Aironet 1600 + Freeradius + openLDAP

Hi at all,
i need to know if is possible to have this kind of configurations, because I'm going crazy to test it and nothing work.
I've freeradius attached to OpenLDAP with user and password crypted with SSHA, but the Aironet don't want to authenticate to freeradius, here the log :
rad_recv: Access-Request packet from host 192.168.0.1 port 1645, id=102, length=154
        User-Name = "testwifi"
        Framed-MTU = 1400
        Called-Station-Id = "1C-1D-80-A0-00-00:AP-CISCO"
        Calling-Station-Id = "0000.2090.cd20"
        Service-Type = Login-User
        Message-Authenticator = 0x52b5013dd2f39a99a33ff83d7277cb71
        EAP-Message = 0x025400d0174657374223496669
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 507
        NAS-Port-Id = "507"
        NAS-IP-Address = 192.168.50.1
        NAS-Identifier = "ap-p0"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[ldap] performing user authorization for testwifi
[ldap] expand: (uid=%u) -> (uid=testwifi)
[ldap] expand: dc=ldapserver,dc=com -> dc=ldapserver,dc=com
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to ldapserver.server.com:389, authentication 0
[ldap] bind as / to ldapserver.server.com:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in dc=ldapserver,dc=com , with filter (uid=testwifi)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "123456"
[ldap] looking for reply items in directory...
[ldap] user testwifi authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Login incorrect: [testwifi] (from client 192.168.0.0/16 port 507 cli0000.2090.cd20)
someone can help me ?
Thanks in advice.
Regards

no, there is nothing you need to do on the AP.
DHCP is a broadcast, so if the AP BVI and the clients are on the same subnet the DCHP service will respond to the packet.
If the clients are on a different VLAN than the BVI, you will need to add an ip helper to your L3 interface pointing at the BVI address of the AP that is doing the DHCP.
HTH,
Steve

Similar Messages

Aironet 1600 works only guest SSID

Hi there,
I'm trying to configure an Aironet 1600 for using two SSID, one in guest mode and one hidden.
The first SSID (guest) works fine, but the hidden not. I've the same configuration on some Aironet 1200 and works fine. I've already updated the software at the latest (15.2(4)JB4) version but did not change the issue.
Can anyone help me?
Thanks
Fabio
here is the configuration:
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname XXXXXXXX
logging rate-limit console 9
enable secret 5 XXXXXXXX
enable password 7 XXXXXXXX
no aaa new-model
clock timezone +0400 4 0
no ip cef
dot11 syslog
dot11 ssid SSID1
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 7 XXXXXXXX
dot11 ssid SSID2
vlan 2
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 XXXXXXXX
dot11 guest
power inline negotiation prestandard source
username vpap privilege 15 password 7 XXXXXXXX
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
encryption vlan 2 mode ciphers aes-ccm tkip
encryption vlan 1 mode ciphers aes-ccm tkip
ssid SSID1
ssid SSID2
antenna gain 0
stbc
beamform ofdm
station-role root access-point fallback shutdown
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
peakdetect
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 spanning-disabled
no bridge-group 2 source-learning
interface BVI1
ip address X.X.X.X 255.255.255.0
no ip route-cache
ip default-gateway X.X.X.X
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
login local
transport input all
sntp server X.X.X.X
sntp server X.X.X.X
end

Fisrt of all you are creating more then one ssid then u must use : mbssid guest-mode
add these commands on your config
dot11 ssid SSID1
mbssid guest-mode
dot11 ssid SSID2
mbssid guest-mode
guest-mode
int dot11radio0
mbssid
Try this and let me know if it works. and they you can try to hide ssid and test again.
Regards

Aironet 1600 ap configuration

we currently have 3 aironet 1600 ap's configured with the exact same configuration file. these ap's are within 50-75 feet of each other. at various times dhcp seems to stop functioning. i wondering if only one of the ap's should be configured as dhcp server. all three have the same dhcp configuration as follows:
ip dhcp binding cleanup interval 600
ip dhcp excluded-address 172.17.193.65 172.17.193.69
ip dhcp pool TC-WIRELESS
network 172.17.193.64 255.255.255.224
default-router 172.17.193.65
dns-server 4.2.2.1 4.2.2.2
can someone please help !!!!!!!

no, there is nothing you need to do on the AP.
DHCP is a broadcast, so if the AP BVI and the clients are on the same subnet the DCHP service will respond to the packet.
If the clients are on a different VLAN than the BVI, you will need to add an ip helper to your L3 interface pointing at the BVI address of the AP that is doing the DHCP.
HTH,
Steve

Aironet 1600 power supply

Dear all, is the Aironet 1600 compatible with the old power supply of 1231 or 1242 APs?

If your talking about the AC power plug... Yeah it does work. I use then still have a bunch of those to test the newer AP's when there is no PoE switch. I have one old power injector that works also that I haven't thrown away:). Some of my customers still use both in there environment since they would upgrade their AP's but not their switches (no PoE).
Sent from Cisco Technical Support iPhone App

Cisco 2500 controller with aironet 1600 access point

Hi,
This my first wireless project, and I have a few questions about the installation :
1- some of the access point will be installed in branch offices, connected to the controller through the main MPLS netwrok ( is that possible).
2- If for any reason the connectivity between the AP and the controller get disconnected what will happend to the users connected to the access point.
3- can I have two vlan on the Aironet 1600, the first one to be connected to the controller through the MPLS netwrok and the second for users to public internet.(internet break out).
Thanks,

Yes that setup will work. What the others are trying to explain is authentication if your WAN goes down. If your AP's are setup for FlexConnect and you are indeed using AP groups, (using 802.1x) you need to have a radius server and a backup AD sever to allow for authentication to still happen if the WAN goes down. If you have resources centralized, then when the WAN goes down, everything else goes down and no new authentications will take place and any re-authentications will fail with 802.1x.
Take a look at these links
http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html
http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/flexconnect/config_flexconnect_chapter_011.html
Sent from Cisco Technical Support iPhone App

