Using Multiple RADIUS servers w/ LEAP & WPA concurrently
Our current Wireless network was setup by someone on the outside an it uses LEAP w/ckip. When we have random employees come in CKIP is a pain since ckip usually isn't supported by any of the laptop OEM wireless drivers. We've had to resort to using the manufacturer's drivers to get it to work. So because of this we started looking at moving to using WPA w/ TKIP or AES. I started out with a small test setup using MS IAS, PEAP and an IOS based Aironet 1231. The test environment seems to be working fine I can associate with it and gain network access so I don't think there are any problems with IAS or PEAP.
My intention is to setup additional SSIDs on new VLANs so I can run the test WPA network in parallel with the in use LEAP networks. My problem I've seem to run into is when I mix the two configs WPA no longer works. I've enable quite a few different debugs get an idea on what might be the problem and the only thing I can come up with at this time is the possibility of wlccp being the problem. When the machine is trying to connect to the WPA SSID I see a lot of wlccp messages which if I understand how this is supposed to work wlccp shouldn't come into play. For the WPA data clients I don't really care about fast roaming which is what I understand wlccp to be for. People aren't walking around with their laptops while doing something network dependent. They sit down in one location and so seemless roaming is a non-issue.
I've attached sanitized version of the two configs. I'll continue to hack on this but I'm hoping I'm just overlooking something that a second set of eyes might catch. Or maybe it's not even possible. I'd also be interested in what others are using as their network EAP methods, EAP-FAST, PEAP, EAP-TLS. I initially chose PEAP since it seems like a happy medium between strength and ease of use from the client end since 98% of all clients will be Windows laptops. Any comments on using WPA-PSK vs LEAP with 7920 phones?
Re: Using Multiple RADIUS servers w/ LEAP & WPA concurrently
I'm trying to wrap my head around everything that the previous company did so I still have some blanks I'm trying to fill regarding how everything meshes together. This network is used for both voice and data. My primary objective is to make the Data side simpler to connect to for visiting sales staff followed by setting up an internet access only SSID. If I understand it correctly WDS is necessary though for fast roaming. I only care about the fast roaming on the voice side. If I disable WDS I could or would starting having quality issues as people roam from one AP to another or am I off the mark on what WDS actually provides. When you have WDS enabled does the AP try to use it with all configured SSIDs?
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...