Aironet 1600 wireless client troubles
Hi,
I just installed an Aironet 1602i, standalone WAP.
I have it configured to use a RADIUS server in our office. However, two issues have come up when trying to get clients connected.
1. iPhones and iPads won't connect to either the 2.4 or the 5 GHz radios.
2. No one can connect to the 5 Ghz radio.
Both radios are UP according to the GUI interfaces of the WAP. Also, laptops and android devices are able to connect to the 2.4GHz radio but not the 5 GHz radio.
I am on the latest version of the firmware.
Does anyone have place I can start to figure this out?
Thanks!
Dave
For iPhones and iPads, use WPA2. Don't enable both WPA/WPA2. Choose one.
Another option, try with OPEN authentication. If that works and everyone (and I mean EVERYONE), can log in, then you ramp up your security & encryption one-at-a-time until you start to break things.
Similar Messages
-
Aironet 1310 non-root with wireless clients
I have two 1310s. One set as a root-bridge with wireless clients, another as a non-root bridge with wireless clients. The wireless side of things is working fine, but I'm having trouble when I try to connect a windows work station to the non-root bridge via ethernet. I'm getting an IP address from the router attached to the root bridge via DHCP, and I am able to connect to the configuration page of both 1310 APs, but I'm not getting any internet connectivity. Have I misunderstood what 'non-root bridge with wireless clients' means? If not, is there an obvious problem which might cause the wireless clients to work fine, but interfere with a wired client? Thanks.
Thanks Seth,
It's good to know that this is how it is supposed to work. The thing that has me scratching my head is that the wireless clients are working fine from this bridge--it is only the client hooked up to the ethernet interface that is not getting out.
I'll take a look at the gateway settings and see what I can find. I appreciate the tip. -
RRAS Authentication and Aironet 1600
Hello
I'm having trouble configuring my Cisco Aironet 1600 to forward to my windows server for Authenticaiton.
when i attempt to connect to the access point. I get a responce in my windows event id 6272 stating
Network Policy Server granted access to a user
but when i look at the cisco event id i see an authentication error. I ran a trace on the ap when i attempted the communiction. here is the results.
any help would be greatly appreciated.
WAP>
Jan 6 14:20:31.313: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:20:31.313: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:20:31.353: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0023.142b.319c
Jan 6 14:20:31.353: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:20:31.353: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.
WAP>319c timer started for 30 seconds
WAP>
Jan 6 14:20:48.877: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0023.142b.319c
Jan 6 14:20:48.877: dot11_auth_dot1x_send_response_to_server: Sending client 0023.142b.319c data to server
Jan 6 14:20:48.877: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Jan 6 14:20:48.877: RADIUS/ENCODE(00001477):Orig. component type = DOT11
Jan 6 14:20:48.877: RADIUS: AAA Unsupported Attr: ssid [347] 8
Jan 6 14:20:48.877: RADIUS:
WAP> 50 48 41 4E 54 4F [ PHANTO]
Jan 6 14:20:48.877: RADIUS: AAA Unsupported Attr: service-type [345] 4 1
Jan 6 14:20:48.877: RADIUS: AAA Unsupported Attr: interface [222] 4
Jan 6 14:20:48.877: RADIUS: 31 36 [ 16]
Jan 6 14:20:48.877: RADIUS(00001477): Config NAS IP: 192.168.0.222
Jan 6 14:20:48.877: RADIUS(00001477): Config NAS IPv6:
Jan 6 14:20:48.877: RADIUS/ENCODE(00001477): acct_session_id: 5229
Jan 6 14:20:48.877: RADIUS(00001477): Config NA
WAP>S IP: 192.168.0.222
Jan 6 14:20:48.877: RADIUS(00001477): sending
Jan 6 14:20:48.877: RADIUS(00001477): Send Access-Request to 192.168.0.19:1645 id 1645/70, len 187
Jan 6 14:20:48.877: RADIUS: authenticator C4 49 1B CE FC 2F 22 6F - 16 46 8F 44 3B 10 48 AC
Jan 6 14:20:48.877: RADIUS: User-Name [1] 25 "domain\user"
Jan 6 14:20:48.877: RADIUS: Framed-MTU [12] 6 1400
Jan 6 14:20:48.877: RADIUS: Called-Station-Id [30] 28 "34-A8-4E-B
WAP>D-F3-50:PHANTOM5"
Jan 6 14:20:48.877: RADIUS: Calling-Station-Id [31] 16 "0023.142b.319c"
Jan 6 14:20:48.877: RADIUS: Service-Type [6] 6 Login [1]
Jan 6 14:20:48.877: RADIUS: Message-Authenticato[80] 18
Jan 6 14:20:48.877: RADIUS: 17 BE 54 D2 40 4E 08 DF 55 50 47 54 22 FF 5C 23 [ T@NUPGT"\#]
Jan 6 14:20:48.877: RADIUS: EAP-Message [79] 30
Jan 6 14:20:48.877: RADIUS: 02 02 00 1C 01 65 78 71 75 61 64 72 75 6D 5C 61 64 6D 69 6E 69 [ex
WAP>quadrum\admini]
Jan 6 14:20:48.877: RADIUS: 73 74 72 61 74 6F 72 [ strator]
Jan 6 14:20:48.877: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
Jan 6 14:20:48.877: RADIUS: NAS-Port [5] 6 1610
Jan 6 14:20:48.877: RADIUS: NAS-Port-Id [87] 6 "1610"
Jan 6 14:20:48.877: RADIUS: NAS-IP-Address [4] 6 192.168.0.222
Jan 6 14:20:48.877: RADIUS: Nas-Identifier [32] 14 "WAP"
Jan 6 1
WAP>4:20:48.877: RADIUS(00001477): Sending a IPv4 Radius Packet
Jan 6 14:20:48.877: RADIUS(00001477): Started 5 sec timeout
Jan 6 14:20:48.881: RADIUS: Received from id 1645/70 192.168.0.19:1645, Access-Accept, len 66
Jan 6 14:20:48.881: RADIUS: authenticator 4D AA 3F 3F C5 78 F4 DB - B2 04 AF 4E 0A DC A5 6D
Jan 6 14:20:48.881: RADIUS: Class [25] 46
Jan 6 14:20:48.881: RADIUS: B2 3C 09 FD 00 00 01 37 00 01 02 00 C0 A8 00 13 00 00 00 00 5D 7B 6B 09 AC 82 24 A3 01 CE FC 72 A7 8E 51
WAP> DC 00 00 00 00 00 00 02 64 [ <7]{k$rQd]
Jan 6 14:20:48.881: RADIUS(00001477): Received from id 1645/70
Jan 6 14:20:48.881: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 0023.142b.319c
Jan 6 14:20:48.881: dot11_auth_dot1x_send_client_fail: Authentication failed for 0023.142b.319c
Jan 6 14:20:48.881: %DOT11-7-AUTH_FAILED: Station 0023.142b.319c Authentication failed
Jan 6 14:20:49.101: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.