RRAS Authentication and Aironet 1600

Hello
I'm having trouble configuring my Cisco Aironet 1600 to forward to my windows server for Authenticaiton.
when i attempt to connect to the access point. I get a responce in my windows event id 6272 stating
Network Policy Server granted access to a user
but when i look at the cisco event id i see an authentication error. I ran a trace on the ap when i attempted the communiction. here is the results.
any help would be greatly appreciated.
WAP>
Jan 6 14:20:31.313: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:20:31.313: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:20:31.353: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0023.142b.319c
Jan 6 14:20:31.353: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:20:31.353: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.
WAP>319c timer started for 30 seconds
WAP>
Jan 6 14:20:48.877: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0023.142b.319c
Jan 6 14:20:48.877: dot11_auth_dot1x_send_response_to_server: Sending client 0023.142b.319c data to server
Jan 6 14:20:48.877: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Jan 6 14:20:48.877: RADIUS/ENCODE(00001477):Orig. component type = DOT11
Jan 6 14:20:48.877: RADIUS: AAA Unsupported Attr: ssid              [347] 8
Jan 6 14:20:48.877: RADIUS:
WAP>   50 48 41 4E 54 4F            [ PHANTO]
Jan 6 14:20:48.877: RADIUS: AAA Unsupported Attr: service-type      [345] 4   1
Jan 6 14:20:48.877: RADIUS: AAA Unsupported Attr: interface         [222] 4
Jan 6 14:20:48.877: RADIUS:   31 36                [ 16]
Jan 6 14:20:48.877: RADIUS(00001477): Config NAS IP: 192.168.0.222
Jan 6 14:20:48.877: RADIUS(00001477): Config NAS IPv6:
Jan 6 14:20:48.877: RADIUS/ENCODE(00001477): acct_session_id: 5229
Jan 6 14:20:48.877: RADIUS(00001477): Config NA
WAP>S IP: 192.168.0.222
Jan 6 14:20:48.877: RADIUS(00001477): sending
Jan 6 14:20:48.877: RADIUS(00001477): Send Access-Request to 192.168.0.19:1645 id 1645/70, len 187
Jan 6 14:20:48.877: RADIUS: authenticator C4 49 1B CE FC 2F 22 6F - 16 46 8F 44 3B 10 48 AC
Jan 6 14:20:48.877: RADIUS: User-Name           [1]   25 "domain\user"
Jan 6 14:20:48.877: RADIUS: Framed-MTU          [12] 6   1400
Jan 6 14:20:48.877: RADIUS: Called-Station-Id   [30] 28 "34-A8-4E-B
WAP>D-F3-50:PHANTOM5"
Jan 6 14:20:48.877: RADIUS: Calling-Station-Id [31] 16 "0023.142b.319c"
Jan 6 14:20:48.877: RADIUS: Service-Type        [6]   6   Login                     [1]
Jan 6 14:20:48.877: RADIUS: Message-Authenticato[80] 18
Jan 6 14:20:48.877: RADIUS:   17 BE 54 D2 40 4E 08 DF 55 50 47 54 22 FF 5C 23        [ T@NUPGT"\#]
Jan 6 14:20:48.877: RADIUS: EAP-Message         [79] 30
Jan 6 14:20:48.877: RADIUS:   02 02 00 1C 01 65 78 71 75 61 64 72 75 6D 5C 61 64 6D 69 6E 69 [ex
WAP>quadrum\admini]
Jan 6 14:20:48.877: RADIUS:   73 74 72 61 74 6F 72           [ strator]
Jan 6 14:20:48.877: RADIUS: NAS-Port-Type       [61] 6   802.11 wireless           [19]
Jan 6 14:20:48.877: RADIUS: NAS-Port            [5]   6   1610
Jan 6 14:20:48.877: RADIUS: NAS-Port-Id         [87] 6   "1610"
Jan 6 14:20:48.877: RADIUS: NAS-IP-Address      [4]   6   192.168.0.222
Jan 6 14:20:48.877: RADIUS: Nas-Identifier      [32] 14 "WAP"
Jan 6 1
WAP>4:20:48.877: RADIUS(00001477): Sending a IPv4 Radius Packet
Jan 6 14:20:48.877: RADIUS(00001477): Started 5 sec timeout
Jan 6 14:20:48.881: RADIUS: Received from id 1645/70 192.168.0.19:1645, Access-Accept, len 66
Jan 6 14:20:48.881: RADIUS: authenticator 4D AA 3F 3F C5 78 F4 DB - B2 04 AF 4E 0A DC A5 6D
Jan 6 14:20:48.881: RADIUS: Class               [25] 46
Jan 6 14:20:48.881: RADIUS:   B2 3C 09 FD 00 00 01 37 00 01 02 00 C0 A8 00 13 00 00 00 00 5D 7B 6B 09 AC 82 24 A3 01 CE FC 72 A7 8E 51
WAP> DC 00 00 00 00 00 00 02 64         [ <7]{k$rQd]
Jan 6 14:20:48.881: RADIUS(00001477): Received from id 1645/70
Jan 6 14:20:48.881: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 0023.142b.319c
Jan 6 14:20:48.881: dot11_auth_dot1x_send_client_fail: Authentication failed for 0023.142b.319c
Jan 6 14:20:48.881: %DOT11-7-AUTH_FAILED: Station 0023.142b.319c Authentication failed
Jan 6 14:20:49.101: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.
WAP>319c
Jan 6 14:20:49.105: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:20:49.141: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0023.142b.319c
Jan 6 14:20:49.141: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:20:49.141: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
WAP>
Jan 6 14:21:03.649: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0023.142b.319c
Jan 6 14:21:03.649: dot11_auth_dot1x_send_response_to_server: Sending client 0023.142b.319c data to server
Jan 6 14:21:03.649: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Jan 6 14:21:03.649: RADIUS/ENCODE(00001478):Orig. component type = DOT11
Jan 6 14:21:03.649: RADIUS: AAA Unsupported Attr: ssid              [347] 8
Jan 6 14:21:03.649: RADIUS:
WAP>   50 48 41 4E 54 4F            [ PHANTO]
Jan 6 14:21:03.649: RADIUS: AAA Unsupported Attr: service-type      [345] 4   1
Jan 6 14:21:03.649: RADIUS: AAA Unsupported Attr: interface         [222] 4
Jan 6 14:21:03.649: RADIUS:   31 36                [ 16]
Jan 6 14:21:03.649: RADIUS(00001478): Config NAS IP: 192.168.0.222
Jan 6 14:21:03.649: RADIUS(00001478): Config NAS IPv6:
Jan 6 14:21:03.649: RADIUS/ENCODE(00001478): acct_session_id: 5230
Jan 6 14:21:03.649: RADIUS(00001478): Config NA
WAP>S IP: 192.168.0.222
Jan 6 14:21:03.649: RADIUS(00001478): sending
Jan 6 14:21:03.649: RADIUS(00001478): Send Access-Request to 192.168.0.19:1645 id 1645/71, len 187
Jan 6 14:21:03.649: RADIUS: authenticator D5 2A B3 D5 B2 29 56 EC - 29 FB 47 F1 5C F1 10 0B
Jan 6 14:21:03.649: RADIUS: User-Name           [1]   25 "domain\user"
Jan 6 14:21:03.649: RADIUS: Framed-MTU          [12] 6   1400
Jan 6 14:21:03.649: RADIUS: Called-Station-Id   [30] 28 "34-A8-4E-B
WAP>D-F3-50:PHANTOM5"
Jan 6 14:21:03.649: RADIUS: Calling-Station-Id [31] 16 "0023.142b.319c"
Jan 6 14:21:03.649: RADIUS: Service-Type        [6]   6   Login                     [1]
Jan 6 14:21:03.649: RADIUS: Message-Authenticato[80] 18
Jan 6 14:21:03.649: RADIUS:   CD CF 69 D6 E4 E5 B3 6E F5 1F 5B 78 E4 49 D1 61            [ in[xIa]
Jan 6 14:21:03.649: RADIUS: EAP-Message         [79] 30
Jan 6 14:21:03.649: RADIUS:   02 02 00 1C 01 65 78 71 75 61 64 72 75 6D 5C 61 64 6D 69 6E 69 [ex
WAP>quadrum\admini]
Jan 6 14:21:03.649: RADIUS:   73 74 72 61 74 6F 72           [ strator]
Jan 6 14:21:03.649: RADIUS: NAS-Port-Type       [61] 6   802.11 wireless           [19]
Jan 6 14:21:03.649: RADIUS: NAS-Port            [5]   6   1611
Jan 6 14:21:03.649: RADIUS: NAS-Port-Id         [87] 6   "1611"
Jan 6 14:21:03.649: RADIUS: NAS-IP-Address      [4]   6   192.168.0.222
Jan 6 14:21:03.649: RADIUS: Nas-Identifier      [32] 14 "WAP"
Jan 6 1
WAP>4:21:03.649: RADIUS(00001478): Sending a IPv4 Radius Packet
Jan 6 14:21:03.649: RADIUS(00001478): Started 5 sec timeout
Jan 6 14:21:03.649: RADIUS: Received from id 1645/71 192.168.0.19:1645, Access-Accept, len 66
Jan 6 14:21:03.649: RADIUS: authenticator D1 A3 D7 6C DC 7E C6 D1 - A2 DB 6E 13 94 F4 D3 AE
Jan 6 14:21:03.649: RADIUS: Class               [25] 46
Jan 6 14:21:03.649: RADIUS:   B2 3D 09 FE 00 00 01 37 00 01 02 00 C0 A8 00 13 00 00 00 00 5D 7B 6B 09 AC 82 24 A3 01 CE FC 72 A7 8E 51
WAP> DC 00 00 00 00 00 00 02 65         [ =7]{k$rQe]
Jan 6 14:21:03.653: RADIUS(00001478): Received from id 1645/71
Jan 6 14:21:03.653: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 0023.142b.319c
Jan 6 14:21:03.653: dot11_auth_dot1x_send_client_fail: Authentication failed for 0023.142b.319c
Jan 6 14:21:03.653: %DOT11-7-AUTH_FAILED: Station 0023.142b.319c Authentication failed
WAP>
Jan 6 14:21:13.881: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:13.881: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:13.897: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0023.142b.319c
