04-09-2003 01:21 PM - edited 07-04-2021 08:37 AM
I'm trying to set up a wireless network using Network-EAP on the AP (aironet 1200) with a Certificate Authority and Internet Authentication Service enabled. The client will not get an IP address and the AP log shows that it associates with the client adapted and after 30-60 sec it deassociates. Up and down like this with no netwrok access. Do we need Routing and Remote Access enabled? (Windows 2000 Advanced Server with XP clients) What is likely the problem?
04-15-2003 12:25 PM
It would be more easy to answer your question if you tell the error message that you get, I am just taking a guess here since you are using CA do check the connectivity CA and the authentication server that you are using.
Take a look at the following URL, first is ACS and the second is for LDAP.
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/s.htm#xtocid8
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/d.htm#xtocid1
04-15-2003 01:03 PM
This is the sequence displayed in a telnet session with Diagnostic commands eap_diag1_on and eap_diag2_on is the following:
00:08:02 (info): Station [WSL78K8VVF]000bbea9dbd6 Authenticated
00:08:02 (info): Station [WSL78K8VVF]000bbea9dbd6 Reassociated
RADIUS: Sending EAP-request/identity(id=10) packet to client WSL78K8VVF
then a grid of code followed by:
..6 6..networkid=XXXX-WLAN,nasid=AP1200-f88211,portid=0 .
WSL78K8VVF is the client name. XXXX-WLAN is the SSID masked.
It will Reassociate twice more and then reach its EAP retry limit and Deauthenticate
Is it getting past the AP? How do I tell if the AP or RADIUS authentication is failing?
04-15-2003 10:01 PM
It is passing the AP authentication thats why its associating in the first place.
Check if the RADIUS server port is set to 1645. Try setting a WEP key in AP config to start LEAP if you have already not done so.
04-16-2003 09:25 AM
I have verified the ports and set a WEP key already. I guess my Certificate Authority isn't set up correctly or something... The RADIUS server just won't let it happen. Do you guys know W2K server? CA? IAS? I can't see where my server is set incorrectly. When I use XP's client settings instead of the ACU from Cisco, it says it can't find a valid certificate.
What is the best security set up using only the AP built-in features without RADIUS?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: