Cisco 1140AP using WPA2-enterprise with radius
All,
I am trying to configure an1140 AP to use WPA2-enterprise & radius. Ultimately I want to be able to connect to the SSID using my active directory credentials. I would like the AP to send authentication requests to our Network Policy Server. Here is a copy of the config; any help is appreciated.
version 12.4
no service pad
aaa new-model
aaa group server radius rad_eap
server 172.16.16.101 auth-port 1812 acct-port 1813
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius rad_eap1
aaa authentication login myLogin local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication dot1x rad_eap group radius
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 syslog
dot11 ssid ITWireless
authentication open eap rad_eap
authentication key-management wpa version 2
guest-mode
username admin password 7 XXXXXXXXXXXXXXXXXXXXX
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
ssid ITWireless
antenna gain 0
interface Dot11Radio1
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
ssid ITWireless
interface BVI1
ip address 172.16.42.21 255.255.0.0
no ip route-cache
ip default-gateway 172.16.16.198
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host 172.16.16.101 auth-port 1812 acct-port 1813 key 7 1427321938572903
radius-server vsa send accounting
bridge 1 route ip
I did see those screenshots however that settings screen comes from selecting the Configure button next to the Authentication Method in the User Authentication section under Users. In each of your screenshots, the RADIUS Server ID number is 1 so I would also ensure that I've configured RADIUS Server ID 1 which can only be configured by going to Users -> RADIUS Servers.
All that said, I did see that your tests succeeded and I also don't understand the point of having RADIUS settings on the other screens and then having RADIUS ID info. My thinking is that you would be able to configure RADIUS once in the Users -> RADIUS Servers screen and then select the RADIUS Server ID in all the remaining screens without having to enter the RADIUS info over and over again. It would also think that you could skip the Users -> RADIUS Server screen and enter the RADIUS information over and over again and it should work...just like you set it up originally. However, based on past experience of programmatic errors, I would recommend configuring the RADIUS Server ID 1 under Users -> RADIUS Servers if you haven't already...just in case.
Shawn Eftink
CCNA/CCDA
Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Similar Messages
-
Can't change Airport Extreme settings using WPA2 Enterprise
I have a 4th Gen Airport Extreme Base Station that is running 7.6.1 firmware and I've updated the Airport Utility to 6.0 and OS X Server to 10.7.3
I use WPA2 Enterprise using the Radius Server set up from the Server admin tools in Lion Server. I am using my CA signed certificate for the server as my server-side cert. I can connect fine to the wireless network with all my idevices and my MacBook Pro, but whenever I use Airport Utility to amend settings of the Base Station e.g. Back to my Mac, I cannot make updates.
Whenever I click 'Update' I get the following error - 'Invalid value' The value for "Password" is invalid. When I click Review Settings, it takes me to the Shared Secret settings for the connection, but as far as I'm concerned this never needs to be known or changed.
Any ideas?I have the same problem.. Airport utility 6.0 on 4th gen airport extreme and server 10.7.4.
DNS, Radius and Open Directory.
Any update on Airport Util results in "'Invalid value' The value for "Password" is invalid"
Only work around I've found like above is to set network mode to "off" under wireless tab. Update Airport Utility ... then remove/add my base station in Server admin under 'radius' 'base stations' ..
Really very annoying because what I actually want to change is the WPA/WPA2 to WPA2 ONLY.
By default when the base station is added in 'server admin' it sets it as WPA/WPA2 and there is no option to change or control this in 'server admin'... so basically I can not change this option.
I thought maybe that 'invalid' characters (for the airport) where being used by server admin when it generates the 'shared secret' .. so have tried changing to a very simple shared secret in 'airport utility' ... but I still get the same error - "The value for "Password" is invalid"
I will try downgrading to 5.6 but this really is very annoying especially as its a fault that has been allowed to rollover into 10.7.4 !!!!
Sort it out Apple! -
My laptop is using Windows 8.1 and it can't connect to a WiFi using WPA2/Enterprise authenticate
I am using a laptop Dell Inspiron 15z with Windows 8.1 64 Bit OS. And i build a test lab to test WPA2/Enterprise authenticate.
My Lab is like that:
1/ My DC + DNS using Windows 2012 RC2 Standard.
