Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
2
Replies

AP not sending EAP request and it's driving me crazy!

nagle
Level 1
Level 1

‎09-24-2003 11:17 AM - edited ‎07-04-2021 09:02 AM

--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --

I'm trying to implement PEAP and for some reason my APs (both 1100 & 350) are not sending the EAP request to the auth Server (IAS)... I've sniffed the line and they aren't sending any information at all even though both APs say things like 'EAP retry time out' or 'Auth failure'. I know it's going to be something trivial that I'm missing, but it's driving me crazy.

my 1100 configs (ver 122-11)

-----------------

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname WIRELESS-TEST

!

aaa new-model

!

!

aaa group server radius rad_eap

server 172.16.32.161 auth-port 1812 acct-port 1813

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login default local

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa authorization ipmobile default group rad_pmip

aaa accounting network acct_methods start-stop group rad_acct

aaa session-id common

!

username xxxxxxxxxxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

ip subnet-zero

ip domain name test.org

ip name-server x.x.x.x

ip name-server x.x.x.x

!

dot11 holdoff-time 600

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode wep mandatory mic key-hash

!

broadcast-key change 320

!

!

ssid TEST

authentication open eap eap_methods

guest-mode

!

speed basic-1.0 basic-2.0 basic-5.5 basic-11.0

rts threshold 2312

power local 20

channel 2462

station-role root

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

speed 100

full-duplex

ntp broadcast client

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 172.16.200.39 255.255.252.0

no ip route-cache

!

ip default-gateway 172.16.200.1

ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100

ip http authentication aaa

ip radius source-interface BVI1

snmp-server community private RW

snmp-server chassis-id WIRELESS-TEST

no snmp-server enable traps tty

snmp-server host x.x.x.x private

radius-server host 172.16.32.161 auth-port 1812 acct-port 1813 key 7 xxxxxx

radius-server retransmit 3

radius-server attribute 32 include-in-access-req format %h

radius-server authorization permit missing Service-Type

radius-server vsa send accounting

bridge 1 route ip

!

!

line con 0

line vty 5 15

!

ntp server x.x.x.x

end

-------------------------

my 350 non-default config (ver 12.03T)

-------------------------

#===Beginning of PACW1 (Cisco 350 Series AP 12.03T) Configuration File===

dot11DesiredSSID.2=TEST

dot11AuthenticationAlgorithmsEnable.2.1=true

dot11AuthenticationAlgorithmsEnable.2.3=false

dot11ExcludeUnencrypted.2=true

sysName=PACW1

ipRouteNextHop.0.0.0.0=172.16.200.1

enableSNMP=T

enableSNTP=T

bootconfigBootProtocol=none

bootconfigBootCount=53

awcIfDefaultIpAddress.1=172.16.200.60

awcIfDefaultIpNetMask.1=255.255.252.0

awcDot11DesiredSSIDMicAlgorithm.2=micMMH

awcDot11DesiredSSIDWEPKeyPermuteAlgorithm.2=wepPermuteIV

awcDot11AuthenticationRequireEAP.2.1=true

awcDot11AllowEncrypted.2=true

allowBrowseWithoutLogin=F

protectLegalPage=T

awcConsoleAutoApply=T

defaultResolverDomain=applygannon.org

defaultResolverDomainServer.1=x.x.x.x

defaultSntpServer=x.x.x.x

awcAaaServerName.1=172.16.32.161

awcAaaServerName.2=

awcAaaServerName.3=

awcAaaServerName.4=

awcAaaServer8021xCapabilityEnabled.2=F

awcAaaServer8021xCapabilityEnabled.3=F

awcAaaServer8021xCapabilityEnabled.4=F

awcAaaServerMacAddrAuthEnabled.1=F

awcAaaServerAdminAuthEnabled.1=F

awcAaaServerMipAuthEnabled.1=F

awcAcctServerName.1=172.16.32.161

#awcAcctServerSharedSecret.1=

awcAcctEnable=T

awcAaaServerPrimaryReattemptPeriod=1

awcVlanNUcastKeyRotationInterval.4095=320

#===End of PACW1 Configuration File===

------------------

If anybody has any insight I would appreciate it... I am probably missing the Work/Don't Work box.

Ben

Labels:
0 Helpful
2 Replies 2

wong34539
Level 6
Level 6

‎09-30-2003 11:44 AM

What is the error message that you are getting, may be that might give us an idea?

0 Helpful

nagle
Level 1
Level 1
In response to wong34539

‎10-01-2003 04:05 AM

Thanks for responding, I got it squared away, was trying to have it do Network EAP & Open-EAP at the same time and it didn't like that.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card