, or they changed the way that the AP talks to the radius server for EAP (PEAP) authentication....
IOS based APs will pass Radius attribute 61 (NAS-Port-Type) with value 5 (virtual), while VxWorks based APs use value 19 (Wireless IEEE802.11)
Users may need to re-configure Radius server setting if this attribute is used to grant access to the user, when migrating AP from VxWorks to IOS.
No ETA on when this should be fixed yet but if the work around doesnt work then please contact the TAC and open a case have you case linked to the bug then you can be kept updated of when the fix will be released
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...