2/ I install CA + Radius Server on DC Server.
3/ My AP WiFi is DrayTek AP810
After configed i can you use my iphone 5s (ios 8.1), my android phone (Samsung Galaxy), 1 laptop Windows 7, 1 laptop Windows 8 to test. And all of them can connected with no problem.
But my laptop using Windows 8.1 64 bit OS can't connected. After i choise the WiFi, it only show "checking network requirement"- not show the option question username and password. (and i config it exactly like laptop Windows 8).
I have tried find the answer on Google but nothing help me. (i have choise PEAP, install Certificate...)
Please help me guys. Thank you so much.Hi,
About this issue, we could troubleshoot as the following methods on the Windows 8.1 client side.
1. Maker sure the "Automatically use my Windows logon name and password" setting on the client is disabled and on your client and type in the correct domain name when prompted.
2. If the issuer persists, delete this network profile in your Windows 8.1 client with commands and manually configure it as
this similar thread.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Hi,
I'm trying to connect to my university wifi which I believe is WPA2 Enterprise protected. I read the wiki about using the Eduroam netctl profile example for WPA2 Enterprise networks but it doesn't seem to work for me. This is what I have:
Connection='wireless'
Interface=wlp4s0b1
Security='wpa-configsection'
Description="nyu wpa2 network"
IP='dhcp'
TimeoutWPA=30
WPAConfigSection=(
'ssid="nyu"'
'key_mgmt=WPA-EAP'
'eap=PEAP'
'proto=WPA2'
'phase2="auth=PAP"' #maybe MSCHAPv2
'auth_alg=OPEN' #maybe
'anonymous_identity="anonymous"' # ex: tu-dresden.de
'identity="myusername"' # ex: [email protected]
'password="mypassword"'
'ca_cert="/usr/share/ca-certificates/trust-source/mozilla.trust.crt"'
Can someone point me to related info or correct my profile? Thanks.Does your university have a site with some information/guidance for using eduroam?
Have you tried other example profiles from here, such as this one and this one? The wiki refers to this AUR package, which seems to be where you got the profile you've tried. Perhaps try the other example profiles. -
Problems connectig using WPA Enterprise with Leopard
I updated my software yesterday, but today i could not log on to the network at my university. There were no problems with the Windows XP pcs I tested. It wonder if it might have something to do with the password reseting itself - when I enter the network preferences screen the password section is blank even if I ask Leopard to remember it.
It seems to accept my password and shows signal strength varying from between two points and full strength, but is listed as disconnected by network diagnostics.
If any of you have experienced similar problems any help would be appreciated.
-jonsef-Welcome to Apple Discussions.
If you are using WPA Enterprise to connect, it's likely that you did so using 802.1X under Mac OS X 10.4 before installing Leopard. This mechanism has changed in Mac OS X 10.5 and it is clearly not performing as expected, and causing serious problems for enterprise and higher education users.
Insert the string <802.1X> in the Search Box in the upper right corner, and you'll see a number of posts about this issue by academic computing staff personnel, who are working cooperatively to identify the issues involved, and find workarounds until the matter can be addressed by Apple.