WAP>319c
Jan 6 14:20:49.105: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:20:49.141: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0023.142b.319c
Jan 6 14:20:49.141: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:20:49.141: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
WAP>
Jan 6 14:21:03.649: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0023.142b.319c
Jan 6 14:21:03.649: dot11_auth_dot1x_send_response_to_server: Sending client 0023.142b.319c data to server
Jan 6 14:21:03.649: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Jan 6 14:21:03.649: RADIUS/ENCODE(00001478):Orig. component type = DOT11
Jan 6 14:21:03.649: RADIUS: AAA Unsupported Attr: ssid [347] 8
Jan 6 14:21:03.649: RADIUS:
WAP> 50 48 41 4E 54 4F [ PHANTO]
Jan 6 14:21:03.649: RADIUS: AAA Unsupported Attr: service-type [345] 4 1
Jan 6 14:21:03.649: RADIUS: AAA Unsupported Attr: interface [222] 4
Jan 6 14:21:03.649: RADIUS: 31 36 [ 16]
Jan 6 14:21:03.649: RADIUS(00001478): Config NAS IP: 192.168.0.222
Jan 6 14:21:03.649: RADIUS(00001478): Config NAS IPv6:
Jan 6 14:21:03.649: RADIUS/ENCODE(00001478): acct_session_id: 5230
Jan 6 14:21:03.649: RADIUS(00001478): Config NA
WAP>S IP: 192.168.0.222
Jan 6 14:21:03.649: RADIUS(00001478): sending
Jan 6 14:21:03.649: RADIUS(00001478): Send Access-Request to 192.168.0.19:1645 id 1645/71, len 187
Jan 6 14:21:03.649: RADIUS: authenticator D5 2A B3 D5 B2 29 56 EC - 29 FB 47 F1 5C F1 10 0B
Jan 6 14:21:03.649: RADIUS: User-Name [1] 25 "domain\user"
Jan 6 14:21:03.649: RADIUS: Framed-MTU [12] 6 1400
Jan 6 14:21:03.649: RADIUS: Called-Station-Id [30] 28 "34-A8-4E-B
WAP>D-F3-50:PHANTOM5"
Jan 6 14:21:03.649: RADIUS: Calling-Station-Id [31] 16 "0023.142b.319c"
Jan 6 14:21:03.649: RADIUS: Service-Type [6] 6 Login [1]
Jan 6 14:21:03.649: RADIUS: Message-Authenticato[80] 18
Jan 6 14:21:03.649: RADIUS: CD CF 69 D6 E4 E5 B3 6E F5 1F 5B 78 E4 49 D1 61 [ in[xIa]
Jan 6 14:21:03.649: RADIUS: EAP-Message [79] 30
Jan 6 14:21:03.649: RADIUS: 02 02 00 1C 01 65 78 71 75 61 64 72 75 6D 5C 61 64 6D 69 6E 69 [ex
WAP>quadrum\admini]
Jan 6 14:21:03.649: RADIUS: 73 74 72 61 74 6F 72 [ strator]
Jan 6 14:21:03.649: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
Jan 6 14:21:03.649: RADIUS: NAS-Port [5] 6 1611
Jan 6 14:21:03.649: RADIUS: NAS-Port-Id [87] 6 "1611"
Jan 6 14:21:03.649: RADIUS: NAS-IP-Address [4] 6 192.168.0.222
Jan 6 14:21:03.649: RADIUS: Nas-Identifier [32] 14 "WAP"
Jan 6 1
WAP>4:21:03.649: RADIUS(00001478): Sending a IPv4 Radius Packet
Jan 6 14:21:03.649: RADIUS(00001478): Started 5 sec timeout
Jan 6 14:21:03.649: RADIUS: Received from id 1645/71 192.168.0.19:1645, Access-Accept, len 66
Jan 6 14:21:03.649: RADIUS: authenticator D1 A3 D7 6C DC 7E C6 D1 - A2 DB 6E 13 94 F4 D3 AE
Jan 6 14:21:03.649: RADIUS: Class [25] 46
Jan 6 14:21:03.649: RADIUS: B2 3D 09 FE 00 00 01 37 00 01 02 00 C0 A8 00 13 00 00 00 00 5D 7B 6B 09 AC 82 24 A3 01 CE FC 72 A7 8E 51
WAP> DC 00 00 00 00 00 00 02 65 [ =7]{k$rQe]
Jan 6 14:21:03.653: RADIUS(00001478): Received from id 1645/71
Jan 6 14:21:03.653: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 0023.142b.319c
Jan 6 14:21:03.653: dot11_auth_dot1x_send_client_fail: Authentication failed for 0023.142b.319c
Jan 6 14:21:03.653: %DOT11-7-AUTH_FAILED: Station 0023.142b.319c Authentication failed
WAP>
Jan 6 14:21:13.881: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:13.881: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:13.897: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0023.142b.319c
Jan 6 14:21:13.897: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:13.897: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.
WAP>319c timer started for 30 seconds
Jan 6 14:21:14.629: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:14.629: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:14.645: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0023.142b.319c
Jan 6 14:21:14.645: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:14.645: dot11_auth_dot1x_send_id
WAP>_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:14.653: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0023.142b.319c
Jan 6 14:21:14.653: dot11_auth_dot1x_send_response_to_server: Sending client 0023.142b.319c data to server
Jan 6 14:21:14.653: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Jan 6 14:21:14.653: RADIUS/ENCODE(0000147A):Orig. component type = DOT11
Jan 6 14:21:14.653: RADIUS: AAA Unsupporte
WAP>d Attr: ssid [347] 8
Jan 6 14:21:14.657: RADIUS: 50 48 41 4E 54 4F [ PHANTO]
Jan 6 14:21:14.657: RADIUS: AAA Unsupported Attr: service-type [345] 4 1
Jan 6 14:21:14.657: RADIUS: AAA Unsupported Attr: interface [222] 4
Jan 6 14:21:14.657: RADIUS: 31 36 [ 16]
Jan 6 14:21:14.657: RADIUS(0000147A): Config NAS IP: 192.168.0.222
Jan 6 14:21:14.657: RADIUS(0000147A): Config NAS IPv6:
Jan 6 14:21:14.657: RADIUS/ENCODE(0000147A): acct_
WAP>session_id: 5232
Jan 6 14:21:14.657: RADIUS(0000147A): Config NAS IP: 192.168.0.222
Jan 6 14:21:14.657: RADIUS(0000147A): sending
Jan 6 14:21:14.657: RADIUS(0000147A): Send Access-Request to 192.168.0.19:1645 id 1645/72, len 151
Jan 6 14:21:14.657: RADIUS: authenticator 75 D4 9B 2B 54 28 E0 85 - E1 CE 15 71 98 01 6D 92
Jan 6 14:21:14.657: RADIUS: User-Name [1] 7 "Brian"
Jan 6 14:21:14.657: RADIUS: Framed-MTU [12] 6 1400
Jan 6 14:21:14.657: RA
WAP>DIUS: Called-Station-Id [30] 28 "34-A8-4E-BD-F3-50:PHANTOM5"
Jan 6 14:21:14.657: RADIUS: Calling-Station-Id [31] 16 "0023.142b.319c"
Jan 6 14:21:14.657: RADIUS: Service-Type [6] 6 Login [1]
Jan 6 14:21:14.657: RADIUS: Message-Authenticato[80] 18
Jan 6 14:21:14.657: RADIUS: 5E FF D3 31 9E E4 E8 B0 74 65 DA 64 E3 DC 75 53 [ ^1teduS]
Jan 6 14:21:14.657: RADIUS: EAP-Message [79] 12
Jan 6 14:21:14.657: RADIUS: 02 02 00 0A 01 42 7
WAP>2 69 61 6E [ Brian]
Jan 6 14:21:14.657: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
Jan 6 14:21:14.657: RADIUS: NAS-Port [5] 6 1613
Jan 6 14:21:14.657: RADIUS: NAS-Port-Id [87] 6 "1613"
Jan 6 14:21:14.657: RADIUS: NAS-IP-Address [4] 6 192.168.0.222
Jan 6 14:21:14.657: RADIUS: Nas-Identifier [32] 14 "WAP"
Jan 6 14:21:14.657: RADIUS(0000147A): Sending a IPv4 Radius Packe
WAP>t
Jan 6 14:21:14.657: RADIUS(0000147A): Started 5 sec timeout
Jan 6 14:21:14.657: RADIUS: Received from id 1645/72 192.168.0.19:1645, Access-Accept, len 66
Jan 6 14:21:14.657: RADIUS: authenticator F1 9F 29 38 10 39 E1 0A - FD 73 87 03 D3 5D 34 02
Jan 6 14:21:14.657: RADIUS: Class [25] 46
Jan 6 14:21:14.657: RADIUS: B2 3E 09 FF 00 00 01 37 00 01 02 00 C0 A8 00 13 00 00 00 00 5D 7B 6B 09 AC 82 24 A3 01 CE FC 72 A7 8E 51 DC 00 00 00 00 00 00 02 66 [ >7]{k$rQf]
Jan 6 1
WAP>4:21:14.657: RADIUS(0000147A): Received from id 1645/72
Jan 6 14:21:14.657: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 0023.142b.319c
Jan 6 14:21:14.657: dot11_auth_dot1x_send_client_fail: Authentication failed for 0023.142b.319c
Jan 6 14:21:14.657: %DOT11-7-AUTH_FAILED: Station 0023.142b.319c Authentication failed
Jan 6 14:21:14.877: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:14.877: dot11_auth_dot1x_send_id_req_to
