Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

871W Configuration Question

We purchased a 871W router thinking that we could use it as follows:

The router would connect to the Internet behind a cable modem or DSL modem in a Home Office.

The firewall feature set would create a VPN tunnel to our VPN3005 Concentrator and all traffic would be tunneled.

The wireless could be configured with 128-bit WEP and with MAC Authentication back through the VPN Tunnel to our MS IAS server for RADIUS authentication.

We are connecting the Internet and the VPN Tunnel is up. We can ping through the VPN tunnel back to our RADIUS server when connected to the 871W with Cat5 cable.

We cannot get the wireless to authenticate to the IAS RADIUS Server. The IAS never sees the request.

We have two 1231 WAPs configured to do the same thing (RADIUS for MAC Authentication to the IAS), but they are on the local network and not coming in over a VPN so I am confident that the IAS can provide this authentication.

I cannot figure out why the 871 WAP will not authenticate to the RADIUS Server. If we set the 871 WAP to anything that does not require MAC Authentication via RADIUS, we get associated and authenticated just fine. As soon as we ask for MAC Auth to the RADIUS server, we don't even get an IP Address. We have also checked the simple stuff like RADIUS ports and shared secrets.

Has anyone done this with the 871W? Am I asking for something that it cannot do? Seems to me this is a pretty logical use of the features in the 871W.

Thanks in advance for any help or advice~


Re: 871W Configuration Question

What do the debugs look like on the 871W for radius?

debug radius

debug aaa authen

debug aaa author



Re: 871W Configuration Question

Have you checked your ACLs on the RADIUS side of the connection to permit the inbound RADIUS traffic to pass?

Did you add the new router/wireless as a NAS to the RADIUS server?

Verify that the "Secret Keys" are exactly identical on the router/wireless and the RADIUS server.

Those would be the three most likely culprits ...

Good Luck


CreatePlease to create content