I suggest also that you contact an AppleCare representative at (800) APL CARE and initiate a case. Be prepared for very long wait on hold times, possibly 45 minutes or more. They are flooded with requests, but it's important that additional pressure be placed on them to escalate these reported cases for resolution. -
How do I configure a cisco 1131 AP to use WPA2 enterprise and authenticate to Active Directory
I have a Win2008 server set up as a radius server (192.168.32.71) and a stand alone AP (192.168.201.9) The AP is config is below:
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap
enable secret 5 $1$IdUV$UvE2IJTNzHX6mW6Mmh3At0
ip subnet-zero
ip domain name TKGCORP.local
ip name-server 192.168.32.71
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius rad_eap1
server 192.168.201.9 auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 ssid ka_test
vlan 201
authentication open eap eap_methods1
authentication network-eap eap_methods1
guest-mode
power inline negotiation prestandard source
username Cisco password 7 112A1016141D
username tkgadmin privilege 15 password 7 022D167B06551D60
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 201 mode ciphers aes-ccm tkip
encryption key 1 size 128bit 7 673B0AA56FCB4E630D8E4856427E transmit-key
encryption mode wep mandatory
broadcast-key change 150
ssid ka_test
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
bridge-group 201 subscriber-loop-control
bridge-group 201 block-unknown-source
no bridge-group 201 source-learning
no bridge-group 201 unicast-flooding
bridge-group 201 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
encryption key 1 size 128bit 7 B711059074E30B1E1D4E3EC038BB transmit-key
encryption mode wep mandatory
broadcast-key change 150
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
interface FastEthernet0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
no bridge-group 201 source-learning
bridge-group 201 spanning-disabled
interface BVI1
ip address 192.168.201.9 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server local
no authentication eapfast
no authentication mac
nas 192.168.201.9 key 7 010703174F
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.32.71 auth-port 1645 acct-port 1646 key 7 0835495D1D
radius-server host 192.168.201.9 auth-port 1812 acct-port 1813 key 7 0010161510
radius-server vsa send accounting
control-plane
bridge 1 route ip
line con 0
line vty 0 4
endSorry for the late reply Steve. The link you provided was extremely helpful here is what my config looks like now:
ersion 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap
enable secret 5 $1$7vHS$YWCMbrlAgDUayKlOHhMlF1
ip subnet-zero
ip domain name TKGCORP.local
ip name-server 192.168.32.71
aaa new-model
aaa group server radius rad_eap
server 192.168.32.71 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 ssid wap_test
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
guest-mode
infrastructure-ssid optional
power inline negotiation prestandard source
username Cisco password 7 047802150C2E
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
ssid wap_test
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
interface BVI1
ip address 192.168.201.9 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.32.71 auth-port 1645 acct-port 1646 key 7 071B245F5A
radius-server vsa send accounting
control-plane
bridge 1 route ip
line con 0
line vty 0 4
end
I get a login screen but it will not let me connect, on my radius server I have it set to allow a group that my username is in. Here are some debugs from when I try to connect to the AP:
ap#debug aaa authentication
AAA Authentication debugging is on
ap#
*Mar 2 01:11:53.284: AAA/BIND(00000006): Bind i/f
*Mar 2 01:11:53.355: AAA/AUTHEN/PPP (00000006): Pick method list 'eap_methods'
*Mar 2 01:11:54.556: %DOT11-7-AUTH_FAILED: Station c0cb.3835.a102 Authentication failed
*Mar 2 01:11:55.280: AAA/BIND(00000007): Bind i/f
*Mar 2 01:11:55.404: AAA/AUTHEN/PPP (00000007): Pick method list 'eap_methods'
*Mar 2 01:11:56.349: AAA/BIND(00000008): Bind i/f
*Mar 2 01:11:56.525: AAA/AUTHEN/PPP (00000008): Pick method list 'eap_methods'
*Mar 2 01:11:57.300: AAA/BIND(00000009): Bind i/f
*Mar 2 01:11:58.070: AAA/BIND(0000000A): Bind i/f
*Mar 2 01:11:58.812: AAA/BIND(0000000B): Bind i/f
*Mar 2 01:12:15.470: AAA/AUTHEN/PPP (0000000B): Pick method list 'eap_methods'
*Mar 2 01:12:15.492: %DOT11-7-AUTH_FAILED: Station c0cb.3835.a102 Authentication failed
ap#undebug all
All possible debugging has been turned off -
Connectivity issues when using WPA2 Enterprise
hello everyone,
im using 3 AP's 1140 with local authentication using local radius (flex connect mode).
the radius server im using is MS 2008 R2.
authentication is working great on all devices pc's&mobile.
authentication method is PEAP wpa2 aes enterprise.
after 3 or 4 hours devices loose connectivity to the web.
the device seems to be still connected to the ap but there is no ping to host from local lan or any arp learnd on local router.
only manual disconnect on device and reconnecting brings connectivity up again.
in one case only reseting the AP's helped.So there is an issue with 1142's and v7.4.
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCud97983
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
Unable To Authenticate to WPA2-Enterprise With NetworkManager
I have tried using multiple wireless adapters (including a fully supported USB ralink wireless-N stick) but cannot connect to a WPA-2 Enterprise network with Tunneled PEAP. I am certain that the connection parameters are correct since they work fine with Windows and OSX.