Jan 6 14:21:13.897: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:13.897: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.
WAP>319c timer started for 30 seconds
Jan 6 14:21:14.629: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:14.629: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:14.645: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0023.142b.319c
Jan 6 14:21:14.645: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:14.645: dot11_auth_dot1x_send_id
WAP>_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:14.653: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0023.142b.319c
Jan 6 14:21:14.653: dot11_auth_dot1x_send_response_to_server: Sending client 0023.142b.319c data to server
Jan 6 14:21:14.653: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Jan 6 14:21:14.653: RADIUS/ENCODE(0000147A):Orig. component type = DOT11
Jan 6 14:21:14.653: RADIUS: AAA Unsupporte
WAP>d Attr: ssid              [347] 8
Jan 6 14:21:14.657: RADIUS:   50 48 41 4E 54 4F            [ PHANTO]
Jan 6 14:21:14.657: RADIUS: AAA Unsupported Attr: service-type      [345] 4   1
Jan 6 14:21:14.657: RADIUS: AAA Unsupported Attr: interface         [222] 4
Jan 6 14:21:14.657: RADIUS:   31 36                [ 16]
Jan 6 14:21:14.657: RADIUS(0000147A): Config NAS IP: 192.168.0.222
Jan 6 14:21:14.657: RADIUS(0000147A): Config NAS IPv6:
Jan 6 14:21:14.657: RADIUS/ENCODE(0000147A): acct_
WAP>session_id: 5232
Jan 6 14:21:14.657: RADIUS(0000147A): Config NAS IP: 192.168.0.222
Jan 6 14:21:14.657: RADIUS(0000147A): sending
Jan 6 14:21:14.657: RADIUS(0000147A): Send Access-Request to 192.168.0.19:1645 id 1645/72, len 151
Jan 6 14:21:14.657: RADIUS: authenticator 75 D4 9B 2B 54 28 E0 85 - E1 CE 15 71 98 01 6D 92
Jan 6 14:21:14.657: RADIUS: User-Name           [1]   7   "Brian"
Jan 6 14:21:14.657: RADIUS: Framed-MTU          [12] 6   1400
Jan 6 14:21:14.657: RA
WAP>DIUS: Called-Station-Id   [30] 28 "34-A8-4E-BD-F3-50:PHANTOM5"
Jan 6 14:21:14.657: RADIUS: Calling-Station-Id [31] 16 "0023.142b.319c"
Jan 6 14:21:14.657: RADIUS: Service-Type        [6]   6   Login                     [1]
Jan 6 14:21:14.657: RADIUS: Message-Authenticato[80] 18
Jan 6 14:21:14.657: RADIUS:   5E FF D3 31 9E E4 E8 B0 74 65 DA 64 E3 DC 75 53           [ ^1teduS]
Jan 6 14:21:14.657: RADIUS: EAP-Message         [79] 12
Jan 6 14:21:14.657: RADIUS:   02 02 00 0A 01 42 7
WAP>2 69 61 6E             [ Brian]
Jan 6 14:21:14.657: RADIUS: NAS-Port-Type       [61] 6   802.11 wireless           [19]
Jan 6 14:21:14.657: RADIUS: NAS-Port            [5]   6   1613
Jan 6 14:21:14.657: RADIUS: NAS-Port-Id         [87] 6   "1613"
Jan 6 14:21:14.657: RADIUS: NAS-IP-Address      [4]   6   192.168.0.222
Jan 6 14:21:14.657: RADIUS: Nas-Identifier      [32] 14 "WAP"
Jan 6 14:21:14.657: RADIUS(0000147A): Sending a IPv4 Radius Packe
WAP>t
Jan 6 14:21:14.657: RADIUS(0000147A): Started 5 sec timeout
Jan 6 14:21:14.657: RADIUS: Received from id 1645/72 192.168.0.19:1645, Access-Accept, len 66
Jan 6 14:21:14.657: RADIUS: authenticator F1 9F 29 38 10 39 E1 0A - FD 73 87 03 D3 5D 34 02
Jan 6 14:21:14.657: RADIUS: Class               [25] 46
Jan 6 14:21:14.657: RADIUS:   B2 3E 09 FF 00 00 01 37 00 01 02 00 C0 A8 00 13 00 00 00 00 5D 7B 6B 09 AC 82 24 A3 01 CE FC 72 A7 8E 51 DC 00 00 00 00 00 00 02 66         [ >7]{k$rQf]
Jan 6 1
WAP>4:21:14.657: RADIUS(0000147A): Received from id 1645/72
Jan 6 14:21:14.657: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 0023.142b.319c
Jan 6 14:21:14.657: dot11_auth_dot1x_send_client_fail: Authentication failed for 0023.142b.319c
Jan 6 14:21:14.657: %DOT11-7-AUTH_FAILED: Station 0023.142b.319c Authentication failed
Jan 6 14:21:14.877: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:14.877: dot11_auth_dot1x_send_id_req_to
WAP>_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:14.889: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0023.142b.319c
Jan 6 14:21:14.889: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:14.889: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:14.897: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0023.142b.319c
Jan 6 14:21:
WAP>14.897: dot11_auth_dot1x_send_response_to_server: Sending client 0023.142b.319c data to server
Jan 6 14:21:14.897: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Jan 6 14:21:14.897: RADIUS/ENCODE(0000147B):Orig. component type = DOT11
Jan 6 14:21:14.897: RADIUS: AAA Unsupported Attr: ssid              [347] 8
Jan 6 14:21:14.897: RADIUS:   50 48 41 4E 54 4F            [ PHANTO]
Jan 6 14:21:14.897: RADIUS: AAA Unsupported Attr: service-type      [345] 4   1
WAP>Jan 6 14:21:14.897: RADIUS: AAA Unsupported Attr: interface         [222] 4
Jan 6 14:21:14.897: RADIUS:   31 36                [ 16]
Jan 6 14:21:14.897: RADIUS(0000147B): Config NAS IP: 192.168.0.222
Jan 6 14:21:14.897: RADIUS(0000147B): Config NAS IPv6:
Jan 6 14:21:14.897: RADIUS/ENCODE(0000147B): acct_session_id: 5233
Jan 6 14:21:14.897: RADIUS(0000147B): Config NAS IP: 192.168.0.222
Jan 6 14:21:14.897: RADIUS(0000147B): sending
Jan 6 14:21:14.897: RADIUS(0000147B): Send Access-Reques
WAP>t to 192.168.0.19:1645 id 1645/73, len 151
Jan 6 14:21:14.897: RADIUS: authenticator 78 C3 13 8A 04 95 E5 FF - 75 6B 15 A8 A3 04 8E 8B
Jan 6 14:21:14.897: RADIUS: User-Name           [1]   7   "Brian"
Jan 6 14:21:14.897: RADIUS: Framed-MTU          [12] 6   1400
Jan 6 14:21:14.897: RADIUS: Called-Station-Id   [30] 28 "34-A8-4E-BD-F3-50:PHANTOM5"
Jan 6 14:21:14.897: RADIUS: Calling-Station-Id [31] 16 "0023.142b.319c"
Jan 6 14:21:14.897: RADIUS: Service-Type
WAP>   [6]   6   Login                     [1]
Jan 6 14:21:14.897: RADIUS: Message-Authenticato[80] 18
Jan 6 14:21:14.897: RADIUS:   DA 6E C2 AD 8B 41 1C 2F 28 6A D9 2B 0A BD 8B 76           [ nA/(j+v]
Jan 6 14:21:14.897: RADIUS: EAP-Message         [79] 12
Jan 6 14:21:14.897: RADIUS:   02 02 00 0A 01 42 72 69 61 6E             [ Brian]
Jan 6 14:21:14.897: RADIUS: NAS-Port-Type       [61] 6   802.11 wireless           [19]
Jan 6 14:21:14.897: RADIUS: NAS-Port            [5]   6   1614
WAP>
Jan 6 14:21:14.897: RADIUS: NAS-Port-Id         [87] 6   "1614"
Jan 6 14:21:14.897: RADIUS: NAS-IP-Address      [4]   6   192.168.0.222
Jan 6 14:21:14.897: RADIUS: Nas-Identifier      [32] 14 "WAP"
Jan 6 14:21:14.897: RADIUS(0000147B): Sending a IPv4 Radius Packet
Jan 6 14:21:14.897: RADIUS(0000147B): Started 5 sec timeout
Jan 6 14:21:14.901: RADIUS: Received from id 1645/73 192.168.0.19:1645, Access-Accept, len 66
Jan 6 14:21:14.901: RADIUS: a
WAP>uthenticator 4A AA 91 09 C1 0C 05 25 - 59 17 27 0C 4C 1B 29 2D
Jan 6 14:21:14.901: RADIUS: Class               [25] 46
Jan 6 14:21:14.901: RADIUS:   B2 3F 0A 00 00 00 01 37 00 01 02 00 C0 A8 00 13 00 00 00 00 5D 7B 6B 09 AC 82 24 A3 01 CE FC 72 A7 8E 51 DC 00 00 00 00 00 00 02 67         [ ?7]{k$rQg]
Jan 6 14:21:14.901: RADIUS(0000147B): Received from id 1645/73
Jan 6 14:21:14.901: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 0023.142b.319c
Jan 6 14:21:14.901: dot1
WAP>1_auth_dot1x_send_client_fail: Authentication failed for 0023.142b.319c
Jan 6 14:21:25.129: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:25.129: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:25.149: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0023.142b.319c
Jan 6 14:21:25.149: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6
WAP>14:21:25.149: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:25.881: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:25.881: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:25.897: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0023.142b.319c
Jan 6 14:21:25.897: dot11_auth_dot1x_send_id_req_to_client: Sending identity r
WAP>equest to 0023.142b.319c
Jan 6 14:21:25.897: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
WAP>