WAP>_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:14.889: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0023.142b.319c
Jan 6 14:21:14.889: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:14.889: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:14.897: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0023.142b.319c
Jan 6 14:21:
WAP>14.897: dot11_auth_dot1x_send_response_to_server: Sending client 0023.142b.319c data to server
Jan 6 14:21:14.897: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Jan 6 14:21:14.897: RADIUS/ENCODE(0000147B):Orig. component type = DOT11
Jan 6 14:21:14.897: RADIUS: AAA Unsupported Attr: ssid [347] 8
Jan 6 14:21:14.897: RADIUS: 50 48 41 4E 54 4F [ PHANTO]
Jan 6 14:21:14.897: RADIUS: AAA Unsupported Attr: service-type [345] 4 1
WAP>Jan 6 14:21:14.897: RADIUS: AAA Unsupported Attr: interface [222] 4
Jan 6 14:21:14.897: RADIUS: 31 36 [ 16]
Jan 6 14:21:14.897: RADIUS(0000147B): Config NAS IP: 192.168.0.222
Jan 6 14:21:14.897: RADIUS(0000147B): Config NAS IPv6:
Jan 6 14:21:14.897: RADIUS/ENCODE(0000147B): acct_session_id: 5233
Jan 6 14:21:14.897: RADIUS(0000147B): Config NAS IP: 192.168.0.222
Jan 6 14:21:14.897: RADIUS(0000147B): sending
Jan 6 14:21:14.897: RADIUS(0000147B): Send Access-Reques
WAP>t to 192.168.0.19:1645 id 1645/73, len 151
Jan 6 14:21:14.897: RADIUS: authenticator 78 C3 13 8A 04 95 E5 FF - 75 6B 15 A8 A3 04 8E 8B
Jan 6 14:21:14.897: RADIUS: User-Name [1] 7 "Brian"
Jan 6 14:21:14.897: RADIUS: Framed-MTU [12] 6 1400
Jan 6 14:21:14.897: RADIUS: Called-Station-Id [30] 28 "34-A8-4E-BD-F3-50:PHANTOM5"
Jan 6 14:21:14.897: RADIUS: Calling-Station-Id [31] 16 "0023.142b.319c"
Jan 6 14:21:14.897: RADIUS: Service-Type
WAP> [6] 6 Login [1]
Jan 6 14:21:14.897: RADIUS: Message-Authenticato[80] 18
Jan 6 14:21:14.897: RADIUS: DA 6E C2 AD 8B 41 1C 2F 28 6A D9 2B 0A BD 8B 76 [ nA/(j+v]
Jan 6 14:21:14.897: RADIUS: EAP-Message [79] 12
Jan 6 14:21:14.897: RADIUS: 02 02 00 0A 01 42 72 69 61 6E [ Brian]
Jan 6 14:21:14.897: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
Jan 6 14:21:14.897: RADIUS: NAS-Port [5] 6 1614
WAP>
Jan 6 14:21:14.897: RADIUS: NAS-Port-Id [87] 6 "1614"
Jan 6 14:21:14.897: RADIUS: NAS-IP-Address [4] 6 192.168.0.222
Jan 6 14:21:14.897: RADIUS: Nas-Identifier [32] 14 "WAP"
Jan 6 14:21:14.897: RADIUS(0000147B): Sending a IPv4 Radius Packet
Jan 6 14:21:14.897: RADIUS(0000147B): Started 5 sec timeout
Jan 6 14:21:14.901: RADIUS: Received from id 1645/73 192.168.0.19:1645, Access-Accept, len 66
Jan 6 14:21:14.901: RADIUS: a
WAP>uthenticator 4A AA 91 09 C1 0C 05 25 - 59 17 27 0C 4C 1B 29 2D
Jan 6 14:21:14.901: RADIUS: Class [25] 46
Jan 6 14:21:14.901: RADIUS: B2 3F 0A 00 00 00 01 37 00 01 02 00 C0 A8 00 13 00 00 00 00 5D 7B 6B 09 AC 82 24 A3 01 CE FC 72 A7 8E 51 DC 00 00 00 00 00 00 02 67 [ ?7]{k$rQg]
Jan 6 14:21:14.901: RADIUS(0000147B): Received from id 1645/73
Jan 6 14:21:14.901: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 0023.142b.319c
Jan 6 14:21:14.901: dot1
WAP>1_auth_dot1x_send_client_fail: Authentication failed for 0023.142b.319c
Jan 6 14:21:25.129: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:25.129: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:25.149: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0023.142b.319c
Jan 6 14:21:25.149: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6
WAP>14:21:25.149: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:25.881: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0023.142b.319c
Jan 6 14:21:25.881: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
Jan 6 14:21:25.897: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 0023.142b.319c
Jan 6 14:21:25.897: dot11_auth_dot1x_send_id_req_to_client: Sending identity r
WAP>equest to 0023.142b.319c
Jan 6 14:21:25.897: dot11_auth_dot1x_send_id_req_to_client: Client 0023.142b.319c timer started for 30 seconds
WAP>Hello Steve,
May you help me?
I have the same problem. I use NPS (2008R2) with EAP authentication type Microsoft Protected EAP (PEAP)
ap#
Jun 13 2014 09:09:54.626 UTC: AAA/BIND(000000CF): Bind i/f
Jun 13 2014 09:09:54.626 UTC: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Jun 13 2014 09:09:54.626 UTC: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001e.58a2.ba4b
Jun 13 2014 09:09:54.626 UTC: dot11_auth_dot1x_send_id_req_to_client: Client 001e.58a2.ba4b timer started for 30 seconds
Jun 13 2014 09:09:54.678 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:09:54.678 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 001e.58a2.ba4b
Jun 13 2014 09:09:54.678 UTC: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001e.58a2.ba4b
Jun 13 2014 09:09:54.678 UTC: dot11_auth_dot1x_send_id_req_to_client: Client 001e.58a2.ba4b timer started for 30 seconds
Jun 13 2014 09:09:54.722 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:09:54.722 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 001e.58a2.ba4b
Jun 13 2014 09:09:54.722 UTC: dot11_auth_dot1x_send_response_to_server: Sending client 001e.58a2.ba4b data to server
Jun 13 2014 09:09:54.722 UTC: AAA/AUTHEN/PPP (000000CF): Pick method list 'eap_methods1'
Jun 13 2014 09:09:54.722 UTC: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Jun 13 2014 09:09:54.722 UTC: RADIUS/ENCODE(000000CF):Orig. component type = DOT11
Jun 13 2014 09:09:54.722 UTC: RADIUS: AAA Unsupported Attr: ssid [347] 2
Jun 13 2014 09:09:54.722 UTC: RADIUS: AAA Unsupported Attr: service-type [345] 4 1
Jun 13 2014 09:09:54.722 UTC: RADIUS: AAA Unsupported Attr: interface [222] 3
Jun 13 2014 09:09:54.722 UTC: RADIUS: 33 [ 3]
Jun 13 2014 09:09:54.722 UTC: RADIUS(000000CF): Config NAS IP: 172.16.254.116
Jun 13 2014 09:09:54.722 UTC: RADIUS(000000CF): Config NAS IPv6:
Jun 13 2014 09:09:54.722 UTC: RADIUS/ENCODE(000000CF): acct_session_id: 196
Jun 13 2014 09:09:54.722 UTC: RADIUS(000000CF): Config NAS IP: 172.16.254.116
Jun 13 2014 09:09:54.722 UTC: RADIUS(000000CF): sending
Jun 13 2014 09:09:54.722 UTC: RADIUS(000000CF): Send Access-Request to 172.16.0.32:1812 id 1645/31, len 176
Jun 13 2014 09:09:54.722 UTC: RADIUS: authenticator ED 3E CB D4 84 55 33 F0 - 86 6C DF 99 16 BA EB AA
Jun 13 2014 09:09:54.722 UTC: RADIUS: User-Name [1] 28 "host/WM-WSUS-998.empresa.local"
Jun 13 2014 09:09:54.722 UTC: RADIUS: Framed-MTU [12] 6 1400
Jun 13 2014 09:09:54.722 UTC: RADIUS: Called-Station-Id [30] 22 "2C-3E-CF-0B-BF-60:1A"
Jun 13 2014 09:09:54.722 UTC: RADIUS: Calling-Station-Id [31] 16 "001e.58a2.ba4b"
Jun 13 2014 09:09:54.722 UTC: RADIUS: Service-Type [6] 6 Login [1]
Jun 13 2014 09:09:54.722 UTC: RADIUS: Message-Authenticato[80] 18
Jun 13 2014 09:09:54.722 UTC: RADIUS: 59 93 3E 54 FB 36 B1 66 AB 37 0B 2C 1F F1 EC F6 [ Y>T6f7,]
Jun 13 2014 09:09:54.722 UTC: RADIUS: EAP-Message [79] 33
Jun 13 2014 09:09:54.722 UTC: RADIUS: 02 02 00 1F 01 68 6F 73 74 2F 57 4D 2D 57 53 55 53 2D 39 39 38 [host/WM-WSUS-998]
Jun 13 2014 09:09:54.722 UTC: RADIUS: 2E 63 62 61 2E 6C 6F 63 61 6C [ .empresa.local]
Jun 13 2014 09:09:54.722 UTC: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
Jun 13 2014 09:09:54.722 UTC: RADIUS: NAS-Port [5] 6 300
Jun 13 2014 09:09:54.722 UTC: RADIUS: NAS-Port-Id [87] 5 "300"
