Aironet with IOS code and Intel 2100 Wireless cards

Discussion in 'Cisco' started by Barry, Jan 19, 2005.

  1. Barry

    Barry Guest

    In my process of upgradig my Aironet 350APs to IOS I have run across an
    issue with non Cisco card Leap use.

    I have two laptops that don't work right
    1. a Dell Latitude D800 with built in Intel 2100
    2. a Toshiba Protege touchpad with build in Intel 2100

    both did leap just fine in vxworks.
    now after the upgrade to IOS

    1. the Dell requires that I have have "open with eap" set on the ssid.
    This forces me to use leap on that ssid and elimnates simply using wep on
    the same ssid
    2. the Toshiba doesn't work with or without the "open with eap" setting

    I have another Dell laptop using a Dell braned a/b/g card that works just
    fine without open set.

    I have been talking with cisco tac, but they have not been able to provide a
    solution yet. anyone else experience a similar issue when upgrading to IOS?
    These above issues are also a problem with my 1231G APs that only run IOS


    thanks
    barry
     
    Barry, Jan 19, 2005
    #1
    1. Advertising

  2. Hello, Barry!
    You wrote on Wed, 19 Jan 2005 14:25:58 -0600:

    B> In my process of upgradig my Aironet 350APs to IOS I have run
    B> across an issue with non Cisco card Leap use.

    B> I have two laptops that don't work right
    B> 1. a Dell Latitude D800 with built in Intel 2100
    B> 2. a Toshiba Protege touchpad with build in Intel 2100

    B> both did leap just fine in vxworks.
    B> now after the upgrade to IOS

    B> 1. the Dell requires that I have have "open with eap" set on
    B> the ssid. This forces me to use leap on that ssid and elimnates
    B> simply using wep on the same ssid
    B> 2. the Toshiba doesn't work with or without the "open with eap"
    B> setting

    B> I have another Dell laptop using a Dell braned a/b/g card that
    B> works just fine without open set.

    B> I have been talking with cisco tac, but they have not been able to
    B> provide a solution yet. anyone else experience a similar issue
    B> when upgrading to IOS? These above issues are also a problem with
    B> my 1231G APs that only run IOS

    And relevant part of config looks like...?

    With best regards,
    Andrey.
     
    Andrey Tarasov, Jan 19, 2005
    #2
    1. Advertising

  3. Barry

    Barry Gross Guest

    ssid xxxx
    vlan xxx
    authentication open eap eap_methods
    authentication network-eap eap_methods

    > And relevant part of config looks like...?
    >
    > With best regards,
    > Andrey.
     
    Barry Gross, Jan 19, 2005
    #3
  4. Hello, Barry!
    You wrote on Wed, 19 Jan 2005 15:15:43 -0600:


    BG> ssid xxxx
    BG> vlan xxx
    BG> authentication open eap eap_methods
    BG> authentication network-eap eap_methods

    ??>> And relevant part of config looks like...?
    ??>>

    I got it. It's a search for people with mind reading abilities. Sorry, I'm not
    qualified.

    With best regards,
    Andrey.
     
    Andrey Tarasov, Jan 19, 2005
    #4
  5. Barry

    z400d3 Guest

    Hi Barry,

    First off, I would reccomend that you get this client software and use
    it for testing as it will eliminate the diferences between the card
    client software and give you an even playing field to start with.

    Odyssey Client from www.funk.com

    Here is a sample config from a 1231 running leap and wep sucsesfully
    ....