Hello Steve,
May you help me?
I have the same problem. I use NPS (2008R2) with EAP authentication type Microsoft Protected EAP (PEAP)
ap#
Jun 13 2014 09:09:54.626 UTC: AAA/BIND(000000CF): Bind i/f
Jun 13 2014 09:09:54.626 UTC: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Jun 13 2014 09:09:54.626 UTC: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001e.58a2.ba4b
Jun 13 2014 09:09:54.626 UTC: dot11_auth_dot1x_send_id_req_to_client: Client 001e.58a2.ba4b timer started for 30 seconds
Jun 13 2014 09:09:54.678 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:09:54.678 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 001e.58a2.ba4b
Jun 13 2014 09:09:54.678 UTC: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001e.58a2.ba4b
Jun 13 2014 09:09:54.678 UTC: dot11_auth_dot1x_send_id_req_to_client: Client 001e.58a2.ba4b timer started for 30 seconds
Jun 13 2014 09:09:54.722 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:09:54.722 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 001e.58a2.ba4b
Jun 13 2014 09:09:54.722 UTC: dot11_auth_dot1x_send_response_to_server: Sending client 001e.58a2.ba4b data to server
Jun 13 2014 09:09:54.722 UTC: AAA/AUTHEN/PPP (000000CF): Pick method list 'eap_methods1'
Jun 13 2014 09:09:54.722 UTC: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Jun 13 2014 09:09:54.722 UTC: RADIUS/ENCODE(000000CF):Orig. component type = DOT11
Jun 13 2014 09:09:54.722 UTC: RADIUS: AAA Unsupported Attr: ssid              [347] 2
Jun 13 2014 09:09:54.722 UTC: RADIUS: AAA Unsupported Attr: service-type      [345] 4   1
Jun 13 2014 09:09:54.722 UTC: RADIUS: AAA Unsupported Attr: interface         [222] 3
Jun 13 2014 09:09:54.722 UTC: RADIUS:   33                 [ 3]
Jun 13 2014 09:09:54.722 UTC: RADIUS(000000CF): Config NAS IP: 172.16.254.116
Jun 13 2014 09:09:54.722 UTC: RADIUS(000000CF): Config NAS IPv6:
Jun 13 2014 09:09:54.722 UTC: RADIUS/ENCODE(000000CF): acct_session_id: 196
Jun 13 2014 09:09:54.722 UTC: RADIUS(000000CF): Config NAS IP: 172.16.254.116
Jun 13 2014 09:09:54.722 UTC: RADIUS(000000CF): sending
Jun 13 2014 09:09:54.722 UTC: RADIUS(000000CF): Send Access-Request to 172.16.0.32:1812 id 1645/31, len 176
Jun 13 2014 09:09:54.722 UTC: RADIUS: authenticator ED 3E CB D4 84 55 33 F0 - 86 6C DF 99 16 BA EB AA
Jun 13 2014 09:09:54.722 UTC: RADIUS: User-Name           [1]   28 "host/WM-WSUS-998.empresa.local"
Jun 13 2014 09:09:54.722 UTC: RADIUS: Framed-MTU          [12] 6   1400
Jun 13 2014 09:09:54.722 UTC: RADIUS: Called-Station-Id   [30] 22 "2C-3E-CF-0B-BF-60:1A"
Jun 13 2014 09:09:54.722 UTC: RADIUS: Calling-Station-Id [31] 16 "001e.58a2.ba4b"
Jun 13 2014 09:09:54.722 UTC: RADIUS: Service-Type        [6]   6   Login                     [1]
Jun 13 2014 09:09:54.722 UTC: RADIUS: Message-Authenticato[80] 18
Jun 13 2014 09:09:54.722 UTC: RADIUS:   59 93 3E 54 FB 36 B1 66 AB 37 0B 2C 1F F1 EC F6           [ Y>T6f7,]
Jun 13 2014 09:09:54.722 UTC: RADIUS: EAP-Message         [79] 33
Jun 13 2014 09:09:54.722 UTC: RADIUS:   02 02 00 1F 01 68 6F 73 74 2F 57 4D 2D 57 53 55 53 2D 39 39 38 [host/WM-WSUS-998]
Jun 13 2014 09:09:54.722 UTC: RADIUS:   2E 63 62 61 2E 6C 6F 63 61 6C        [ .empresa.local]
Jun 13 2014 09:09:54.722 UTC: RADIUS: NAS-Port-Type       [61] 6   802.11 wireless           [19]
Jun 13 2014 09:09:54.722 UTC: RADIUS: NAS-Port            [5]   6   300
Jun 13 2014 09:09:54.722 UTC: RADIUS: NAS-Port-Id         [87] 5   "300"
Jun 13 2014 09:09:54.722 UTC: RADIUS: NAS-IP-Address      [4]   6   172.16.254.116
Jun 13 2014 09:09:54.722 UTC: RADIUS: Nas-Identifier      [32] 4   "ap"
Jun 13 2014 09:09:54.722 UTC: RADIUS(000000CF): Sending a IPv4 Radius Packet
Jun 13 2014 09:09:54.722 UTC: RADIUS(000000CF): Started 5 sec timeout
Jun 13 2014 09:09:54.726 UTC: RADIUS: Received from id 1645/31 172.16.0.32:1812, Access-Reject, len 44
Jun 13 2014 09:09:54.726 UTC: RADIUS: authenticator 47 24 C1 77 82 B3 F0 03 - 07 10 27 E8 AB 13 3C A5
Jun 13 2014 09:09:54.726 UTC: RADIUS: EAP-Message         [79] 6
Jun 13 2014 09:09:54.726 UTC: RADIUS:   04 02 00 04
Jun 13 2014 09:09:54.726 UTC: RADIUS: Message-Authenticato[80] 18
Jun 13 2014 09:09:54.726 UTC: RADIUS:   CB EA D6 A6 38 03 A3 26 6B 7C 32 FA 83 3C 49 0D           [ 8&k|2<I]
Jun 13 2014 09:09:54.726 UTC: RADIUS(000000CF): Received from id 1645/31
Jun 13 2014 09:09:54.726 UTC: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
Jun 13 2014 09:09:54.726 UTC: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL
Jun 13 2014 09:09:54.726 UTC: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
Jun 13 2014 09:09:54.726 UTC: Client 001e.58a2.ba4b failed: by EAP authentication server
Jun 13 2014 09:09:54.726 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 001e.58a2.ba4b
Jun 13 2014 09:09:54.726 UTC: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 001e.58a2.ba4b
Jun 13 2014 09:09:54.726 UTC: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
Jun 13 2014 09:09:54.726 UTC: dot11_auth_dot1x_send_client_fail: Authentication failed for 001e.58a2.ba4b
Jun 13 2014 09:09:54.726 UTC: %DOT11-7-AUTH_FAILED: Station 001e.58a2.ba4b Authentication failed
Jun 13 2014 09:09:55.654 UTC: AAA/BIND(000000D0): Bind i/f
Jun 13 2014 09:09:55.654 UTC: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Jun 13 2014 09:09:55.654 UTC: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001e.58a2.ba4b
Jun 13 2014 09:09:55.654 UTC: dot11_auth_dot1x_send_id_req_to_client: Client 001e.58a2.ba4b timer started for 30 seconds
Jun 13 2014 09:09:55.706 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:09:55.706 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 001e.58a2.ba4b
Jun 13 2014 09:09:55.710 UTC: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001e.58a2.ba4b
Jun 13 2014 09:09:55.710 UTC: dot11_auth_dot1x_send_id_req_to_client: Client 001e.58a2.ba4b timer started for 30 seconds
Jun 13 2014 09:09:55.750 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:09:55.750 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 001e.58a2.ba4b
Jun 13 2014 09:09:55.754 UTC: dot11_auth_dot1x_send_response_to_server: Sending client 001e.58a2.ba4b data to server
Jun 13 2014 09:09:55.754 UTC: AAA/AUTHEN/PPP (000000D0): Pick method list 'eap_methods1'
Jun 13 2014 09:09:55.754 UTC: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Jun 13 2014 09:09:55.754 UTC: RADIUS/ENCODE(000000D0):Orig. component type = DOT11
Jun 13 2014 09:09:55.754 UTC: RADIUS: AAA Unsupported Attr: ssid              [347] 2
Jun 13 2014 09:09:55.754 UTC: RADIUS: AAA Unsupported Attr: service-type      [345] 4   1
Jun 13 2014 09:09:55.754 UTC: RADIUS: AAA Unsupported Attr: interface         [222] 3
Jun 13 2014 09:09:55.754 UTC: RADIUS:   33                 [ 3]
Jun 13 2014 09:09:55.754 UTC: RADIUS(000000D0): Config NAS IP: 172.16.254.116
Jun 13 2014 09:09:55.754 UTC: RADIUS(000000D0): Config NAS IPv6:
Jun 13 2014 09:09:55.754 UTC: RADIUS/ENCODE(000000D0): acct_session_id: 197
Jun 13 2014 09:09:55.754 UTC: RADIUS(000000D0): Config NAS IP: 172.16.254.116
Jun 13 2014 09:09:55.754 UTC: RADIUS(000000D0): sending
Jun 13 2014 09:09:55.754 UTC: RADIUS(000000D0): Send Access-Request to 172.16.0.32:1812 id 1645/32, len 158
Jun 13 2014 09:09:55.754 UTC: RADIUS: authenticator F7 DD 10 96 F1 8E 11 29 - A2 FC 7A 8D B9 A0 D3 02
Jun 13 2014 09:09:55.754 UTC: RADIUS: User-Name           [1]   19 "Empresa\Roberto.Carlos"
Jun 13 2014 09:09:55.754 UTC: RADIUS: Framed-MTU          [12] 6   1400
Jun 13 2014 09:09:55.754 UTC: RADIUS: Called-Station-Id   [30] 22 "2C-3E-CF-0B-BF-60:1A"
Jun 13 2014 09:09:55.754 UTC: RADIUS: Calling-Station-Id [31] 16 "001e.58a2.ba4b"
Jun 13 2014 09:09:55.754 UTC: RADIUS: Service-Type        [6]   6   Login                     [1]
Jun 13 2014 09:09:55.754 UTC: RADIUS: Message-Authenticato[80] 18
Jun 13 2014 09:09:55.754 UTC: RADIUS:   69 B6 AA D3 A4 FD 65 CF 65 31 50 A1 1E 05 77 0C            [ iee1Pw]
Jun 13 2014 09:09:55.754 UTC: RADIUS: EAP-Message         [79] 24
Jun 13 2014 09:09:55.754 UTC: RADIUS:   02 02 00 16 01 43 42 41 5C 50 65 64 72 6F 2E 41 6C 6D 65 69 64 [Empresa\Roberto.Carlos]
Jun 13 2014 09:09:55.754 UTC: RADIUS:   61                 [ a]
Jun 13 2014 09:09:55.754 UTC: RADIUS: NAS-Port-Type       [61] 6   802.11 wireless           [19]
Jun 13 2014 09:09:55.754 UTC: RADIUS: NAS-Port            [5]   6   301
Jun 13 2014 09:09:55.754 UTC: RADIUS: NAS-Port-Id         [87] 5   "301"