Jun 13 2014 09:09:54.722 UTC: RADIUS: NAS-IP-Address [4] 6 172.16.254.116
Jun 13 2014 09:09:54.722 UTC: RADIUS: Nas-Identifier [32] 4 "ap"
Jun 13 2014 09:09:54.722 UTC: RADIUS(000000CF): Sending a IPv4 Radius Packet
Jun 13 2014 09:09:54.722 UTC: RADIUS(000000CF): Started 5 sec timeout
Jun 13 2014 09:09:54.726 UTC: RADIUS: Received from id 1645/31 172.16.0.32:1812, Access-Reject, len 44
Jun 13 2014 09:09:54.726 UTC: RADIUS: authenticator 47 24 C1 77 82 B3 F0 03 - 07 10 27 E8 AB 13 3C A5
Jun 13 2014 09:09:54.726 UTC: RADIUS: EAP-Message [79] 6
Jun 13 2014 09:09:54.726 UTC: RADIUS: 04 02 00 04
Jun 13 2014 09:09:54.726 UTC: RADIUS: Message-Authenticato[80] 18
Jun 13 2014 09:09:54.726 UTC: RADIUS: CB EA D6 A6 38 03 A3 26 6B 7C 32 FA 83 3C 49 0D [ 8&k|2<I]
Jun 13 2014 09:09:54.726 UTC: RADIUS(000000CF): Received from id 1645/31
Jun 13 2014 09:09:54.726 UTC: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
Jun 13 2014 09:09:54.726 UTC: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL
Jun 13 2014 09:09:54.726 UTC: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
Jun 13 2014 09:09:54.726 UTC: Client 001e.58a2.ba4b failed: by EAP authentication server
Jun 13 2014 09:09:54.726 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 001e.58a2.ba4b
Jun 13 2014 09:09:54.726 UTC: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 001e.58a2.ba4b
Jun 13 2014 09:09:54.726 UTC: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
Jun 13 2014 09:09:54.726 UTC: dot11_auth_dot1x_send_client_fail: Authentication failed for 001e.58a2.ba4b
Jun 13 2014 09:09:54.726 UTC: %DOT11-7-AUTH_FAILED: Station 001e.58a2.ba4b Authentication failed
Jun 13 2014 09:09:55.654 UTC: AAA/BIND(000000D0): Bind i/f
Jun 13 2014 09:09:55.654 UTC: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Jun 13 2014 09:09:55.654 UTC: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001e.58a2.ba4b
Jun 13 2014 09:09:55.654 UTC: dot11_auth_dot1x_send_id_req_to_client: Client 001e.58a2.ba4b timer started for 30 seconds
Jun 13 2014 09:09:55.706 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:09:55.706 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 001e.58a2.ba4b
Jun 13 2014 09:09:55.710 UTC: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001e.58a2.ba4b
Jun 13 2014 09:09:55.710 UTC: dot11_auth_dot1x_send_id_req_to_client: Client 001e.58a2.ba4b timer started for 30 seconds
Jun 13 2014 09:09:55.750 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:09:55.750 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 001e.58a2.ba4b
Jun 13 2014 09:09:55.754 UTC: dot11_auth_dot1x_send_response_to_server: Sending client 001e.58a2.ba4b data to server
Jun 13 2014 09:09:55.754 UTC: AAA/AUTHEN/PPP (000000D0): Pick method list 'eap_methods1'
Jun 13 2014 09:09:55.754 UTC: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Jun 13 2014 09:09:55.754 UTC: RADIUS/ENCODE(000000D0):Orig. component type = DOT11
Jun 13 2014 09:09:55.754 UTC: RADIUS: AAA Unsupported Attr: ssid [347] 2
Jun 13 2014 09:09:55.754 UTC: RADIUS: AAA Unsupported Attr: service-type [345] 4 1
Jun 13 2014 09:09:55.754 UTC: RADIUS: AAA Unsupported Attr: interface [222] 3
Jun 13 2014 09:09:55.754 UTC: RADIUS: 33 [ 3]
Jun 13 2014 09:09:55.754 UTC: RADIUS(000000D0): Config NAS IP: 172.16.254.116
Jun 13 2014 09:09:55.754 UTC: RADIUS(000000D0): Config NAS IPv6:
Jun 13 2014 09:09:55.754 UTC: RADIUS/ENCODE(000000D0): acct_session_id: 197
Jun 13 2014 09:09:55.754 UTC: RADIUS(000000D0): Config NAS IP: 172.16.254.116
Jun 13 2014 09:09:55.754 UTC: RADIUS(000000D0): sending
Jun 13 2014 09:09:55.754 UTC: RADIUS(000000D0): Send Access-Request to 172.16.0.32:1812 id 1645/32, len 158
Jun 13 2014 09:09:55.754 UTC: RADIUS: authenticator F7 DD 10 96 F1 8E 11 29 - A2 FC 7A 8D B9 A0 D3 02
Jun 13 2014 09:09:55.754 UTC: RADIUS: User-Name [1] 19 "Empresa\Roberto.Carlos"
Jun 13 2014 09:09:55.754 UTC: RADIUS: Framed-MTU [12] 6 1400
Jun 13 2014 09:09:55.754 UTC: RADIUS: Called-Station-Id [30] 22 "2C-3E-CF-0B-BF-60:1A"
Jun 13 2014 09:09:55.754 UTC: RADIUS: Calling-Station-Id [31] 16 "001e.58a2.ba4b"
Jun 13 2014 09:09:55.754 UTC: RADIUS: Service-Type [6] 6 Login [1]
Jun 13 2014 09:09:55.754 UTC: RADIUS: Message-Authenticato[80] 18
Jun 13 2014 09:09:55.754 UTC: RADIUS: 69 B6 AA D3 A4 FD 65 CF 65 31 50 A1 1E 05 77 0C [ iee1Pw]
Jun 13 2014 09:09:55.754 UTC: RADIUS: EAP-Message [79] 24
Jun 13 2014 09:09:55.754 UTC: RADIUS: 02 02 00 16 01 43 42 41 5C 50 65 64 72 6F 2E 41 6C 6D 65 69 64 [Empresa\Roberto.Carlos]
Jun 13 2014 09:09:55.754 UTC: RADIUS: 61 [ a]
Jun 13 2014 09:09:55.754 UTC: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
Jun 13 2014 09:09:55.754 UTC: RADIUS: NAS-Port [5] 6 301
Jun 13 2014 09:09:55.754 UTC: RADIUS: NAS-Port-Id [87] 5 "301"
Jun 13 2014 09:09:55.754 UTC: RADIUS: NAS-IP-Address [4] 6 172.16.254.116
Jun 13 2014 09:09:55.754 UTC: RADIUS: Nas-Identifier [32] 4 "ap"
Jun 13 2014 09:09:55.754 UTC: RADIUS(000000D0): Sending a IPv4 Radius Packet
Jun 13 2014 09:09:55.754 UTC: RADIUS(000000D0): Started 5 sec timeout
Jun 13 2014 09:09:55.758 UTC: RADIUS: Received from id 1645/32 172.16.0.32:1812, Access-Challenge, len 90
Jun 13 2014 09:09:55.758 UTC: RADIUS: authenticator 32 B7 0B BA 04 5D 6F C5 - B7 63 1A 6D CF 69 E7 50
Jun 13 2014 09:09:55.758 UTC: RADIUS: Session-Timeout [27] 6 30
Jun 13 2014 09:09:55.758 UTC: RADIUS: EAP-Message [79] 8
Jun 13 2014 09:09:55.758 UTC: RADIUS: 01 03 00 06 19 20 [ ]
Jun 13 2014 09:09:55.758 UTC: RADIUS: State [24] 38
Jun 13 2014 09:09:55.758 UTC: RADIUS: 1E 94 02 C3 00 00 01 37 00 01 02 00 AC 10 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 25 26 56 D2 [ 7 8?&V]
Jun 13 2014 09:09:55.758 UTC: RADIUS: Message-Authenticato[80] 18
Jun 13 2014 09:09:55.758 UTC: RADIUS: 9C A4 5C 09 68 3C 77 A4 1A 3A 73 6C CA A3 29 88 [ \h<w:sl)]
Jun 13 2014 09:09:55.758 UTC: RADIUS(000000D0): Received from id 1645/32
Jun 13 2014 09:09:55.758 UTC: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
Jun 13 2014 09:09:55.758 UTC: dot11_auth_dot1x_parse_aaa_resp: Received server response: GET_CHALLENGE_RESPONSE
Jun 13 2014 09:09:55.758 UTC: dot11_auth_dot1x_parse_aaa_resp: found session timeout 30 sec
Jun 13 2014 09:09:55.758 UTC: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
Jun 13 2014 09:09:55.758 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_REPLY) for 001e.58a2.ba4b
Jun 13 2014 09:09:55.758 UTC: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 001e.58a2.ba4b
Jun 13 2014 09:09:55.762 UTC: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
Jun 13 2014 09:09:55.770 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:09:55.770 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 001e.58a2.ba4b
Jun 13 2014 09:09:55.770 UTC: dot11_auth_dot1x_send_response_to_server: Sending client 001e.58a2.ba4b data to server
Jun 13 2014 09:09:55.770 UTC: AAA/AUTHEN/PPP (000000D0): Pick method list 'eap_methods1'
Jun 13 2014 09:09:55.770 UTC: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Jun 13 2014 09:09:55.770 UTC: RADIUS/ENCODE(000000D0):Orig. component type = DOT11
Jun 13 2014 09:09:55.770 UTC: RADIUS: AAA Unsupported Attr: ssid [347] 2
