Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
430
Views
0
Helpful
5
Replies

1602i standalone AP cannot ping RADIUS server

netops
Level 1
Level 1

‎03-25-2015 09:14 AM - edited ‎07-05-2021 02:47 AM

I have a new 1602i standalone AP trying to use RADIUS authentication.  For some reason the 1602 cannot ping the RADIUS server, but will get a response from other devices.  Both are on the same subnet, the new one at .213 and the RADIUS at .209.

AP6#ping xxx.xx.120.209
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to xxx.xx..120.209, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
 

AP6#ping xxx.xx.120.217
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to xxx.xx..120.217, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms

 

The RADUIS server is able to ping the new AP successfully.

AP1#ping xxx.xx.120.213

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to xxx.xx.120.213, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms

 

Any thoughts to why that AP is unable to ping that one particular client?  Other APs are successfully contacting it for RADIUS authentication.

Labels:
0 Helpful
5 Replies 5

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎03-25-2015 10:36 AM

Hi, 

 

Paste the complete conifg of AP.

 

Regards

0 Helpful

netops
Level 1
Level 1
In response to Sandeep Choudhary

‎03-25-2015 12:51 PM

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP6
!
!
logging rate-limit console 9
enable secret 5 xxxxxxxxxxxx
!
aaa new-model
!
!
aaa group server radius rad_eap
 server xxx.xx.120.209 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
clock timezone -0500 -5 0
clock summer-time -0400 recurring
no ip routing
no ip cef
!
!
!
dot11 syslog
!
dot11 ssid xxx.xx
   authentication open eap eap_methods
   authentication network-eap eap_methods
   authentication key-management wpa
!
!
crypto pki token default removal timeout 0
!
!
username Cisco privilege 15 password 7 xxxxx
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 ssid  MANH
 !
 antenna gain 0
 stbc
 beamform ofdm
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 antenna gain 0
 dfs band 3 block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 ip address dhcp client-id GigabitEthernet0
 no ip route-cache
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
snmp-server view dot11view ieee802dot11 included
snmp-server community  RW
snmp-server chassis-id AP6
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps cpu threshold
snmp-server enable traps aaa_server
snmp-server host .0.39 public
radius-server local
  user user1 nthash 7

!
radius-server attribute 32 include-in-access-req format %h
radius-server host xxx.xx.120.209 auth-port 1812 acct-port 1813 key 7
radius-server vsa send accounting
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 transport input all
!
sntp server xxx.xx.0.11
sntp broadcast client
end

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to netops

‎03-25-2015 01:14 PM

Hi,

Did  you tried with static IP address on BVI interface ?

Also add ip defult-gateway command in the config and share the result.

 

Regards

0 Helpful

netops
Level 1
Level 1
In response to Sandeep Choudhary

‎03-25-2015 01:31 PM

So far so good by adding the default gateway.  Odd it would only impact one client and I can access the AP from another subnet no problem.

0 Helpful

netops
Level 1
Level 1
In response to netops

‎03-25-2015 02:27 PM

Went away again:

AP6#ping xxx.xx.120.209
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to xxx.xx.120.209, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
AP6#

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card