Jun 13 2014 09:09:55.754 UTC: RADIUS: NAS-IP-Address      [4]   6   172.16.254.116
Jun 13 2014 09:09:55.754 UTC: RADIUS: Nas-Identifier      [32] 4   "ap"
Jun 13 2014 09:09:55.754 UTC: RADIUS(000000D0): Sending a IPv4 Radius Packet
Jun 13 2014 09:09:55.754 UTC: RADIUS(000000D0): Started 5 sec timeout
Jun 13 2014 09:09:55.758 UTC: RADIUS: Received from id 1645/32 172.16.0.32:1812, Access-Challenge, len 90
Jun 13 2014 09:09:55.758 UTC: RADIUS: authenticator 32 B7 0B BA 04 5D 6F C5 - B7 63 1A 6D CF 69 E7 50
Jun 13 2014 09:09:55.758 UTC: RADIUS: Session-Timeout     [27] 6   30
Jun 13 2014 09:09:55.758 UTC: RADIUS: EAP-Message         [79] 8
Jun 13 2014 09:09:55.758 UTC: RADIUS:   01 03 00 06 19 20                 [ ]
Jun 13 2014 09:09:55.758 UTC: RADIUS: State               [24] 38
Jun 13 2014 09:09:55.758 UTC: RADIUS:   1E 94 02 C3 00 00 01 37 00 01 02 00 AC 10 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 25 26 56 D2            [ 7 8?&V]
Jun 13 2014 09:09:55.758 UTC: RADIUS: Message-Authenticato[80] 18
Jun 13 2014 09:09:55.758 UTC: RADIUS:   9C A4 5C 09 68 3C 77 A4 1A 3A 73 6C CA A3 29 88          [ \h<w:sl)]
Jun 13 2014 09:09:55.758 UTC: RADIUS(000000D0): Received from id 1645/32
Jun 13 2014 09:09:55.758 UTC: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
Jun 13 2014 09:09:55.758 UTC: dot11_auth_dot1x_parse_aaa_resp: Received server response: GET_CHALLENGE_RESPONSE
Jun 13 2014 09:09:55.758 UTC: dot11_auth_dot1x_parse_aaa_resp: found session timeout 30 sec
Jun 13 2014 09:09:55.758 UTC: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
Jun 13 2014 09:09:55.758 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_REPLY) for 001e.58a2.ba4b
Jun 13 2014 09:09:55.758 UTC: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 001e.58a2.ba4b
Jun 13 2014 09:09:55.762 UTC: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
Jun 13 2014 09:09:55.770 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:09:55.770 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 001e.58a2.ba4b
Jun 13 2014 09:09:55.770 UTC: dot11_auth_dot1x_send_response_to_server: Sending client 001e.58a2.ba4b data to server
Jun 13 2014 09:09:55.770 UTC: AAA/AUTHEN/PPP (000000D0): Pick method list 'eap_methods1'
Jun 13 2014 09:09:55.770 UTC: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Jun 13 2014 09:09:55.770 UTC: RADIUS/ENCODE(000000D0):Orig. component type = DOT11
Jun 13 2014 09:09:55.770 UTC: RADIUS: AAA Unsupported Attr: ssid              [347] 2
Jun 13 2014 09:09:55.770 UTC: RADIUS: AAA Unsupported Attr: service-type      [345] 4   1
Jun 13 2014 09:09:55.770 UTC: RADIUS: AAA Unsupported Attr: interface         [222] 3
Jun 13 2014 09:09:55.770 UTC: RADIUS:   33                 [ 3]
Jun 13 2014 09:09:55.770 UTC: RADIUS(000000D0): Config NAS IP: 172.16.254.116
Jun 13 2014 09:09:55.770 UTC: RADIUS(000000D0): Config NAS IPv6:
Jun 13 2014 09:09:55.770 UTC: RADIUS/ENCODE(000000D0): acct_session_id: 197
Jun 13 2014 09:09:55.770 UTC: RADIUS(000000D0): Config NAS IP: 172.16.254.116
Jun 13 2014 09:09:55.770 UTC: RADIUS(000000D0): sending
Jun 13 2014 09:09:55.770 UTC: RADIUS(000000D0): Send Access-Request to 172.16.0.32:1812 id 1645/33, len 279
Jun 13 2014 09:09:55.770 UTC: RADIUS: authenticator 9C D8 E3 47 46 9C A3 8F - BE 1E 5F AF 42 CA 3C 70
Jun 13 2014 09:09:55.770 UTC: RADIUS: User-Name           [1]   19 "Empresa\Roberto.Carlos"
Jun 13 2014 09:09:55.770 UTC: RADIUS: Framed-MTU          [12] 6   1400
Jun 13 2014 09:09:55.770 UTC: RADIUS: Called-Station-Id   [30] 22 "2C-3E-CF-0B-BF-60:1A"
Jun 13 2014 09:09:55.770 UTC: RADIUS: Calling-Station-Id [31] 16 "001e.58a2.ba4b"
Jun 13 2014 09:09:55.770 UTC: RADIUS: Service-Type        [6]   6   Login                     [1]
Jun 13 2014 09:09:55.770 UTC: RADIUS: Message-Authenticato[80] 18
Jun 13 2014 09:09:55.770 UTC: RADIUS:   12 97 DB 9A 4E F2 6C 8A F2 69 FB 27 61 8D 95 9F             [ Nli'a]
Jun 13 2014 09:09:55.770 UTC: RADIUS: EAP-Message         [79] 107
Jun 13 2014 09:09:55.770 UTC: RADIUS:   02 03 00 69 19 80 00 00 00 5F 16 03 01 00 5A 01 00 00 56 03 01 53 9A E9 E5 2A 3B 9E C8 C1 69 42 EA C9 79 B6 2D 2B 4C 18 63 5D A3 DA B8 89 53 [i_ZVS*;iBy-+Lc]S]
Jun 13 2014 09:09:55.770 UTC: RADIUS:   B8 8E C3 F7 79 03 00 00 18 00 2F 00 35 00 05 00 0A C0 13 C0 14 C0 09 C0 0A 00 32 00 38 00 13 00 04 01 00 00 15 FF 01 00 01 00 00 0A 00 06 00 04 00 17 00 18 00 0B 00 02 01 00             [ y/528]
Jun 13 2014 09:09:55.770 UTC: RADIUS: NAS-Port-Type       [61] 6   802.11 wireless           [19]
Jun 13 2014 09:09:55.770 UTC: RADIUS: NAS-Port            [5]   6   301
Jun 13 2014 09:09:55.770 UTC: RADIUS: NAS-Port-Id         [87] 5   "301"
Jun 13 2014 09:09:55.770 UTC: RADIUS: State               [24] 38
Jun 13 2014 09:09:55.770 UTC: RADIUS:   1E 94 02 C3 00 00 01 37 00 01 02 00 AC 10 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 25 26 56 D2            [ 7 8?&V]
Jun 13 2014 09:09:55.770 UTC: RADIUS: NAS-IP-Address      [4]   6   172.16.254.116
Jun 13 2014 09:09:55.770 UTC: RADIUS: Nas-Identifier      [32] 4   "ap"
Jun 13 2014 09:09:55.770 UTC: RADIUS(000000D0): Sending a IPv4 Radius Packet
Jun 13 2014 09:09:55.770 UTC: RADIUS(000000D0): Started 5 sec timeout
Jun 13 2014 09:10:00.766 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:10:00.766 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,EAP_START) for 001e.58a2.ba4b
Jun 13 2014 09:10:00.766 UTC: dot11_auth_dot1x_ignore_event: Ignore event: do nothing
Jun 13 2014 09:10:00.794 UTC: RADIUS(000000D0): Request timed out
Jun 13 2014 09:10:00.794 UTC: RADIUS: Retransmit to (172.16.0.32:1812,1813) for id 1645/33
Jun 13 2014 09:10:00.794 UTC: RADIUS(000000D0): Started 5 sec timeout
Jun 13 2014 09:10:01.782 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:10:01.782 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,EAP_START) for 001e.58a2.ba4b
Jun 13 2014 09:10:01.782 UTC: dot11_auth_dot1x_ignore_event: Ignore event: do nothing
Jun 13 2014 09:10:02.794 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:10:02.794 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,EAP_START) for 001e.58a2.ba4b
Jun 13 2014 09:10:02.794 UTC: dot11_auth_dot1x_ignore_event: Ignore event: do nothing
Jun 13 2014 09:10:04.690 UTC: AAA/BIND(000000D1): Bind i/f
Jun 13 2014 09:10:04.690 UTC: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Jun 13 2014 09:10:04.690 UTC: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001e.58a2.ba4b
Jun 13 2014 09:10:04.690 UTC: dot11_auth_dot1x_send_id_req_to_client: Client 001e.58a2.ba4b timer started for 30 seconds
Jun 13 2014 09:10:05.146 UTC: RADIUS(000000D0): Request timed out
Jun 13 2014 09:10:05.146 UTC: RADIUS: Retransmit to (172.16.0.32:1812,1813) for id 1645/33
Jun 13 2014 09:10:05.146 UTC: RADIUS(000000D0): Started 5 sec timeout
Jun 13 2014 09:10:05.874 UTC: AAA/BIND(000000D2): Bind i/f
Jun 13 2014 09:10:05.874 UTC: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Jun 13 2014 09:10:05.874 UTC: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001e.58a2.ba4b
Jun 13 2014 09:10:05.874 UTC: dot11_auth_dot1x_send_id_req_to_client: Client 001e.58a2.ba4b timer started for 30 seconds
Jun 13 2014 09:10:05.922 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:10:05.922 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 001e.58a2.ba4b
Jun 13 2014 09:10:05.922 UTC: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001e.58a2.ba4b
Jun 13 2014 09:10:05.922 UTC: dot11_auth_dot1x_send_id_req_to_client: Client 001e.58a2.ba4b timer started for 30 seconds
Jun 13 2014 09:10:09.818 UTC: RADIUS(000000D0): Request timed out
Jun 13 2014 09:10:09.818 UTC: RADIUS: Retransmit to (172.16.0.32:1812,1813) for id 1645/33
Jun 13 2014 09:10:09.818 UTC: RADIUS(000000D0): Started 5 sec timeout
Jun 13 2014 09:10:14.746 UTC: RADIUS(000000D0): Request timed out
Jun 13 2014 09:10:14.746 UTC: RADIUS: Retransmit to (172.16.0.32:1812,1813) for id 1645/33
Jun 13 2014 09:10:14.746 UTC: RADIUS(000000D0): Started 5 sec timeout
Jun 13 2014 09:10:19.034 UTC: RADIUS(000000D0): Request timed out
Jun 13 2014 09:10:19.034 UTC: RADIUS: Fail-over denied to (172.16.0.32:1812,1813) for id 1645/33
Jun 13 2014 09:10:19.034 UTC: RADIUS: No response from (172.16.0.32:1812,1813) for id 1645/33
Jun 13 2014 09:10:19.034 UTC: RADIUS/DECODE: No response from radius-server; parse response; FAIL
Jun 13 2014 09:10:19.034 UTC: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL

