Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

WPA with ACS 4.2 not working

I currently have 70+ AP in system, no controller and use no encryption. I want to move towards WPA or peap with the ACS as my AAA and I use microsoft AD and LDAP for user authenication. For test purposes I am using a self sign cert in the ACS. I have tha APs configured for open auth EAP, TKIP, Network EAP, keymanagement mandentory and WPA.

I have the dell wireless client set up for WPA-enterprise, PEAP and MS-Chap v2.

I constant recive the following error in the ACS External DB reports about an error condition and after several attempts Authen session timed out: Challenge not provided by client.

Scratching my head, and a little dazed and confused.

Can someone tell me what I am missing, or messed up. I have been working on this for 8 days.

Mike

10 REPLIES
Hall of Fame Super Silver

Re: WPA with ACS 4.2 not working

Re: WPA with ACS 4.2 not working

Unfortunantly it will not allow me to access this page.

Mike

Hall of Fame Super Silver

Re: WPA with ACS 4.2 not working

Here you go.

-Scott
*** Please rate helpful posts ***

Re: WPA with ACS 4.2 not working

Thank for the doc, but i still couldn't get it to work here is a copy of the debug dot11 aa authenicator all.

i keep getting a authentication fail

I ran a

ITSTESTAP#test aaa group radius mike xxxxxxx legacy

Attempting authentication test to server-group radius using radius

User was successfully authenticated.

And it works. I configed Ap to use WEP open authenication, but still get a fail

Mike

Hall of Fame Super Silver

Re: WPA with ACS 4.2 not working

What do you mean you configured the AP for WEP and it failed? You mean that you setup WEP encryption on that AP and a user configured for WEP failed?

-Scott
*** Please rate helpful posts ***

Re: WPA with ACS 4.2 not working

Sorry,

I used the Doc you sent me and started over from stracth in my AP config So I configed it for WEP encrption (open EAP, network EAP, wep key mandantory encryption key 2 (no key).

I then configed my client for peap ms-chap-2 and try to authenicate to LDAp and it failed.

After creating local user I can authicate. Getting closer.

But i can't auhtenicate with LDAP or AD account. When I do a test aaa group radius domain\username password legacy it gives me user succeffully authenicated. Any ideas?

Mike

Hall of Fame Super Silver

Re: WPA with ACS 4.2 not working

Well your radius server is the one passign the credentials... what shows up in the radius logs.

Your encryption is WPA2/AES PEAP/MSChapv2 correct?

-Scott
*** Please rate helpful posts ***

Re: WPA with ACS 4.2 not working

In the ACS under the failed atempts report tab I have "authenication type not support by external db"

New Member

Re: WPA with ACS 4.2 not working

MSCHAPv2 is not supported on Generic LDAP on ACS if the LDAP server does not support clear-text username/password. And AD falls into this category.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/Overvw.html#wp824733

hth

Re: WPA with ACS 4.2 not working

I have a remote agent installed on one of my domain machine and configured generic LDAP and also windows dats as my external databases, I want to use WPA as my encryption. What changes ti I need make or can i make then to use the two external database and no client cert to make this work?

mike

287
Views
0
Helpful
10
Replies