Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

QUICK INFO ON SHOW COMMANDS

Hi all,

          I am having issue to have a supplicant to authenticate using 802.1x. According to show dot11radio ass the client is auth,but should not grab an IP,see below.

SID [Vendeur-Test] :

MAC Address    IP address      Device        Name            Parent         State
001f.aaaa.xxxx 169.254.90.253  ccx-client    xxxx        self           EAP-Assoc

However, according to show dotradio ass 001f.aaaa.xxxx, the client hang at AAA_AUTH. What is that state?Is is an encryption issue?Is a network related as the previous show command says the host is auth,but can't just grab IP.

sh dot11 associations 001f.3b51.539b
Address           : 001f.aaaa.xxxx     Name             : xxx
IP Address        : 0.0.0.0            Interface        : Dot11Radio 0
Device            : ccx-client         Software Version : NONE
CCX Version       : 4

State             : AAA_Auth            Parent           : self
SSID              : Vendeur-Test
VLAN              : 163
Hops to Infra     : 1                  Association Id   : 237
Clients Associated: 0                  Repeaters associated: 0
Tunnel Address    : 0.0.0.0
Key Mgmt type     : NONE               Encryption       : WEP
Current Rate      : 54.0               Capability       : WMM ShortHdr ShortSlot
Supported Rates   : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Voice Rates       : disabled
Signal Strength   : -32  dBm           Connected for    : 0 seconds
Signal to Noise   : 24  dBm            Activity Timeout : 20 seconds
Power-save        : Off                Last Activity    : 0 seconds ago
Apsd DE AC(s)     : NONE

Packets Input     : 3                  Packets Output   : 3
Bytes Input       : 157                Bytes Output     : 330
Duplicates Rcvd   : 0                  Data Retries     : 0
Decrypt Failed    : 0                  RTS Retries      : 0
MIC Failed        : 0                  MIC Missing      : 0
Packets Redirected: 0                  Redirect Filtered: 0

Other SSID with different vlan work fine!! There is the config for this SSID.

dot11 ssid Vendeur-Test
   vlan 163
   authentication open eap eap_methods4
   authentication network-eap eap_methods4
   mbssid guest-mode
!

encryption vlan 163 key 1 size 40bit 7 A26473EC35DB transmit-key
encryption vlan 163 mode wep mandatory
!

interface Dot11Radio0.163
encapsulation dot1Q 163
no ip route-cache
bridge-group 163
bridge-group 163 subscriber-loop-control
bridge-group 163 block-unknown-source
no bridge-group 163 source-learning
no bridge-group 163 unicast-flooding
bridge-group 163 spanning-disabled
!

interface FastEthernet0.163
encapsulation dot1Q 163
ip helper-address 172.11.xxx.254
no ip route-cache
bridge-group 163
no bridge-group 163 source-learning
bridge-group 163 spanning-disabled
!


And last question, Can I use different encryption for the radio. I mean each vlan with a different encryption. For instance vlan 100 wpa, vlan 200 wpa2 and guess wep?

Thanks for your help guys, Greatly appreciate.

---Jean Paul

884
Views
0
Helpful
0
Replies
CreatePlease to create content