Aironet 1600 wireless client troubles

Hi,
I just installed an Aironet 1602i, standalone WAP.
I have it configured to use a RADIUS server in our office. However, two issues have come up when trying to get clients connected.
1. iPhones and iPads won't connect to either the 2.4 or the 5 GHz radios.
2. No one can connect to the 5 Ghz radio.
Both radios are UP according to the GUI interfaces of the WAP. Also, laptops and android devices are able to connect to the 2.4GHz radio but not the 5 GHz radio.
I am on the latest version of the firmware.
Does anyone have place I can start to figure this out?
Thanks!
Dave

For iPhones and iPads, use WPA2. Don't enable both WPA/WPA2. Choose one.
Another option, try with OPEN authentication. If that works and everyone (and I mean EVERYONE), can log in, then you ramp up your security & encryption one-at-a-time until you start to break things.

Cisco Aironet 1600 - DHCP Offer Problem

Hi,
I have dhcp problem with our new AP:
I add an AP to our LAN.
I make a simple configuration with a WPA authenticate.
I can connect some equipment to this AP and our DHCP give an address correctly.
We use adptator to give wireless connection to old station with old operaing system (adaptator example : Netgear WNCE3001)
This adaptor connect to AP and receive an address from DHCP.
My problem is the equipment behind this adpatator send a DHCP request, our server send a DHCP offer but never arrive to this equipment .....
Same problem with another adpatator (TRENDnet and ZyXEL)
I think Cisco 1600 dont return correctly the DHCP offer, perhaps i miss some configuration.
Anyone can help me ?
Thx
In attachment AP configuration
AP system information:
Product/Model Number:
AIR-SAP1602I-E-K9
Top Assembly Serial Number:
[removed]
System Software Filename:
ap1g2-k9w7-tar.152-2.JB2
System Software Version:
15.2(2)JB2
Bootloader Version:
BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFTWARE (fc1)

Now that I have googeld on your client (Netgear WNCE3001) I really understand want you are trying to accomplish. Want you want is this client acting like something called a workgroup bridge (at least, that is how it is called when you have an Cisco AP fulfilling this role).
With the Cisco deployment you configure the AP as a workgroup bridge with multiple client MAC (and IP) addresses behind it. If the infrastructure where the AP should associated with is non Cisco you can use the "universal mode" where you can just use one (wired) client connected after the AP.
Now back to your Netgear client. I have not seen this client in real life, but if I read the manual I'm getting the feeling that this client does a little more than only bridging. At least there is no option to really configure the workgroup bridge stuff and the WLAN interface is being called "Internet adapter". There is also a option for an LAN DHCP server, which is kinda confusing as well if you ask me.
However, the thing that we can try is using a static IP address on the wired client side and test if communication is possible. Could you please give the output of the "show bridge 1" and "show dot11 ass" commands in that situation? Last but not least you can test if your configuration works after configuring "config network ip-mac-binding disable" on the WLC.

3 new Cisco Aironet 1600

Hello
I have 3 new Cisco AIR-SAP1602I-E-K9 for a large 2 floor halls. Max Users: 50.
What could be the best practice tools to calculate the signal coverage + quality + speed
when installing the access points through the halls ?
Thanks for the answers from implemented and deployed studies.

Hi,
First choice : Try to get a support partner who is expert in this field.
Ekahau_HeatMapper : try this one
RegArds
Don't forget to rate helpful post.
Sent from Cisco Technical Support iPhone App

01#Aironet 1600 (AIR-CAP1602i) & 3850 WLC (WS-C3850-24T-L)

