Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Intermittent Association with no IP address- AP1200

I'm trying to set up a wireless network using Network-EAP on the AP (aironet 1200) with a Certificate Authority and Internet Authentication Service enabled. The client will not get an IP address and the AP log shows that it associates with the client adapted and after 30-60 sec it deassociates. Up and down like this with no netwrok access. Do we need Routing and Remote Access enabled? (Windows 2000 Advanced Server with XP clients) What is likely the problem?

4 REPLIES
Bronze

Re: Intermittent Association with no IP address- AP1200

It would be more easy to answer your question if you tell the error message that you get, I am just taking a guess here since you are using CA do check the connectivity CA and the authentication server that you are using.

Take a look at the following URL, first is ACS and the second is for LDAP.

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/s.htm#xtocid8

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/d.htm#xtocid1

New Member

Re: Intermittent Association with no IP address- AP1200

This is the sequence displayed in a telnet session with Diagnostic commands “eap_diag1_on” and “eap_diag2_on” is the following:

00:08:02 (info): Station [WSL78K8VVF]000bbea9dbd6 Authenticated

00:08:02 (info): Station [WSL78K8VVF]000bbea9dbd6 Reassociated

RADIUS: Sending EAP-request/identity(id=10) packet to client WSL78K8VVF

…then a grid of code followed by:

“..6…6..networkid=XXXX-WLAN,nasid=AP1200-f88211,portid=0….”

WSL78K8VVF is the client name. XXXX-WLAN is the SSID masked.

It will “Reassociate” twice more and then reach its EAP retry limit and “Deauthenticate”

Is it getting past the AP? How do I tell if the AP or RADIUS authentication is failing?

New Member

Re: Intermittent Association with no IP address- AP1200

It is passing the AP authentication thats why its associating in the first place.

Check if the RADIUS server port is set to 1645. Try setting a WEP key in AP config to start LEAP if you have already not done so.

New Member

Re: Intermittent Association with no IP address- AP1200

I have verified the ports and set a WEP key already. I guess my Certificate Authority isn't set up correctly or something... The RADIUS server just won't let it happen. Do you guys know W2K server? CA? IAS? I can't see where my server is set incorrectly. When I use XP's client settings instead of the ACU from Cisco, it says it can't find a valid certificate.

What is the best security set up using only the AP built-in features without RADIUS?

170
Views
0
Helpful
4
Replies
CreatePlease to create content