Jun 13 2014 09:09:55.770 UTC: RADIUS: AAA Unsupported Attr: service-type [345] 4 1
Jun 13 2014 09:09:55.770 UTC: RADIUS: AAA Unsupported Attr: interface [222] 3
Jun 13 2014 09:09:55.770 UTC: RADIUS: 33 [ 3]
Jun 13 2014 09:09:55.770 UTC: RADIUS(000000D0): Config NAS IP: 172.16.254.116
Jun 13 2014 09:09:55.770 UTC: RADIUS(000000D0): Config NAS IPv6:
Jun 13 2014 09:09:55.770 UTC: RADIUS/ENCODE(000000D0): acct_session_id: 197
Jun 13 2014 09:09:55.770 UTC: RADIUS(000000D0): Config NAS IP: 172.16.254.116
Jun 13 2014 09:09:55.770 UTC: RADIUS(000000D0): sending
Jun 13 2014 09:09:55.770 UTC: RADIUS(000000D0): Send Access-Request to 172.16.0.32:1812 id 1645/33, len 279
Jun 13 2014 09:09:55.770 UTC: RADIUS: authenticator 9C D8 E3 47 46 9C A3 8F - BE 1E 5F AF 42 CA 3C 70
Jun 13 2014 09:09:55.770 UTC: RADIUS: User-Name [1] 19 "Empresa\Roberto.Carlos"
Jun 13 2014 09:09:55.770 UTC: RADIUS: Framed-MTU [12] 6 1400
Jun 13 2014 09:09:55.770 UTC: RADIUS: Called-Station-Id [30] 22 "2C-3E-CF-0B-BF-60:1A"
Jun 13 2014 09:09:55.770 UTC: RADIUS: Calling-Station-Id [31] 16 "001e.58a2.ba4b"
Jun 13 2014 09:09:55.770 UTC: RADIUS: Service-Type [6] 6 Login [1]
Jun 13 2014 09:09:55.770 UTC: RADIUS: Message-Authenticato[80] 18
Jun 13 2014 09:09:55.770 UTC: RADIUS: 12 97 DB 9A 4E F2 6C 8A F2 69 FB 27 61 8D 95 9F [ Nli'a]
Jun 13 2014 09:09:55.770 UTC: RADIUS: EAP-Message [79] 107
Jun 13 2014 09:09:55.770 UTC: RADIUS: 02 03 00 69 19 80 00 00 00 5F 16 03 01 00 5A 01 00 00 56 03 01 53 9A E9 E5 2A 3B 9E C8 C1 69 42 EA C9 79 B6 2D 2B 4C 18 63 5D A3 DA B8 89 53 [i_ZVS*;iBy-+Lc]S]
Jun 13 2014 09:09:55.770 UTC: RADIUS: B8 8E C3 F7 79 03 00 00 18 00 2F 00 35 00 05 00 0A C0 13 C0 14 C0 09 C0 0A 00 32 00 38 00 13 00 04 01 00 00 15 FF 01 00 01 00 00 0A 00 06 00 04 00 17 00 18 00 0B 00 02 01 00 [ y/528]
Jun 13 2014 09:09:55.770 UTC: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
Jun 13 2014 09:09:55.770 UTC: RADIUS: NAS-Port [5] 6 301
Jun 13 2014 09:09:55.770 UTC: RADIUS: NAS-Port-Id [87] 5 "301"
Jun 13 2014 09:09:55.770 UTC: RADIUS: State [24] 38
Jun 13 2014 09:09:55.770 UTC: RADIUS: 1E 94 02 C3 00 00 01 37 00 01 02 00 AC 10 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 25 26 56 D2 [ 7 8?&V]
Jun 13 2014 09:09:55.770 UTC: RADIUS: NAS-IP-Address [4] 6 172.16.254.116
Jun 13 2014 09:09:55.770 UTC: RADIUS: Nas-Identifier [32] 4 "ap"
Jun 13 2014 09:09:55.770 UTC: RADIUS(000000D0): Sending a IPv4 Radius Packet
Jun 13 2014 09:09:55.770 UTC: RADIUS(000000D0): Started 5 sec timeout
Jun 13 2014 09:10:00.766 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:10:00.766 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,EAP_START) for 001e.58a2.ba4b
Jun 13 2014 09:10:00.766 UTC: dot11_auth_dot1x_ignore_event: Ignore event: do nothing
Jun 13 2014 09:10:00.794 UTC: RADIUS(000000D0): Request timed out
Jun 13 2014 09:10:00.794 UTC: RADIUS: Retransmit to (172.16.0.32:1812,1813) for id 1645/33
Jun 13 2014 09:10:00.794 UTC: RADIUS(000000D0): Started 5 sec timeout
Jun 13 2014 09:10:01.782 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:10:01.782 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,EAP_START) for 001e.58a2.ba4b
Jun 13 2014 09:10:01.782 UTC: dot11_auth_dot1x_ignore_event: Ignore event: do nothing
Jun 13 2014 09:10:02.794 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:10:02.794 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,EAP_START) for 001e.58a2.ba4b
Jun 13 2014 09:10:02.794 UTC: dot11_auth_dot1x_ignore_event: Ignore event: do nothing
Jun 13 2014 09:10:04.690 UTC: AAA/BIND(000000D1): Bind i/f
Jun 13 2014 09:10:04.690 UTC: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Jun 13 2014 09:10:04.690 UTC: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001e.58a2.ba4b
Jun 13 2014 09:10:04.690 UTC: dot11_auth_dot1x_send_id_req_to_client: Client 001e.58a2.ba4b timer started for 30 seconds
Jun 13 2014 09:10:05.146 UTC: RADIUS(000000D0): Request timed out
Jun 13 2014 09:10:05.146 UTC: RADIUS: Retransmit to (172.16.0.32:1812,1813) for id 1645/33
Jun 13 2014 09:10:05.146 UTC: RADIUS(000000D0): Started 5 sec timeout
Jun 13 2014 09:10:05.874 UTC: AAA/BIND(000000D2): Bind i/f
Jun 13 2014 09:10:05.874 UTC: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
Jun 13 2014 09:10:05.874 UTC: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001e.58a2.ba4b
Jun 13 2014 09:10:05.874 UTC: dot11_auth_dot1x_send_id_req_to_client: Client 001e.58a2.ba4b timer started for 30 seconds
Jun 13 2014 09:10:05.922 UTC: dot11_auth_parse_client_pak: Received EAPOL packet from 001e.58a2.ba4b
Jun 13 2014 09:10:05.922 UTC: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 001e.58a2.ba4b
Jun 13 2014 09:10:05.922 UTC: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 001e.58a2.ba4b
Jun 13 2014 09:10:05.922 UTC: dot11_auth_dot1x_send_id_req_to_client: Client 001e.58a2.ba4b timer started for 30 seconds
Jun 13 2014 09:10:09.818 UTC: RADIUS(000000D0): Request timed out
Jun 13 2014 09:10:09.818 UTC: RADIUS: Retransmit to (172.16.0.32:1812,1813) for id 1645/33
Jun 13 2014 09:10:09.818 UTC: RADIUS(000000D0): Started 5 sec timeout
Jun 13 2014 09:10:14.746 UTC: RADIUS(000000D0): Request timed out
Jun 13 2014 09:10:14.746 UTC: RADIUS: Retransmit to (172.16.0.32:1812,1813) for id 1645/33
Jun 13 2014 09:10:14.746 UTC: RADIUS(000000D0): Started 5 sec timeout
Jun 13 2014 09:10:19.034 UTC: RADIUS(000000D0): Request timed out
Jun 13 2014 09:10:19.034 UTC: RADIUS: Fail-over denied to (172.16.0.32:1812,1813) for id 1645/33
Jun 13 2014 09:10:19.034 UTC: RADIUS: No response from (172.16.0.32:1812,1813) for id 1645/33
Jun 13 2014 09:10:19.034 UTC: RADIUS/DECODE: No response from radius-server; parse response; FAIL
Jun 13 2014 09:10:19.034 UTC: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL -
we currently have 3 aironet 1600 ap's configured with the exact same configuration file. these ap's are within 50-75 feet of each other. at various times dhcp seems to stop functioning. i wondering if only one of the ap's should be configured as dhcp server. all three have the same dhcp configuration as follows:
ip dhcp binding cleanup interval 600
ip dhcp excluded-address 172.17.193.65 172.17.193.69
ip dhcp pool TC-WIRELESS
network 172.17.193.64 255.255.255.224
default-router 172.17.193.65
dns-server 4.2.2.1 4.2.2.2
can someone please help !!!!!!!no, there is nothing you need to do on the AP.
DHCP is a broadcast, so if the AP BVI and the clients are on the same subnet the DCHP service will respond to the packet.
If the clients are on a different VLAN than the BVI, you will need to add an ip helper to your L3 interface pointing at the BVI address of the AP that is doing the DHCP.
HTH,
Steve -
Wireless Clients cannot communicate to eachother.
I have a 871W router that I am having trouble getting wireless clients to communicate.
I can ping and use applications from any wired client to any wireless device. However I am unable to ping or use any other protacol from one wireless device to another.
I have confirmed that there is no firewalls on the endpoints blocking communication.
I have removed ACLs on the BVI1 interface but that had no affect.
Any assistance would be greatly appreciated.