Hi Friends
Trying to join 1602i (AIR-CAP1602i-E-k9) to 3850 (WS-C3850-24T) WLC but after join to WLC, the access point keeps rebooting
3850# Sho Version
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIV
ERSALK9-M), Version 03.03.03SE RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Sun 27-Apr-14 18:33 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2014 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
BOOTLDR: C3850 Boot Loader (C3850-HBOOT-M) Version 1.1, RELEASE SOFTWARE (P)
Ctrl1 uptime is 59 minutes
Uptime for this control processor is 1 hour, 1 minute
System returned to ROM by reload
System image file is "flash:packages.conf"
Last reload reason: reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Level: Ipbase
License Type: Permanent
Next reload license Level: Ipbase
cisco WS-C3850-24T (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FOC1729V00P
1 Virtual Ethernet interface
28 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
1609272K bytes of Flash at flash:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of at webui:.
Base Ethernet MAC Address          : d0:c7:89:74:ef:00
Motherboard Assembly Number        : 73-12238-06
Motherboard Serial Number          : FOC17283XTY
Model Revision Number              : B0
Motherboard Revision Number        : D0
Model Number                       : WS-C3850-24T
System Serial Number               : FOC1729V00P
Switch Ports Model              SW Version        SW Image              Mode
*    1 32    WS-C3850-24T       03.03.03SE        cat3k_caa-universalk9 INSTALL
Configuration register is 0x102
3850#show wireless mobility summary
Mobility Controller Summary:
Mobility Role                                   : Mobility Controller
Mobility Protocol Port                          : 16666
Mobility Group Name                             : default
Mobility Oracle IP Address                      : 0.0.0.0
DTLS Mode                                       : Enabled
Mobility Domain ID for 802.11r                  : 0xac34
Mobility Keepalive Interval                     : 10
Mobility Keepalive Count                        : 3
Mobility Control Message DSCP Value             : 48
Mobility Domain Member Count                    : 1
Link Status is Control Link Status : Data Link Status
Controllers configured in the Mobility Domain:
IP               Public IP        Group Name       Multicast IP     Link Status
192.168.188.22   -                default          0.0.0.0          UP   : UP
3850#show wireless country configured
Configured Country.............................: AU - Australia
Configured Country Codes
        AU - Australia : 802.11a Indoor,Outdoor/ 802.11b / 802.11g
1602i#show version
Cisco IOS Software, C1600 Software (AP1G2-K9W8-M), Version 15.2(4)JB5h, RELEASE
SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 16-Apr-14 00:32 by prod_rel_team
ROM: Bootstrap program is C1600 boot loader
BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFT
WARE (fc1)
APc067.af86.55a3 uptime is 7 minutes
System returned to ROM by power-on
System image file is "flash:/ap1g2-k9w8-mx.152-4.JB5h/ap1g2-k9w8-mx.152-4.JB5h"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP1602I-E-K9 (PowerPC) processor (revision B0) with 229366K/32768K by
tes of memory.
Processor board ID FGL1739W06Y
PowerPC CPU at 533MHz, revision number 0x2151
Last reset from power-on
LWAPP image version 10.1.130.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: C0:67:AF:86:55:A3
Part Number                          : 73-14671-04
PCA Assembly Number                  : 000-00000-00
PCA Revision Number                  :
PCB Serial Number                    : FOC17374QRS
Top Assembly Part Number             : 800-38552-01
Top Assembly Serial Number           : FGL1739W06Y
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP1602I-E-K9
Configuration register is 0xF
3850# Show logging
Ctrl1#
*Jun 14 05:37:44.747: *%CAPWAP-3-ALREADY_IN_JOIN: 1 wcm: Dropping join request
from AP c025.5c96.90e0 - AP is already in joined state
*Jun 14 05:37:44.750: *%CAPWAP-3-DATA_TUNNEL_DELETE_ERR2: 1 wcm: Failed to dele
te CAPWAP data tunnel with interface id: 0x0 from internal database. Reason: AVL
database entry not found
*Jun 14 05:37:50.040: *%CAPWAP-3-ALREADY_IN_JOIN: 1 wcm: Dropping join request
from AP c025.5c96.90e0 - AP is already in joined state
*Jun 14 05:37:50.042: *%CAPWAP-3-DATA_TUNNEL_DELETE_ERR2: 1 wcm: Failed to dele
te CAPWAP data tunnel with interface id: 0x0 from internal database. Reason: AVL
database entry not found
*Jun 14 05:38:05.467: *%CAPWAP-3-ALREADY_IN_JOIN: 1 wcm: Dropping join request
from AP c025.5c96.90e0 - AP is already in joined state
*Jun 14 05:38:05.470: *%CAPWAP-3-DATA_TUNNEL_DELETE_ERR2: 1 wcm: Failed to dele
te CAPWAP data tunnel with interface id: 0x0 from internal database. Reason: AVL
database entry not found
*Jun 14 05:38:10.760: *%CAPWAP-3-ALREADY_IN_JOIN: 1 wcm: Dropping join request
from AP c025.5c96.90e0 - AP is already in joined state
*Jun 14 05:38:10.762: *%CAPWAP-3-DATA_TUNNEL_DELETE_ERR2: 1 wcm: Failed to dele
te CAPWAP data tunnel with interface id: 0x0 from internal database. Reason: AVL
database entry not found
*Jun 14 05:38:26.672: *%CAPWAP-3-ALREADY_IN_JOIN: 1 wcm: Dropping join request
from AP c025.5c96.90e0 - AP is already in joined state
*Jun 14 05:38:26.675: *%CAPWAP-3-DATA_TUNNEL_DELETE_ERR2: 1 wcm: Failed to dele
te CAPWAP data tunnel with interface id: 0x0 from internal database. Reason: AVL
database entry not found
*Jun 14 05:38:31.968: *%CAPWAP-3-ALREADY_IN_JOIN: 1 wcm: Dropping join request
from AP c025.5c96.90e0 - AP is already in joined state
*Jun 14 05:38:31.970: *%CAPWAP-3-DATA_TUNNEL_DELETE_ERR2: 1 wcm: Failed to dele
te CAPWAP data tunnel with interface id: 0x0 from internal database. Reason: AVL
database entry not found
*Jun 14 05:38:47.388: *%CAPWAP-3-ALREADY_IN_JOIN: 1 wcm: Dropping join request
from AP c025.5c96.90e0 - AP is already in joined state
*Jun 14 05:38:47.390: *%CAPWAP-3-DATA_TUNNEL_DELETE_ERR2: 1 wcm: Failed to dele
te CAPWAP data tunnel with interface id: 0x0 from internal database. Reason: AVL
database entry not found
*Jun 14 05:38:52.680: *%CAPWAP-3-ALREADY_IN_JOIN: 1 wcm: Dropping join request
from AP c025.5c96.90e0 - AP is already in joined state
*Jun 14 05:38:52.682: *%CAPWAP-3-DATA_TUNNEL_DELETE_ERR2: 1 wcm: Failed to dele
te CAPWAP data tunnel with interface id: 0x0 from internal database. Reason: AVL
database entry not found
*Jun 14 05:39:08.100: *%CAPWAP-3-ALREADY_IN_JOIN: 1 wcm: Dropping join request
from AP c025.5c96.90e0 - AP is already in joined state
*Jun 14 05:39:08.102: *%CAPWAP-3-DATA_TUNNEL_DELETE_ERR2: 1 wcm: Failed to dele
te CAPWAP data tunnel with interface id: 0x0 from internal database. Reason: AVL
database entry not found
*Jun 14 05:39:13.396: *%CAPWAP-3-ALREADY_IN_JOIN: 1 wcm: Dropping join request
from AP c025.5c96.90e0 - AP is already in joined state
*Jun 14 05:39:13.398: *%CAPWAP-3-DATA_TUNNEL_DELETE_ERR2: 1 wcm: Failed to dele
te CAPWAP data tunnel with interface id: 0x0 from internal database. Reason: AVL
database entry not found
*Jun 14 05:39:29.024: *%CAPWAP-3-ALREADY_IN_JOIN: 1 wcm: Dropping join request
from AP c025.5c96.90e0 - AP is already in joined state
*Jun 14 05:39:29.026: *%CAPWAP-3-DATA_TUNNEL_DELETE_ERR2: 1 wcm: Failed to dele
te CAPWAP data tunnel with interface id: 0x0 from internal database. Reason: AVL
database entry not found
*Jun 14 05:39:34.320: *%CAPWAP-3-ALREADY_IN_JOIN: 1 wcm: Dropping join request
from AP c025.5c96.90e0 - AP is already in joined state
*Jun 14 05:39:34.322: *%CAPWAP-3-DATA_TUNNEL_DELETE_ERR2: 1 wcm: Failed to dele
te CAPWAP data tunnel with interface id: 0x0 from internal database. Reason: AVL
database entry not found
*Jun 14 05:39:46.377: *%DTLS-3-HANDSHAKE_FAILURE: 1 wcm: Failed to complete DTL
S handshake with peer 192.168.188.25 for AP 0000.0000.0000Reason: sslv3 alert u
nexpected message
1602i# Show Logging
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:01:01.591: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 00:01:01.591: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led sta
te 255
*Mar 1 00:01:02.011: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:01:02.247: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:01:08.315: %SSH-5-ENABLED: SSH 2.0 has been enabledlwapp_crypto_init:
MIC Present and Parsed Successfully
*Mar 1 00:01:09.075: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to r
eset
*Mar 1 00:01:09.075: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to r
eset
*Mar 1 00:01:18.755: Logging LWAPP message to 255.255.255.255.
*Mar 1 00:01:29.255: APAVC: Succeeded to activate all the STILE protocols.
*Mar 1 00:01:29.255: APAVC: Registering with CFT
APAVC: CFT registration of delete callback succeeded
APAVC: Reattaching Original Buffer pool for system use
Pool-ReAtach: paks 9355 radio8747
*Mar 1 00:01:36.415: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SO
URCE inline power source
*Mar 1 00:01:37.487: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:01:38.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to up
*Mar 1 00:01:38.543: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:01:39.206: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jun 14 05:47:22.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 192.168.188.22 peer_port: 5246
*Jun 14 05:47:22.335: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
1, changed state to up
*Jun 14 05:47:24.287: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 192.168.188.22 peer_port: 5246
*Jun 14 05:47:24.287: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.188.22
*Jun 14 05:47:29.287: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.188.22
*Jun 14 05:47:29.291: %DTLS-5-ALERT: Received WARNING : Close notify alert from
192.168.188.22
*Jun 14 05:47:29.291: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192
.168.188.22:5246
*Jun 14 05:47:29.291: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jun 14 05:47:22.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 192.168.188.22 peer_port: 5246
*Jun 14 05:47:22.291: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 192.168.188.22 peer_port: 5246
*Jun 14 05:47:22.291: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.188.22
*Jun 14 05:47:27.291: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.188.22
*Jun 14 05:47:27.295: %DTLS-5-ALERT: Received WARNING : Close notify alert from
192.168.188.22
*Jun 14 05:47:27.295: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192
.168.188.22:5246
*Jun 14 05:47:27.347: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led sta
te 255
*Jun 14 05:47:27.375: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to a
dministratively down
*Jun 14 05:47:27.375: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to a
dministratively down
*Jun 14 05:47:27.379: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jun 14 05:47:27.431: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jun 14 05:47:28.379: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to down
*Jun 14 05:47:28.423: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to do
wn
*Jun 14 05:47:28.431: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to r
eset
*Jun 14 05:47:29.415: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to up
*Jun 14 05:47:29.423: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
1, changed state to down
*Jun 14 05:47:29.467: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jun 14 05:47:29.475: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to do
wn
*Jun 14 05:47:29.483: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to r
eset
*Jun 14 05:47:30.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
1, changed state to up
*Jun 14 05:47:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to down
*Jun 14 05:47:30.519: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jun 14 05:47:31.519: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
0, changed state to up
*Jun 14 05:47:37.431: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jun 14 05:47:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 192.168.188.22 peer_port: 5246
*Jun 14 05:47:44.287: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 192.168.188.22 peer_port: 5246
*Jun 14 05:47:44.287: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.188.22
*Jun 14 05:47:49.287: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.188.22
*Jun 14 05:47:49.291: %DTLS-5-ALERT: Received WARNING : Close notify alert from
192.168.188.22
*Jun 14 05:47:49.291: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192
.168.188.22:5246

Hi Leo
For product AIR-CAP1602I-E-K9 what country have to configured?
flowed this table:

Aironet 1600 privilege level for MAC Filtering

   Hi,
I want to permit from a user profile with the telnet CLI command to configure the new MAC address on the dot11 association mac-list 700
I have create the user 14 with the followed commands:
enable secret level 14 5 **************
enable secret 5 **************
privilege configure level 14 access-list
privilege exec level 14 write memory
privilege exec level 14 write
privilege exec level 14 configure terminal
privilege exec level 14 configure
privilege exec level 14 show dot11 associations client
privilege exec level 14 show dot11 associations
privilege exec level 14 show dot11
privilege exec level 14 show access-lists
privilege exec level 14 show
Access from login privilege 14
1602AP16#show privile
Current privilege level is 14
1602AP16#show access-l
Bridge address access list 700
    permit 100b.a965.7384   0000.0000.0000 (2 matches)
    permit 0026.c659.b182   0000.0000.0000
    permit 0019.d2c2.96c0   0000.0000.0000
OK
add the new MAC address
1602AP16(config)#access-list ?
<1-99>       IP standard access list
<100-199>    IP extended access list
<1100-1199> Extended 48-bit MAC address access list
<1300-1999> IP standard access list (expanded range)
<200-299>    Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<700-799>    48-bit MAC address access list
1602AP16(config)#access-list 700 permit 0026.c659.b182   0000.0000.0000
                                                               ^
% Invalid input detected at '^' marker.
I can open the user level 14 config and when I add the new MAC address I received the " Invalid input detected " message
What is wrong ?
Is it only permit at level 15 ?
IOS version :
Cisco IOS Software, C1600 Software (AP1G2-K9W7-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
Thank you to shared me yours comments !
Patrick

