Re: wpa peap radius problem

be04376 · ‎07-06-2007

Hi,

i try to setup wpa with peap user auth with a 1130 AP and cisco secure acs 4.2 server.

auth keeps failing and I even don't see failes attempts in my acs server. The AP is in the AAA section of the ACS and the have the same shared secret.

The ACS server is working corectly because I use it the authenticate users to log in the the routers

I enabled all possible authentication methods but no luck.

I use the windows xp suplicant and even tried with funk software.

in the dot11 authenticator debug i can't see any radius lines see attached file

can anybody help me out ?

Jon Marshall · ‎07-07-2007

Hi

Does your AP have connectivity to the Radius server ?

Are you seeing absolutley nothing in your ACS failed attempts log ?

Could you post config of your AP ?

Jon

lhewlett · ‎07-08-2007

Is this Aironet or LWAPP?

In aironet, there is a way to test authentication via the access points..."test aaa radius " or something like that...sorry I forget since I converted to LWAPP..

Also, make sure the DB (LDAP/AD,etc..) is configured and mapped correctly in ACS but you should see something like "NAS errors" or DB errors in ACS if the access points were somewhat communicating with ACS..

Post the configs if you can...

be04376 · ‎07-09-2007

Hi,

This was aironet lwap

I've found the solution. The ACS server was dual homed on 2 networks, and the return radius pakket had a diffrent ip address as the request, so the AP didn't acceppted this packet.

Now i can auth to users in the acs database, but not to users in the ldap database. authentication type not supported by external db error