Current configuration : 7670 bytes
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname cc-fw-router
boot-start-marker
boot-end-marker
logging buffered 51200 debugging
enable secret 5 $1$crkU$2cWtWnMRjMvfo4ADb4pfi0
aaa new-model
aaa authentication login default local none
aaa session-id common
resource policy
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.20.1
ip dhcp pool sdm-pool1
import all
network 10.10.20.0 255.255.255.0
default-router 10.10.20.1
dns-server 192.168.2.244 8.8.8.8
ip dhcp pool xbox
host 10.10.20.20 255.255.255.0
hardware-address 0100.1dd8.5b52.73 ieee802
dns-server 192.168.2.251 4.2.2.2
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name yourdomain.com
ip name-server 4.2.2.2
ip ssh time-out 60
ip ssh authentication-retries 2
crypto pki trustpoint TP-self-signed-1816499983
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1816499983
revocation-check none
rsakeypair TP-self-signed-1816499983
crypto pki certificate chain TP-self-signed-1816499983
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383136 34393939 3833301E 170D3038 30323039 32313436
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38313634
39393938 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BD37 F594F5B4 726A60BA 2C99B43C 0DE6814A 17BB53C2 A2202828 D6AA7774
7E3FF99D 7A6B06D8 C7A52D0E 2989CF78 F5E892C0 9A9DA783 1E6C8B59 6F8B01D7
1E631226 D372D65B 6E72CA49 D572FEA6 26131F83 32F87678 4B13735F 383D9F65
287E2CE3 46459CAD 582DB438 6E599885 BAE48719 4AC9EB73 8BC32114 C6C637C9
80350203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A63632D 66772D70 65746572 2E796F75 72646F6D 61696E2E
636F6D30 1F060355 1D230418 30168014 391859D0 F5A8499D 8EF185B7 DC937161
7F2B7CBA 301D0603 551D0E04 16041439 1859D0F5 A8499D8E F185B7DC 9371617F
2B7CBA30 0D06092A 864886F7 0D010104 05000381 8100BC17 189FF9F1 01349085
70E363E9 47AB7A9A 6F80498B D8F727DF 687CC37E 8FF3024F 30451A97 C4C81676
C2FCA1A0 2B51D091 AA0B44E7 BA7FCA6A ED98CF5F 3EE60AD4 AB79DB09 BBE94F64
C83FB22E 8936E561 C84AF542 DB4756E3 6EF31359 4210262A 43D2E1F7 15DD3E32
15278156 9569D8BE 5EC38773 9A2EFB63 11C55FFD 93B4
quit
username user privilege 15 secret 5 $1$wVlg$THSMUBnF3f3A3o2Oh18xS/
username ccadmin password 7 09774C051612111B180439
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key 01234567890123456789 address 96.252.99.66 no-xauth
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel
set peer OFFICEVPN IP
set transform-set ESP-3DES-SHA1
match address 103
bridge irb
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $FW_OUTSIDE$$ES_WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface Dot11Radio0
no ip address
encryption mode ciphers tkip
ssid my_home
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 133E1413181F0138273D15
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no dot11 extension aironet
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip virtual-reassembly
bridge-group 1
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname verizonfios
ppp chap password 7 01050316521109012745411A
ppp pap sent-username verizonfios password 7 120F00051B11030A2C222B3B
crypto map SDM_CMAP_1
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 10.10.20.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1200
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip nat inside source static udp 10.10.20.20 88 interface Dialer0 88
ip nat inside source static tcp 10.10.20.20 3074 interface Dialer0 3074
ip nat inside source static udp 10.10.20.20 3074 interface Dialer0 3074
logging 10.10.20.27
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.20.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 103 remark SDM_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.10.20.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 103 permit ip 10.10.20.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 110 deny ip 10.10.20.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 110 deny ip 10.10.20.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 110 permit ip 10.10.20.0 0.0.0.255 any
access-list 120 remark Xbox
access-list 120 permit tcp any eq 88 host 10.10.20.20 eq 88
access-list 120 permit tcp any eq 3074 host 10.10.20.20 eq 3074
access-list 120 permit udp any eq 3074 host 10.10.20.20 eq 3074
dialer-list 1 protocol ip permit
snmp-server community public RO
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 110
control-plane
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
endsee the option "client Isolation"in the Ap
Posted by WebUser Anshul Rohilla -
Software downloads for Aironet 350 Wireless LAN Adapter
Where can I get the software to install the Aironet 350 Wireless LAN Adapter? Will it have a client manager? I think that's what the software is to switch settings as you change locations.Model: AIR-PCM352
Hi,
You can download the software from the below link using your CCO login:-
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875243
Cisco Aironet Wireless LAN Client Adapters
Cisco Aironet 340 Wireless PC Card Adapter
Cisco Aironet 340 Wireless PCI/LMC Adapter
Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter
Cisco Aironet 350 Wireless LAN Client Adapter
Cisco Aironet 5 GHz 54 Mbps Wireless LAN Client Adapter (CB20A)
Cisco Aironet 802.11a/b/g CardBus Wireless LAN Client Adapter (CB21AG)
Cisco Aironet 802.11a/b/g PCI Wireless LAN Client Adapter (PI21AG)
Plz rate if this help.
Regards
Inayath Shariff -
Server 2008 R2 RADIUS Server with a Cisco Aironet 1040 Wireless AP
I am trying to get Server 2008 R2 RADIUS Server to work with a Cisco Aironet 1040 Wireless AP. I have installed the RADIUS server by MS standards and performed some searches on Google to configure the Cisco Aironet. I see others using a Wireless LAN Controller, which I do not have. I found this post below:
https://supportforums.cisco.com/discussion/11546056/wlc-2504-radius-2008-r2-server
But I have yet to locate a good step by step document on how to set it up and I have found so many different ways that others have set it up, but none have yet to work. I am having authentication issues that I have know of and I do not see any errors in the Windows Event Viewer and I do not know where the Acess Point stores it logs for any sort of error. Keep in mind this is the first time I am doing this. I do not have a Wireless LAN Controller and all my network / domain services are on individually built servers and not on one single server as I have seen with most of the documentation they all say the same thing by putting the Certificate Services, Domain Services (AD / ADS, etc), and NPS. I do not want that configuration and my setup should not be any different, but something is not right. I know from reading that this is not rocket science, but from someone who has never done it before this is difficult as I keep reading on and so many people do it different ways including what I have been reading according to what Cisco says to configure in the environment. Does anyone know where I can find good step by step documentation along with where I can look for logs on either device? I find that all the documentation I see on Cisco's website and from searching that it is old and outdated and not been updated in a long time so it is hard to determine what works and what does not work. I am stumped here and have been doing this for several weeks now with no luck. Thank you in advance.I did configure the Server 2008 R2 RADIUS Server using this video below:
https://www.youtube.com/watch?v=g-0MM_tK-Tk
I also referenced Technet to make sure it was configured correctly as well. I am still not sure if I am 100% setup correctly on the Windows Server side, but I for sure want to make sure I have the AP side setup correctly. Do you know of a better article for the Windows Server 2008 R2 setup? Does it matter that I do not have all the services installed on the same server? Instead I have them installed on multiple servers.
I have image number c1140-k9w7-tar.124.25d.JA1 on the AP. The part that confused me in that article, which I have seen before was the part about "Setting up access point must be configured in the authentication server as an AAA client." What is the AAA Client? I also am not aware of having Cisco Secure ACS anywhere built into the AP as that part through me off completely. Do I need to skip these steps? Thank you for help on this. -
1131AG: Wireless clients randomly unreachable
Hi,
I have a weird issue with my 1131AG-E-K9. I set up a lab at home to get back into the topic after a few years break. My 1131AG is connected to one of the PoE ports of an ASA5505. Clients are 2 Soundbridge internet radios, my Android phone and my laptop. The wireless clients get their IP via DHCP from a central server in the wired LAN.
Now the problem:
The wireless clients become randomly unreachable. The DHCP leases are valid 1 hour and once a day, usually in the afternoon, the radios don't get a new IP anymore. When I monitor the LAN, I see the DHCPREQUEST, DHCPDISCOVER and DHCPOFFER packets but they don't seem to arrive in the WLAN. When I manually deassociate one arbitrary client or a completely different client, say, my laptop joins the network and gets an IP via DHCP, suddenly all clients receive the DHCPOFFER and go back active.
So it looks like the access point would somehow start throwing away packets from the server to the radios after some time.
I'm pretty much clueless and have googled for hours to find a solution...
The server and the radios are talking constantly to each other, however, mostly through broadcasts (Bonjour and DLNA).
I do not have the problem when I use a cheap crap consumer AP instead of the 1131AG, so I would at first glance exclude the ASA as source of the problems. The network is also flat, i.e. the WLAN is the same subnet as the LAN and there's no routing, no fw rules and no different VLANs involved.
Ideas, anyone?
-SHi Sebastian, thank you for your reply! The access point is an autonomous access point AIR-AP1131-AG-E-K9, so there is no WLC involved.