Hi Patric,
Can u try this :
privilege configure level 14 access-list
and all other with priv 13.
privilege exec level 13 write memory
privilege exec level 13 write
privilege exec level 13 configure terminal
privilege exec level 13 configure
privilege exec level 13 show dot11 associations client
privilege exec level 13 show dot11 associations
privilege exec level 13 show dot11
privilege exec level 13 show access-lists
privilege exec level 13 show
and then try to configure it.
If still fails then u must use priv 15 .
Regards

Cisco Aironet 1600/2600/3600

Hi Group,
I'm leaning toward buying 2 cisco 2600 access points for our office.
My goal is to eliminate the residential style access points. The issue is security/management. Each time someone leaves the company, the password needs to be changed, and then all the laptops need to be changed. Looking for a better managed solution.
I am aware that cisco also offers controllers to simplify management, but since we are only needing 2 access points, I want to know if I can successfully integrate these 2 access points with active directory without a controller.
A couple of other questions.
Is a radius server required for this or can the AP's directly talk with Active Directory via LDAP.
Without a controller, does each AP require a different SSID, would like to have them the same?
Is any software required to be installed on the laptops (win xp and 7)
Any advantages to using a controller for a 2 AP system?
Thanks for the info.

Take a look at this PDF, you can order one of these for free when you place an order.
http://www.cisco.com/en/US/docs/wireless/flyers/APbracketsAndClips.pdf
The AP you will need if your in th eUS is air-cap2602i-a-k9. I would make sure when you order the WLC2504 that you also mention code 7.3 or 7.4 so it gets preloaded since the 2602's require version 7.2.110.0 or newer... I would go with the 7.4.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"

Aironet 1600 Transmitter power: error

Under the 2.4ghz status I see:
Transmitter Power
error
Which i believe is the culprit for weak wireless and also choppy connection to AP.
attached is config
Also I'm using cisco power injector which says its non-cisco which it is!!
Help guys no one in cisco has answer they just send me to different people and now I'm HERE!!
John!

Along with CDP you should also set the power inline. Is the power injector the one listed here?
Powering Options
? 802.3af Ethernet Switch
? Cisco AP1600 Power Injectors (AIR-PWRINJ4=, AIR-PWRINJ5=)
? Cisco AP1600 Local Power Supply (AIR-PWR-B=)
Caution When using the power inline negotiation injector override command, a power injector must always be installed to prevent a possible overload condition with an underpowered power source.
Sent from Cisco Technical Support iPhone App

Aironet 1600 - A response was not received from the router or access point

Hi,
I'm trying to set up a wireless network with multiple SSID's. The new network only has CISCO products (router, switches). For the moment I'm trying to connect to 1 SSID (Windekind.Gast). the SSID is visible but when connecting devices have te folowing error message in the log:
Connection status summary
Connection started at: 2015-02-17 09:55:49-951
Profile match: Success
Pre-Association: Success
Association: Fail
Security and Authentication: Not started
Root cause:
Wireless association to "Windekind.Gast" failed
A response was not received from the router or access point.
Detailed root cause:
Wireless association to this network failed. Windows did not receive any response from the wireless router or accesspoint.
The signal is perfect (I'm only a few feet away from the AP).
To make sure there is no dhcp problem I tested the swich port in access mode for vlan 30 which supplied an IP correctly. I'm really not seeing the problem and searched the web for days now! Any help would be very much appreciated!
Below the config of the access point (done via de web interface).
! Last configuration change at 05:30:28 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname AP002-C
logging rate-limit console 9
enable secret 5 $1$Bxv3$Of8o5..8v6gzIiAe2tXlh/
no aaa new-model
no ip cef
dot11 syslog
dot11 vlan-name Windekind.Directie vlan 50
dot11 vlan-name Windekind.Gast vlan 30
dot11 vlan-name Windekind.Klasnet vlan 40
dot11 ssid Windekind.Directie
vlan 50
band-select
authentication open
mobility network-id 50
dot11 ssid Windekind.Gast
vlan 30
band-select
authentication open
authentication key-management wpa version 2
mbssid guest-mode
mobility network-id 30
wpa-psk ascii 7 14201B05080121222A2C6A6D63
dot11 ssid Windekind.Klasnet
vlan 40
band-select
mobility network-id 40
crypto pki token default removal timeout 0
username Cisco password 7 112A1016141D
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 2
stbc
beamform ofdm
mbssid
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 2452
no preamble-short
station-role root
payload-encapsulation dot1h
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 4
no dfs band block
stbc
beamform ofdm
mbssid
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel dfs
station-role root
payload-encapsulation dot1h
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio1.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio1.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 spanning-disabled
no bridge-group 30 source-learning
interface GigabitEthernet0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 spanning-disabled
no bridge-group 40 source-learning
interface GigabitEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 spanning-disabled
no bridge-group 50 source-learning
interface BVI1
ip address 10.0.0.81 255.255.255.0
no ip route-cache
ip default-gateway 10.0.0.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging facility user
bridge 1 route ip
line con 0
line vty 0 4
login local
transport input all
end

Hi Rasika
thanks for the reply! 10.0.0.81 belongs to vlan 1. I changed the config as suggested but no luck.. (same problems are logged in the event viewer). the ap is connected to a switchport in trunk mode and vlan 1 is the native lan (untagged). the port also is joined to vlan 30 (and others).
Below the new config. Hope you can see an error..
! Last configuration change at 22:56:10 UTC Thu Apr 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname AP002-C
logging rate-limit console 9
enable secret 5 $1$Bxv3$Of8o5..8v6gzIiAe2tXlh/
no aaa new-model
no ip cef
dot11 syslog
dot11 vlan-name Default vlan 1
dot11 vlan-name Windekind.Directie vlan 50
dot11 vlan-name Windekind.Gast vlan 30
dot11 vlan-name Windekind.Klasnet vlan 40
dot11 ssid Windekind.Directie
   vlan 50
   band-select
   authentication open
   mobility network-id 50
dot11 ssid Windekind.Gast
   vlan 30
   band-select
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   mobility network-id 30
   wpa-psk ascii 7 14201B05080121222A2C6A6D63
dot11 ssid Windekind.Klasnet
   vlan 40
   band-select
   mobility network-id 40
crypto pki token default removal timeout 0
username Cisco password 7 112A1016141D
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 2
stbc
beamform ofdm
mbssid
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
no preamble-short
channel 2452
station-role root
payload-encapsulation dot1h
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 4
no dfs band block
stbc
beamform ofdm
mbssid
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel dfs
station-role root
payload-encapsulation dot1h
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio1.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio1.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 spanning-disabled
no bridge-group 30 source-learning
interface GigabitEthernet0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 spanning-disabled
no bridge-group 40 source-learning
interface GigabitEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 spanning-disabled
no bridge-group 50 source-learning
interface BVI1
ip address 10.0.0.81 255.255.255.0
no ip route-cache
ip default-gateway 10.0.0.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging facility user
bridge 1 route ip
line con 0
line vty 0 4
login local
transport input all
end
t

Does Aironet 1600 has an automatic save feature?

New c1600 AP that was being configured for the first time. We configured dot11radio, default-gateway, and a default route; followed by a new ip address assigned to the BVI interface. At that point we lost connection, and tried to reset back to factory default by shut/no shut the switch interface. For some reason, the c1600 kept coming back with the BVI new IP address, meaning that the incomplete config seems to have been automatically saved. I can't find any info in releases, nor by doing a general search. Is their an automatic save feature?
P.S. Even though BVI ip was set, we noticed that Version 15.2(2)JB does not require <IP ROUTING> to be entered, as opposed to Version 15.2(2)JB2.
AP specs:
Cisco IOS Software, C1600 Software (AP1G2-K9W7-M), Version 15.2(2)JB2, RELEASE SOFTWARE (fc1)
ROM: Bootstrap program is C1600 boot loader
BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFTWARE (fc1)
Product/Model Number : AIR-SAP1602E-E-K9

New c1600 AP that was being configured for the first time. We configured dot11radio, default-gateway, and a default route; followed by a new ip address assigned to the BVI interface. At that point we lost connection, and tried to reset back to factory default by shut/no shut the switch interface. For some reason, the c1600 kept coming back with the BVI new IP address, meaning that the incomplete config seems to have been automatically saved. I can't find any info in releases, nor by doing a general search. Is their an automatic save feature?
P.S. Even though BVI ip was set, we noticed that Version 15.2(2)JB does not require <IP ROUTING> to be entered, as opposed to Version 15.2(2)JB2.
AP specs:
Cisco IOS Software, C1600 Software (AP1G2-K9W7-M), Version 15.2(2)JB2, RELEASE SOFTWARE (fc1)
ROM: Bootstrap program is C1600 boot loader
BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFTWARE (fc1)
Product/Model Number : AIR-SAP1602E-E-K9

Aironet 1600 + Freeradius + openLDAP

Similar Messages

Maybe you are looking for