Whenever I try to connect, I simply get the wifi-password screen over and over. Connecting to WPA2-Personal and unprotected networks works perfectly.
Any ideas?Yup, NetworkManager is the culprit. Quite annoying...
Does anyone know of a way to disable it for wifi so I can use something else? -
I configured my Aironet 1262N autonomous AP to authenticate and account my users against a FreeRADIUS server. In the RADIUS server database, I saw some records like:
select username, acctauthentic, acctterminatecause, acctstarttime, acctstoptime from radacct where username='xxxxxx';| xxxxxx | RADIUS | Lost-Carrier | 2014-02-22 09:15:32 | 2014-02-22 11:15:58 || xxxxxx | RADIUS | Lost-Carrier | 2014-02-22 09:15:58 | 2014-02-22 12:16:36 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:16:37 | 2014-02-22 09:22:13 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:22:14 | 2014-02-22 09:27:34 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:27:35 | 2014-02-22 09:33:12 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:33:14 | 2014-02-22 09:38:34 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:38:35 | 2014-02-22 09:43:55 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:43:57 | 2014-02-22 09:49:17 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:49:18 | 2014-02-22 09:54:52 || xxxxxx | Local | Lost-Carrier | 2014-02-22 09:54:54 | 2014-02-22 10:00:14 || xxxxxx | Local | Lost-Carrier | 2014-02-22 10:00:14 | 2014-02-22 10:00:26 || xxxxxx | RADIUS | Lost-Carrier | 2014-02-22 10:00:26 | 2014-02-22 10:06:17 || xxxxxx | Local | Lost-Carrier | 2014-02-22 10:06:19 | 2014-02-22 10:11:39 || xxxxxx | Local | Lost-Carrier | 2014-02-22 10:11:41 | 2014-02-22 10:17:52 || xxxxxx | Local | Lost-Carrier | 2014-02-22 14:50:41 | 2014-02-22 14:50:42 || xxxxxx | RADIUS | Lost-Carrier | 2014-02-22 14:50:42 | 2014-02-22 15:01:25 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:01:26 | 2014-02-22 15:06:46 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:06:48 | 2014-02-22 15:12:08 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:12:09 | 2014-02-22 15:20:24 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:20:25 | 2014-02-22 15:28:33 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:28:35 | 2014-02-22 15:33:54 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:33:55 | 2014-02-22 15:39:15 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:39:17 | 2014-02-22 15:44:37 || xxxxxx | Local | Lost-Carrier | 2014-02-22 15:44:38 | 2014-02-22 15:49:59 || xxxxxx | Local | | 2014-02-22 15:49:59 | NULL |
As you can see, the Acct-Authentic fields contains two possible values: Local and RADIUS. I didn't create any user with name 'xxxxxx' on AP, and I configure the authentication is against the RADIUS server. Why there are so many Acct-Authentic = 'Local'?
Also, this user always lost his connection and then reconnected quickly. This user login his account in multiple devices, including smart phone and computers. All of them are experiencing the same issue. Is there anyway to debug it? Any protential reasons?
Regards,
Lingfeng XiongHi,
I have exactly the same problem with my freeradius and switchs when swiths are in IOS 15.x .