This is the config:
! Last configuration change at 15:16:16 UTC Mon Nov 24 2014 by sgofferj
! NVRAM config last updated at 15:16:21 UTC Mon Nov 24 2014 by sgofferj
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname echo
no logging buffered
no logging rate-limit
no logging console
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
server [RFC1918] auth-port 1812 acct-port 1813
aaa group server radius rad_admin
server [RFC1918] auth-port 1812 acct-port 1813
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache
aaa group server tacacs+ tac_admin
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting exec default start-stop group rad_acct
aaa accounting network acct_methods start-stop group rad_acct
aaa cache profile admin_cache
all
aaa session-id common
no ip igmp snooping
dot11 syslog
dot11 vlan-name LAN vlan 1
dot11 ssid Stefan_Gofferje
vlan 1
authentication open
authentication key-management wpa version 2
guest-mode
mbssid guest-mode
wpa-psk ascii 7 [CODE]
no ids mfp client
power inline negotiation injector 001d.450b.fb08
crypto pki trustpoint TP-self-signed-2716624410
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2716624410
revocation-check none
rsakeypair TP-self-signed-2716624410
crypto pki certificate chain TP-self-signed-2716624410
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373136 36323434 3130301E 170D3134 30373136 31393132
35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37313636
32343431 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C3E0 BCF4B199 68C92993 E4DA9F8E BFD62231 C974A8DA A39F47A7 1268E490
F59A3BCD 123D0F8C 98B4DAC1 0E65FB70 BE42A8A5 A8CF8A75 A5287804 7B3244AC
3AAF5F88 A0533A76 B192A6F8 88AFBADF 2D101637 E6061BC3 FE2F197B BA7E3172
BA5FAA01 85F59AA6 3A99E2C5 4F1F1624 71657D4E 9392E228 B0FA6D3C F97EAFB5
0F770203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
551D1104 15301382 11656368 6F2E676F 66666572 6A652E6E 6574301F 0603551D
23041830 1680141C 09AC7570 978D1975 1CA7A73C 5927A051 6DB28630 1D060355
1D0E0416 04141C09 AC757097 8D19751C A7A73C59 27A0516D B286300D 06092A86
4886F70D 01010405 00038181 000EB3FE 7EA03ABE D215F9DB 0421AC99 CACC9501
9710D99B 3B2F155B FB7C24E1 45DA20E8 FCF7FC2D 4B794CAA 7FDF7B0E 3253A0DE
510B067D 5832636C BE03EA47 F673A389 7488788A 329F014A 755D5D1A 92502A41
11FAD8E8 CE1458DF 45246365 42B42549 C3370C03 7C8FEA47 5F0D4E01 1FF20773
741A6839 A6BBB581 7CDA3262 32
quit
username sgofferj privilege 15 password 7 [CODE]
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 1 mode ciphers aes-ccm
broadcast-key change 10
ssid Stefan_Gofferje
no short-slot-time
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
no dot11 extension aironet
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 1 mode ciphers aes-ccm
broadcast-key change 10
ssid Stefan_Gofferje
no dfs band block
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
channel dfs
station-role root
no dot11 extension aironet
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
no ip http server
ip http authentication aaa
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
logging trap debugging
logging [RFC1918]
access-list 111 permit tcp any any neq telnet
snmp-server view dot11view ieee802dot11 included
snmp-server community public RO
tacacs-server host [RFC1918] key 7 [CODE]
radius-server attribute 32 include-in-access-req format %h
radius-server host [RFC1918] auth-port 1812 acct-port 1813 key 7 [CODE]
radius-server vsa send accounting
bridge 1 route ip
line con 0
access-class 111 in
line vty 0 4
access-class 111 in
sntp server [RFC1918]
sntp broadcast client
end -
Local RADIUS in AP1242 with non-cisco WinXP wireless clients
I'd like to configure local RADIUS in AP1242 and connect non-cisco WinXP wireless clients (for example notebook with integrated radio) with it. I did configuration (config1.txt) like in instruction: http://cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c0912.shtml
But I can't connect non-cisco WinXP wireless client with AP1242 anyway. At once Cisco wireless client with Aironet Desktop Utility connects with it without any problem. I've done some other configuration (config2.txt), but with the same result. Second configuration is rather then first.
How can I connect non-cisco WinXP wireless clients with AP1242 with local RADIUS?Hi Stephen,
Thanks for the quick reply. Below is the switchport config. I am able to ping the AP from the switch and connect to its web page from any workstations.
interface GigabitEthernet0/5
switchport trunk encapsulation dot1q
switchport trunk native vlan 151
switchport mode trunk
end -
Connect WAP4410 to Aironet 1602 in Client mode doesn't work
Hello,
I wish to associate my WAP4410 Aironet 1602 to a wifi bridge.
I will explain my progress.
I configured an SSID on the Aironet (not in guest-mode) with WPA-PSK.
My iphone and my Android able to connect to the Aironet, so we can assume that the link works.
I configured my Android ICS Wifi + 3G with similar parameters.
The WAP4410 can connect to the Android, but does not connect to the Aironet.
The configuration on the WAP4410 is AP "Wireless Client / Repeater" mode with the SSID of the Aironet.
And security in WPA-TKIP + Personnal.
Do you have any idea?
Thanks for your help.As Cody wrote, SP2 introduced changes in the way App-V handles permissions inside the package (which effectively hits the client's physical locations), also changes in how environments with folder redirection are supported change in SP2.
HF4 for SP2 made some modifications, too.
Are you using Folder Redirection for Appdata? Are you publishing the package in both scenarios (SP1, SP2) with the same scopes (user vs. global)?
Falko
Twitter
@kirk_tn | Blog
kirxblog | Web
kirx.org | Fireside
appvbook.com
Hi
We're not redirecting AppData and we only ever publish packages globally to the servers. I'm going to test the package using the HF4 client with the 'write to VFS' option selected and all files outside of the PVAD as per Cody's suggestion.
I've done some more investigation and the two servers are both in the same OU, from what I can gather the only difference between the two is that one is SP1 and one is SP2.
Thanks -
WRT54GC will not give wireless clients IP addresses
Hi, I'm here on a behalf of a friend. I'm working on a WRT54GC wireless router. The issue is that any wireless client wishing to connect to the router (after seeing the SSID) always fail at "Waiting for network" during the connection screen. However, wired clients are able to connect without any problems. I have updated the firmware to the latest one. No security features (WEP/WPA) are enabled. I have tried changing the channel and mode to no avail. MAC address filter is disabled. Wireless card drivers are up to date. I'd like to know what can be done to resolve this issue. Thanks in advance. -Keres
In the non-working computer, temporarily turn off the software firewall, including Windows Firewall, and see it this helps.
Also, give your network a unique SSID. Do not use "linksys". If you are using "linksys" you may be trying to connect to your neighbor's router. Also set "SSID Broadcast" to "enabled". This will help your computer find and lock on to your router's signal.
If you still have trouble, in the computer, go to the wireless adapter software, and go to "Preferred Networks" (sometimes called "Profiles" ), and delete all the networks you find. Reboot computer. Then return to "Preferred Networks" and re-enter your unique network SSID, and set it to "automatic login". Reboot computer. You should connect automatically.
If the above does not fix your problem, download and install the latest driver for your wireless card. -
Cisco 2500 controller with aironet 1600 access point
Hi,
This my first wireless project, and I have a few questions about the installation :
1- some of the access point will be installed in branch offices, connected to the controller through the main MPLS netwrok ( is that possible).
2- If for any reason the connectivity between the AP and the controller get disconnected what will happend to the users connected to the access point.
3- can I have two vlan on the Aironet 1600, the first one to be connected to the controller through the MPLS netwrok and the second for users to public internet.(internet break out).
Thanks,Yes that setup will work. What the others are trying to explain is authentication if your WAN goes down. If your AP's are setup for FlexConnect and you are indeed using AP groups, (using 802.1x) you need to have a radius server and a backup AD sever to allow for authentication to still happen if the WAN goes down. If you have resources centralized, then when the WAN goes down, everything else goes down and no new authentications will take place and any re-authentications will fail with 802.1x.
Take a look at these links
http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html
http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/flexconnect/config_flexconnect_chapter_011.html
Sent from Cisco Technical Support iPhone App -
HWIC-AP-AG-A keep on disconnecting wireless clients sometime its ok but sometimes its not
hi,
i have a HWIC-AP-AG-A running in 2801 router.
RTR01(config-if)#do sho run int Dot11Radio0/1/0
Building configuration...
Current configuration : 367 bytes
interface Dot11Radio0/1/0
no ip address
no dot11 extension aironet
encryption vlan 30 mode ciphers tkip
encryption vlan 40 mode ciphers tkip
encryption vlan 10 mode ciphers tkip
ssid GuestUsers
ssid InternalUsers
ssid SecureZone
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no cdp enable
end
RTR01(config-if)#do sho run int Dot11Radio0/1/1
Building configuration...
