Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Hardware (http://www.velocityreviews.com/forums/f5-hardware.html)
-   -   Cisco Aironet 1100 LEAP, MS IAS Auth error; what is wrong with my config? (http://www.velocityreviews.com/forums/t706838-cisco-aironet-1100-leap-ms-ias-auth-error-what-is-wrong-with-my-config.html)

data_noid 11-27-2009 09:10 PM

Cisco Aironet 1100 LEAP, MS IAS Auth error; what is wrong with my config?
 
Hello all,

I am cutting my teeth on a couple of Cisco Aironet 1100 APs running IOS 12.3/8 and a MS IAS server. The current access point (AP1) has been up and running with the IAS server with no problems. I have been tasked to extend the coverage area by adding a repeater (AP2), another 1100 with the same IOS ver., to a location with no wired access.

The problem I could use some help with is showing up as this error on AP1;

"Station ####.####.#### Authentication failed" The MAC address is correct for AP2.

On AP2 the error message is:

"Packet to client ####.####.#### reached max retries, removing the client" The displayed MAC address is correct for AP1's radio interface.

What am I doing wrong? Any input would be greatly appreciated. My config for both devices is below:

Parent Access Point Config:

version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap1
!
no logging console
enable secret 5 XXXXXXXXXXXXXXXXXXXXXX.
!
ip subnet-zero
!
!
aaa new-model
!
!
aaa group server radius rad_eap
server 10.10.10.20 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
!
dot11 ssid Fluffy
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
!
!
!
username admin privilege 15 password 7 XXXXXXXXXXXXXX
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid Fluffy
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.10.10.27 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.10.1
ip http server
no ip http secure-server
ip radius source-interface BVI1
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.10.10.20 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXX
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end

*********


Repeater Config:

version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap2
!
no logging console
enable secret 5 XXXXXXXXXXXXXXXXXXXXXX.
!
ip subnet-zero
!
!
aaa new-model
!
!
aaa group server radius rad_eap
server 10.10.10.20 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
!
dot11 ssid Fluffy
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
authentication client username ap2 password 7 XXXXXXXXXXXXXX
infrastructure-ssid
!
!
!
username admin privilege 15 password 7 XXXXXXXXXXXXXX
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid Fluffy
!
parent 1 ####.####.####
parent timeout 300
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role repeater
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.10.10.26 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.10.1
ip http server
no ip http secure-server
ip radius source-interface BVI1
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.10.10.20 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXX
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end



I am missing something but I am stumped...

Thank you for your time and effort.

-J


All times are GMT. The time now is 10:43 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.