You can see the log accounting :
| 5971 | 0000007E | bde8f71b768f2785 | | | | 10.254.1.253 | 50001 | Ethernet | 2014-04-03 23:23:04 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5972 | 0000007F | 27c15b7db52213d9 | | | | 10.254.1.253 | 50001 | Ethernet | 2014-04-03 23:23:04 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5973 | 00000080 | 8fb0d5fe41e82d65 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:23:18 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5974 | 00000081 | fa753225306a1a30 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:23:35 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5975 | 00000082 | 39b6dfcf6aa90e30 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:25:57 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5976 | 00000083 | d7766e99f09aee2f | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-03 23:26:33 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5977 | 00000084 | 7094f61110fe4eef | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:29:22 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5978 | 00000085 | 66ded1d410f07c51 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:30:00 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5979 | 00000086 | 326144c4321e0286 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:30:32 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5980 | 00000087 | 01d1379a4f9c3365 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:32:57 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5981 | 00000088 | 91164743f562dfdb | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:34:59 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5982 | 00000089 | abf1519e403f8305 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-03 23:36:21 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5984 | 0000008B | 2e199e473e646ba4 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 00:21:01 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5986 | 0000008C | cb4c2e11189d484c | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 00:28:10 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5987 | 0000008D | 1e928dc7eabc1e6d | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 00:28:11 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5988 | 0000008E | f1e3754a954e6863 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 00:28:15 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5989 | 0000008F | e46d377efc8a47f8 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 01:00:02 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5990 | 00000090 | e098f1dc19bdeee2 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 01:01:02 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5991 | 00000091 | 6ae3acb7d57c9c5a | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 01:56:25 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5992 | 00000092 | abc974156cf20e23 | | | | 10.254.1.253 | 50021 | Ethernet | 2014-04-04 03:10:56 | NULL | 1943 | Local | | | 0 | 204825 | | | | Framed-User | | | 0 | 0 | |
| 5993 | 00000093 | be822673509843a6 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 03:51:41 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5994 | 00000094 | 0a4366a6cd9eb0c5 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 07:53:42 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5996 | 00000095 | 5d289b8db37d0c8d | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 08:58:22 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 5997 | 00000096 | c4ea1e813085a6d7 | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 08:58:22 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6002 | 0000009A | a82ac41b1ff5f16b | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 09:03:12 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6004 | 0000009B | 0719718c780250c2 | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 09:53:30 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6005 | 0000009C | c58f9c5e30b60fb7 | | | | 10.254.1.253 | 50016 | Ethernet | 2014-04-04 09:56:54 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6007 | 0000009D | f78cc71528fd7898 | | | | 10.254.1.253 | 50024 | Ethernet | 2014-04-04 09:56:54 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
| 6008 | 0000009E | 200a1608264cc03c | | | | 10.254.1.253 | 50019 | Ethernet | 2014-04-04 10:01:14 | 2014-04-04 10:30:24 | 1750 | Local | | | 114654 | 93145 | | | Lost-Carrier | Framed-User | | | 0 | 0 | |
| 6009 | 0000009F | c5ec021f0ef399c1 | | | | 10.254.1.253 | 50019 | Ethernet | 2014-04-04 10:01:44 | 2014-04-04 10:30:24 | 1720 | Local | | | 109122 | 86295 | | | Lost-Carrier | Framed-User | | | 0 | 0 | |
| 6013 | 000000A4 | 042773e07781caba | | | | 10.254.1.253 | 50019 | Ethernet | 2014-04-04 10:30:26 | 2014-04-04 10:39:51 | 565 | Local | | | 36891 | 39077 | | | Lost-Carrier | Framed-User | | | 0 | 0 | |
| 6015 | 000000A5 | f6b305e3f0d6aa5a | | | | 10.254.1.253 | 50019 | Ethernet | 2014-04-04 10:30:56 | 2014-04-04 10:39:51 | 535 | Local | | | 31698 | 32171 | | | Lost-Carrier | Framed-User | | | 0 | 0 | |
| 6017 | 000000A6 | ef6cad3df24ccd61 | | | | 10.254.1.253 | 50002 | Ethernet | 2014-04-04 10:42:20 | NULL | 0 | Local | | | 0 | 0 | | | | Framed-User | | | 0 | 0 | |
Someone has an idea ?
Thanks,
Best regards, -
Spontaneous disconnects from a WPA2 Enterprise network with iwlwifi
The wireless network at my work uses WPA2-Enterprise with PEAP authentication and MSCHAPv2 inner authentication. Given this, cacert.org.crt, and the username and password, I am sometimes able to connect. However, I am often spontaneously disconnected. Sometimes this happens seconds after I connect, sometimes, I stay connected for hours. I use network manager to connect within gnome-shell.
The following describes my wireless card.
$ lspci | grep Net
07:00.0 Network controller: Intel Corporation Centrino Advanced-N 6235 (rev 24)
The NetworkManager log is not much help...
