Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Wireless and VLANs - VLAN mapping causes authentication failure

Reply
Thread Tools

Wireless and VLANs - VLAN mapping causes authentication failure

 
 
groupstudy2001@yahoo.co.uk
Guest
Posts: n/a
 
      07-20-2005

When I add a vlan mapping for a working SSID authentication then fails.
I've followed the notes in books and on Cisco's web site and cannot see
what is wrong with my config. Could it be that the client software
needs to recognise 802.1q wireless frames?

I have the essential config listed below along with the one statement
that is causing the problem - adding a vlan mapping to an otherwise
working SSID - in this case SSID test and vlan 15. Can anyone give me a
clue as to what is stopping this working??? The client uses LEAP if
that's any clue. TIA.

!
bridge irb
!
interface Dot11Radio0
!
encryption mode ciphers ckip
!
encryption vlan 15 key 1 size 128bit 7 <key1> transmit-key
encryption vlan 15 mode wep mandatory
!
encryption vlan 26 key 1 size 128bit 7 <key2> transmit-key
encryption vlan 26 mode wep mandatory
!
ssid primary-guest
vlan 26
authentication open eap eap_methods
authentication network-eap eap_methods
accounting acct_methods
guest-mode
!
ssid test

vlan 15 <-- adding this causes authentication to fail

authentication open eap eap_methods
authentication network-eap eap_methods
accounting acct_methods
!
speed basic-1.0 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role root fallback shutdown
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
!
interface FastEthernet0.15
encapsulation dot1Q 15 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.46.137.169 255.255.255.224
!
ip default-gateway 10.46.137.161

 
Reply With Quote
 
 
 
 
David Taylor
Guest
Posts: n/a
 
      07-21-2005
> clue as to what is stopping this working??? The client uses LEAP if
> that's any clue. TIA.


Well it's not an answer to the question but that's not a great
authentication method. Even Cisco admit that you'd be better off not
using it.

http://asleap.sourceforge.net/

http://www.cisco.com/en/US/products/..._bulletin09186
a00801cc901.html

http://www.lanarchitect.net/Articles/Wireless/LEAP/

http://searchnetworking.techtarget.c.../0,289142,sid7
_gci959510,00.html

Strong password policies and numpty users just don't mix.

David.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows - Browsing across vlans and also DC's on separate vlans punisher Cisco 2 11-17-2005 03:41 PM
Vlan problems, ip connectivity failing on certain vlans Paul Groth Cisco 2 06-28-2005 03:36 AM
650x + multiple VLANs + l2trace on non-mgmt VLAN papi Cisco 7 05-16-2005 02:30 AM
question about Mapping 802.1Q VLANs to ISL VLANs ilya@3ka.mipt.ru Cisco 0 01-11-2005 02:42 PM
VLAN Trunking Cisco Cat 5500 switch (multiple vlans per port) help please BG Cisco 4 09-07-2004 01:39 AM



Advertisments