Current configuration : 325 bytes
interface Dot11Radio0/1/1
no ip address
encryption vlan 30 mode ciphers tkip
encryption vlan 40 mode ciphers tkip
encryption vlan 10 mode ciphers tkip
ssid GuestUsers
ssid InternalUsers
ssid SecureZone
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no cdp enable
there are days that the wireless signal is keep on disconnecting.. im no sure what is the problem or.. what can i do?
n Interface FastEthernet0/3/0, changed state to up
*Jan 12 11:00:25.511: %LINK-3-UPDOWN: Interface BVI30, changed state to down
*Jan 12 11:00:25.511: %LINK-3-UPDOWN: Interface BVI40, changed state to down
*Jan 12 11:00:26.535: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI30, changed state to down
*Jan 12 11:00:26.535: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI40, changed state to down
*Jan 12 11:00:27.679: %DSPRM-5-UPDOWN: DSP 1 in slot 0, changed state to up
*Jan 12 11:00:28.091: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/0, changed state to up
*Jan 12 11:00:28.503: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/1, changed state to up
*Jan 12 11:00:28.735: %LINK-3-UPDOWN: Interface Foreign Exchange Station 0/2/1, changed state to up
*Jan 12 11:00:28.843: %LINK-3-UPDOWN: Interface Foreign Exchange Station 0/2/0, changed state to up
*Jan 12 11:00:31.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
*Jan 12 11:00:32.290: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP address 222.164.193.47, mask 255.255.252.0, hostname marlonmalinao.homeip.net
*Jan 12 11:00:33.582: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel100, changed state to up
*Jan 12 11:00:42.381: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 123: Neighbor 10.10.254.1 (Tunnel1) is up: new adjacency
*Jan 12 11:00:44.773: %SSH-5-SSH2_SESSION: SSH2 Session request from 172.25.254.4 (tty = 0) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded
*Jan 12 11:00:56.652: %SSH-5-SSH2_USERAUTH: User 'mc.malinao' authentication for SSH2 Session from 172.25.254.4 (tty = 0) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded
*Jan 12 11:00:57.948: %DOT11-6-FREQ_USED: Interface Dot11Radio0/1/1, frequency 5320 selected
*Jan 12 11:00:57.952: %LINK-3-UPDOWN: Interface Dot11Radio0/1/1, changed state to up
*Jan 12 11:00:59.076: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0/1/1, changed state to up
*Jan 12 11:01:00.172: %LINK-3-UPDOWN: Interface BVI30, changed state to up
*Jan 12 11:01:01.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI30, changed state to up
*Jan 12 11:01:05.499: %LINK-3-UPDOWN: Interface BVI40, changed state to up
*Jan 12 11:01:06.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI40, changed state to up
*Jan 12 11:01:13.202: %IPPHONE-6-REG_ALARM: 14: Name=SEP001E4AF3B6D4 Load= SCCP70.8-4-2S Last=UCM-closed-TCP
*Jan 12 11:01:13.206: %IPPHONE-6-REGISTER: ephone-6:SEP001E4AF3B6D4 IP:172.25.254.61 Socket:1 DeviceType:Phone has registered.
*Jan 12 11:01:25.401: %DOT11-6-ASSOC: Interface Dot11Radio0/1/1, Station 8c7b.9dde.e8f9 Associated SSID[InternalUsers] AUTH_TYPE[OPEN] KEY_MGMT[WPA PSK]
*Jan 12 11:01:37.236: %DOT11-6-ASSOC: Interface Dot11Radio0/1/1, Station MCMRTR01 0019.d2b8.3c68 Associated SSID[GuestUsers] AUTH_TYPE[OPEN] KEY_MGMT[WPA PSK]
*Jan 12 11:03:15.542: %DOT11-6-DISASSOC: Interface Dot11Radio0/1/1, Deauthenticating Station 0013.e8a2.a4c1 Reason: Sending station has left the BSS SSID[InternalUsers]
*Jan 12 11:03:43.247: %LINK-3-UPDOWN: Interface Dot11Radio0/1/0, changed state to up
*Jan 12 11:03:44.247: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0/1/0, changed state to up
*Jan 12 11:07:20.957: %DOT11-7-AUTH_FAILED: Station 0013.e8a2.a4c1 Authentication failed
*Jan 12 11:07:32.720: %DOT11-6-ASSOC: Interface Dot11Radio0/1/1, Station MCMX61 0013.e8a2.a4c1 Associated SSID[GuestUsers] AUTH_TYPE[OPEN] KEY_MGMT[WPA PSK]
*Jan 12 11:08:16.023: %DOT11-6-DISASSOC: Interface Dot11Radio0/1/1, Deauthenticating Station 8c7b.9dde.e8f9 Reason: Previous authentication no longer valid SSID[InternalUsers]
*Jan 12 11:08:16.343: %DOT11-6-ASSOC: Interface Dot11Radio0/1/1, Station 8c7b.9dde.e8f9 Associated SSID[InternalUsers] AUTH_TYPE[OPEN] KEY_MGMT[WPA PSK]
*Jan 12 11:09:21.208: %DOT11-4-MAXRETRIES: Packet to client 8c7b.9dde.e8f9 reached max retries, removing the client
*Jan 12 11:09:21.208: %DOT11-6-DISASSOC: Interface Dot11Radio0/1/1, Deauthenticating Station 8c7b.9dde.e8f9 Reason: Previous authentication no longer valid SSID[InternalUsers]Your wireless clients will associate to the best AP interms of signal strenght and signal to noise etc.
There is an LWAPP tunnel between the access point and the controller.
At the controller there will be logical interfaces for the wireless LANS that are asssociated to specific VLANs on the wired network.
It doesn't matter where you are in the building as a client as its the controller that puts the client data onto the wired network.
All client data is tunneled between the access point and the controller.
With regard to the losing IP address situation. I assume that the clients do initially get an IP address and then lose it after a period of time.
Check the session timeout paramter on the controller (look on the WLAN-Advanced).
There is a bug with some versions of software relating to session timeouts. Try setting the timeout to 65535 seconds. The default setting is probably 30 minutes. -
Understanding of wireless client connection to multiple APs
Hello,
I would like to know how do wireless clients connect to APs
For e.g. if in a single floor square office space - wireless network with multiple APs exists on the same SSID, how do clients decide which AP to connect to. For e.g. the client may get similar strength signals from two APs close to each other (such as Excellent). Which AP does client connect to.
Secondly, how does the load distribution take place. For e.g. if on one AP, 10 clients connect and on the other AP, 20 clients connect, how can equal load distribution be acheived, that is 15 on each AP without the tiring MAC filtering configurations.
Thirdly, is there something like number of user/connection restrictions on APs. I have gone through some AP manuals and did not find any such specifications like max. # of users = 20 etc. Currently we are using D-Link AP and have noticed that once the # of connections go upto 20, performance reduces heavily such as the latency on gateway pings go upto 1000-2000ms.
Fourthly, how can I identify from the client to which AP it is connected.
Thanks.I would like to know how do wireless clients connect to APs
For e.g. if in a single floor square office space - wireless network with multiple APs exists on the same SSID, how do clients decide which AP to connect to. For e.g. the client may get similar strength signals from two APs close to each other (such as Excellent). Which AP does client connect to.
ANS - Its first come first serve... however.. sometimes if we have multiple SSIDs one with open auth and no encryption and other fuly protected.. then the client wil connect to the open rather the secured on.
Secondly, how does the load distribution take place. For e.g. if on one AP, 10 clients connect and on the other AP, 20 clients connect, how can equal load distribution be acheived, that is 15 on each AP without the tiring MAC filtering configurations.
ANS - MAC is a good option but apart from that.. i have seen somewhere but not able to remember the command which will limit the number of clients per radio..
Thirdly, is there something like number of user/connection restrictions on APs. I have gone through some AP manuals and did not find any such specifications like max. # of users = 20 etc. Currently we are using D-Link AP and have noticed that once the # of connections go upto 20, performance reduces heavily such as the latency on gateway pings go upto 1000-2000ms.
ANS - AP can take upto 2048 MAC addresses.. its recommended not to have more than 24 clients per AP..
Fourthly, hw can I identify from the client to which AP it is connected.
ANS -If the clients are CCX compatible and aironet extentions enabled on the AP. then the command "show dot11 ass" will tell the clients connecting to which AP.. the AP name will get displsayed in the output..
Regards
Surendra -
Beginner Needs Help with Aironet 1131G Wireless Access Point
I have a new Cisco Aironet 1131G Wireless Access point. It is picking up an IP address and I can ping that address. However, I can't access it via the web-based GUI or the CLI. I have preformed the reset. Any suggestions would be greatly appreciated.
Thanks.Hi,
I cannot access means what?? are you not able to go to CONFIG T prompt from CLI?? and if you are in the same subnet as that of the AP, are you not able to open up the GUI?? if you are not able to then, issue the command "show version" on the AP CLI and see if your image is "RCVKW8" image. if so u need to convert the same to IOS using the below method..
http://www.cisco.com/en/US/docs/wireless/access_point/12.4_21a_JA1/configuration/guide/scg12421aJA1-chap22-trouble.html#wp1038660
lemme know if this answered your question..
Regards
Surendra
====
Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull
Maybe you are looking for
-
CST amount is debit in the purchase price variance
Hi We are maintaining std in the materials master and price procedure as taxinj While doing migo, the CST amount is debit in the purchase price variance and credit in the GR/IR RM, We need to debit the CST amount in the in the Raw material account wh
-
Error using XSLt Transformation
Hi, I am using a servlet to get some results from the web which will be a XML file pass it to a XSLT Processor to covert it into a html doc .The code is compiling but when I run the servlet,i am getting following error. Can anybody tell me how to sol
-
hi, I am getting following error in MIRO transaction ....Can anybody please fix this ? "In company code 3000, the number range 51 is missing for the year 2008" Regards Vijay
-
HT201302 How can I remove the photos after they've been imported to my phone?
I thought I was importing my pictures from my old iphone to my new one and I ended up importing all the pictures that were saved on my computer. How can I delete the pictures I don't want?
-
Is the 5th Generation touch Considered 4th Generation?
I am looking to buy a 32 GB white iPod touch. On some major retail stores (such as amazon and target) they have the "White Apple iPod touch 32GB 4th Generation (current version)" -- Is it the 5th Gen, or 4th. Is the 5th just a copy of the 4th with wh