May 09 10:10:24 ocelot NetworkManager[299]: <info> (wlan0): supplicant interface state: scanning -> disconnected
May 09 10:10:24 ocelot NetworkManager[299]: <info> (wlan0): supplicant interface state: disconnected -> scanning
Last edited by astex (2013-05-09 14:27:44)I had the same problems with my Intel Centrino Advanced-N 6000 and the WPA2 Enterprise network at university. And now since my last update where the driver seemed to be updated when also netctl replaced netcfg I am completly unable to connect to the network. But with my WPA2-PSK network I don't have any problems and my Notebook connects instantly.
I'm using wicd but also tried NetworkManager, netctl and also manually using wpa_supplicant but it was the same problem.
Also shutting down hardware encrpyption and 11n like mentioned in this topic:
option iwlwifi swcrypto=1
option iwlwifi 11n_disable=1
I guess it must be a driver bug. -
WPA2-Enterprise TLS not working in iOS 5
We have over 200 iPhone on our Corporate Wi-Fi network. We started having calls from our users saying that their Wi-Fi is not working anymore since they upgraded to iOS 5. It was working fine with previous version of iOS. We are using WPA2-Enterprise with TLS authentication. We were able to reproduce the issue. With my iPad, i'm not able anmore to connect to our corporate wi-fi on both vendor we use (Cisco and Motorola). The SSId was hidden, we tryed to broadcast it with no change. The only thing both vendor are sharing is the TLS authentication for the WPA2 auth. Can anyone help us ?
I had to:
1) connect the Ipad with a cable and enable "synch via wi-fi" option.
2) eject the ipad
3) restart the MAC
attempt synch --- FAILED
after looking at my set-up the MAC (or PC) must be conneced to the same wireless connection. My router has dual band capability. one connection is 2.4 ghz with one name, and 5 ghz with another name. Even though ALL the computers have same workgroup name, wi-fi synch would not work unless they were all on the same wireless connection (same ssID). go figure. once my mac was connected to the 2.4 Ghz SSID, wi-fi sync worked fine. -
Airport Express bridge mode over WPA2 Enterprise?
I have an Airport Extreme running WPA2 Enterprise with RADIUS on a Snow Leopard Server. Is it possible to have the Express join the WPA2 Enterprise network as an ethernet bridge? I can't seem to set it up. Something tells me this only works with WPA2 Personal?
When you set up the APExtreme through Server Admin, it takes care of all the secret passwords and what-have-you. I did some digging on Apple's site, and it looks like the APExpress can only act as a bridge on WPA2 Personal networks and below. No worries; I am just temporarily running an engineer's SIP phone over wireless, so I brought an old Buffalo router I had kicking around at home into the office; set it up as a WPA2 Personal access point, and have him running off of that with the APExpress as the bridge. This is just a stopgap until I can get him a proper ethernet drop. Thanks for the help regardless.
-
IOS 5 WPA2 Enterprise WiFi Connectivity Issue
In IOS 4 i was able to connect easy to my company Enterprise network using WPA2 Enterprise (With Domain username and password). While initail Wifi setup in IOS 4 it used to ask me for accepting a certificate. After upgrading i noticed that it does not ask for certificate anymore but still connects on first attempt. After turining wifi off and on Wifi does not connects automatically instead if i check that network it ask me to enter password and join (my company network does not use preshared key instead use Domain credentials).
After googling i found out that from iOS 5 onward MD-5 signed certificates are no more supported. My network administrator is not interested in changing the signing method of certificate.
Can any one please help me for fixing this issue?Hi Attiq 123,
Thanks for the question. It sounds like you are experiencing issues with your network connection, specifically when connecting to Apple services like iCloud and the iTunes Store. The following resource provides some troubleshooting steps that you can try:
Can't connect to the iTunes Store - Apple Support
http://support.apple.com/en-us/HT201400
You may also need to test to see if the specific ports on your Wi-Fi network are accessible:
iTunes: Advanced iTunes Store troubleshooting - Apple Support
http://support.apple.com/en-us/TS3297
Make sure the issue is with the iTunes Store only. (You need an Internet connection to access the iTunes Store).
Open a secure website to test if you are online as is necessary for the iTunes Store. This also tests if the main ports 80 and 443 are accessible. If the website works but the iTunes Store does not, it is most likely a firewall blocking the iTunes software or servers. If this is the case, follow the steps in the "Blocked by software firewall" section below.
