Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Can't get CCKM running with LEAP

I am trying to setup clients to authenticate to my AP using CCKM and LEAP. I am currently able to connect using my Dell Truemobile WLAN card with WPA authentication and LEAP. When I try to authenticate with CCKM however, I don't even get a prompt for my credentials like I do when I authenticate using WPA. I have both CCKM and WPA enabled as mandatory for key management on the 1100 AP. Can anyone help point me in the right direction? Here is the debug I get when I try to authenticate using CCKM on the AP:

*Mar 1 00:48:57.980: AAA/BIND(0000009E): Bind i/f

*Mar 1 00:48:59.711: AAA/BIND(0000009F): Bind i/f

*Mar 1 00:49:02.201: AAA/BIND(000000A0): Bind i/f

*Mar 1 00:49:05.971: AAA/BIND(000000A1): Bind i/f

*Mar 1 00:49:11.214: AAA/BIND(000000A2): Bind i/f

*Mar 1 00:49:14.901: AAA/BIND(000000A3): Bind i/f

And my running config:

aaa new-model

!

!

aaa group server radius rad_eap

server 192.168.100.10 auth-port 1812 acct-port 1813

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

server 192.168.100.10 auth-port 1812 acct-port 1813

!

aaa group server radius rad_admin

server 192.168.100.10 auth-port 1812 acct-port 1813

cache expiry 1

cache authorization profile admin_cache

cache authentication profile admin_cache

!

aaa group server tacacs+ tac_admin

cache expiry 1

cache authorization profile admin_cache

cache authentication profile admin_cache

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa group server radius rad_eap1

server 192.168.100.10 auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authentication login eap_methods1 group rad_eap1

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

aaa cache profile admin_cache

all

!

aaa session-id common

!

dot11 ssid test

authentication open eap eap_methods1

authentication network-eap eap_methods1

authentication key-management wpa cckm

guest-mode

mbssid guest-mode

!

!

!

username test privilege 15 password xxx

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

ssid test

!

speed basic-1.0 basic-2.0 basic-5.5 basic-11.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.100.10 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.100.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

!

radius-server local

no authentication mac

nas 192.168.100.10 key xxx

user xxx

!

radius-server attribute 32 include-in-access-req format %h

radius-server host 192.168.100.10 auth-port 1812 acct-port 1813 key xxx

radius-server vsa send accounting

!

control-plane

!

bridge 1 route ip

1 REPLY
Bronze

Re: Can't get CCKM running with LEAP

The issue may be due to LEAP may be selected under the WPA option.To resolve this follow the steps.

1. Launch ADU

2. Click on tab "Profile Management"

3. Select the corresponding profile and click on the "Modify" button

4. click on tab "Security"

5. You should be given 5 choices: "WPA", "WPA Passphrase", "802.1x",

"Pre-Shared Key (Static WEP)" and "None". Select "WPA".

6. There is a pull down menu called "WPA EAP Type:" beside "WPA". Please

select "LEAP" from the pull down menu.

211
Views
0
Helpful
1
Replies
CreatePlease to create content