- Matt M. -
WPA2-Enterprise + EAP (PEAP) and 802.1x to authenticate to RADIUS server NPS
I need to connect my iPhone and my iPad to the corporate wireless network using WPA2-Enterprise and 802.1x to authenticate against a RADIUS server with my corporate user. What is the procedure to configure the clients? Certificates is not necessary on the client. Radius server is a NPS of Microsoft and the WLC is a 5508 of Cisco.
thanks !!!WPA and WPA2 are all actually interim protocols that are used until the standardization of IEEE 802.11i standard. Wi-fi appliance decided that ratification and standardization of 802.11i standards will take more time. So, they came up with WPA.
Now, WPA2 is advanced version of WPA. WPA2 uses AES as encryption algorithm. Whereas, WPA use TKIP as encryption mode which in turn uses RC4 encryption algorithm.
WPA and WPA2 are actually are of 2 types respectively.
WPA/WPA2-PSK - This is mainly for small offices. This uses Pre-Shared Key for authentication.
WPA/WPA2 -Enterprise - This uses a RADIUS Server for authentication. This is an extension to 802.1x authentication. But this uses stronger encryption scheme(WPA uses RC4 and WPA2 uses AES).
Any authentication mechanism that involves a separation authentication server for authentication like ACS server is called 802.1x authentication.
EAP stands for Extensible Authentication Protocol. It refers to the type or method of 802.1x Authentication by the RADIUS/Tacacs server. A RADIUS server can authenticate a wireless client with various EAP methods.
LEAP is one type of EAP. It uses username and password for authenticating wireless clients. LEAP is cisco proprietory.
There are also EAP types which uses other user credentials like Certificates, SIM etc for authentcation.
The following document might clarify your doubts.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e8297.shtml -
Can we still use PEAP-MSCHAPV2 for authenticating to a WPA2-Enterprise network?
L.S,
For authenticating to a BYOD wireless network a lot of companies use WPA2-Enterprise connected to a Microsoft IAS/NPS server to authenticate against Active Directory. There seems to be a way to intercept this wireless traffic using a roque accesspoint using the same (company) SSID-name and tools like freeradius-WPE and cloudcracker.
If the BYOD client doesn't check the certificate provided by the fake radius server, the MSCHAPv2-negotiation can be discovered and the hacker will get the username AND hashed password which can be lookup'd by rainbow tables sites like cloudcracker.
Is there still a safe way to deploy AD-authentication to BYOD clients?
Kind Regards,
ArjenI have tested the WPA2-enterprise/PEAP-MSCHAPv2 exploit this week placing a laptop in my car on the company parking lot with a Kali image, using hostap and freeradius-wpe configured with the company SSID. It was very easy to find out the mschapv2 challenge/responses of a number of android/windows phones that there just walking past my car. Also iPhone has a bad WPA2-enterprise implementation (see: http://research.edm.uhasselt.be/~bbonne/docs/robyns14wpa2enterprise.pdf), so bye bye WPA2-enterprise/PEAP-MSCHAPv2.
Wonder what other (large) companies are using for their BYOD wireless networks! EAP-TLS using certificate sounds like the only feasible option, however, we are afraid that the enrolment of certificates to the BYOD-clients will be a total disaster. I heard stories that some android phones lose their client certificate after a reboot :(
Maybe you are looking for
-
I changed my Apple password and I get the information back at the wrong email address. My email address is right under my Apple ID. How do I get this corrected?
-
We have big problems using the latest preview version of OC4J (Oracle9iAS (9.0.3.0.0) Containers for J2EE (build 020725.1695)). There are two problems: v Sending a message to the queue: In this case we try to send the message using the AQJMS libr
-
Aha! Workaround for site corruption in iWeb '06 '08 updates
I think I have found a workaround for a problem that's been plaguing me and no doubt other people who've bought iWeb '08 and used it to update an older site from iWeb '06 (skip to bottom for solution). This is relevant even after the 2.0.1 update tha
-
Is Print Shop 2 compatible with IMAC, Is Print Shop 2 compatible with IMAC
Just bought new IMAC maverick software and wanted to add Print Shop 2 will it work?
-
ok here is my goal. When a frame is loaded I want an mp3 to play but I only want it to play once. and NEVER again. Even if the frame is loaded again. What is the best way to achieve this? Thanks