    !
    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname HOSTNAME
    !
    enable secret 5 XXXXXXXXXXXXXXXXXX
    !
    username Cisco password 7 135C424A535B57
    ip subnet-zero
    !
    aaa new-model
    !
    !
    aaa group server radius ssid
    server 10.13.13.5 auth-port 1812 acct-port 1813
    !
    aaa authentication login eap_methods group ssid
    aaa authorization exec default local
    aaa accounting network acct_methods start-stop group rad_acct
    aaa session-id common
    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption key 1 size 128bit 7 XXXXXXXXXXXXXXX transmit-key
    encryption mode wep mandatory
    !
    ssid ssid
    authentication open eap eap_methods
    authentication network-eap eap_methods
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
    36.0 48.0 54.0
    rts threshold 2312
    power client 50
    channel 2432
    station-role root
    dot1x reauth-period server
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface FastEthernet0
    ip address 10.13.13.100 255.255.255.0
    no ip route-cache
    speed 100
    full-duplex
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    !
    interface BVI1
    ip address 10.13.13.5 255.255.255.0
    no ip route-cache
    !
    ip default-gateway 10.13.13.254
    ip http server
    ip http help-path
    http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
    ip radius source-interface BVI1
    radius-server local
    nas 10.13.13.5 key 7 XXXXXXXX
    group GROUP
    ssid ssid
    !
    user chris nthash 7
    040B52275D711D1A5C4F2731465E2D20087E0071636D033156425255027B0A7177
    group GROUP
    user jon nthash 7
    13573342292F530C0E7D0B176C704A543527220E0E7A0105585139430B79037202
    group GROUP
    user anthony nthash 7
    13554E33595C557E7E720A15617732233456250F090072765F5749420D7A057171
    group GROUP
    !
    radius-server host 10.13.13.5 auth-port 1812 acct-port 1813 key 7
    XXXXXXX
    radius-server attribute 32 include-in-access-req format %h
    radius-server authorization permit missing Service-Type
    radius-server vsa send accounting
    bridge 1 route ip
    !
    banner motd
    ! Authorised personnel only !

    !
    line con 0
    line vty 0 4
    password 7 XXXXXXXXXXX
    line vty 5 15
    password 7 XXXXXXXXXX
    !
    end


    On Wed, 19 Jan 2005 14:25:58 -0600, "Barry" <>
    wrote:

    >In my process of upgradig my Aironet 350APs to IOS I have run across an
    >issue with non Cisco card Leap use.
    >
    >I have two laptops that don't work right
    >1. a Dell Latitude D800 with built in Intel 2100
    >2. a Toshiba Protege touchpad with build in Intel 2100
    >
    >both did leap just fine in vxworks.
    >now after the upgrade to IOS
    >
    >1. the Dell requires that I have have "open with eap" set on the ssid.
    >This forces me to use leap on that ssid and elimnates simply using wep on
    >the same ssid
    >2. the Toshiba doesn't work with or without the "open with eap" setting
    >
    >I have another Dell laptop using a Dell braned a/b/g card that works just
    >fine without open set.
    >
    >I have been talking with cisco tac, but they have not been able to provide a
    >solution yet. anyone else experience a similar issue when upgrading to IOS?
    >These above issues are also a problem with my 1231G APs that only run IOS
    >
    >
    >thanks
    >barry
    >


    Drop the ZZZ to reply

    Cheers ...
     
    z400d3, Jan 20, 2005
    #5
  6. Barry

    Barry Gross Guest

    Hello Andrey,

    My origninal questin was "anyone else experience a similar issue when
    upgrading to IOS?". Obviously you haven't and you don't understand my
    problem and thus are not likely able to answer my question. Take your bad
    day out on someone else please.

    Regards,
    Barry
    "Andrey Tarasov" <> wrote in message
    news:csmm3d$27ht$...
    > Hello, Barry!
    > You wrote on Wed, 19 Jan 2005 15:15:43 -0600:
    >
    >
    > BG> ssid xxxx
    > BG> vlan xxx
    > BG> authentication open eap eap_methods
    > BG> authentication network-eap eap_methods
    >
    > ??>> And relevant part of config looks like...?
    > ??>>
    >
    > I got it. It's a search for people with mind reading abilities. Sorry, I'm
    > not
    > qualified.
    >
    > With best regards,
    > Andrey.
    >
     
    Barry Gross, Jan 20, 2005
    #6
  7. Barry

    Barry Gross Guest

    thanks,
    i tried the funk client on got the same results
    hers it the 350 config. when i have the auth set to open with eap my
    handhelds doing just wep could not connect, but with auth open no addition
    my intel 2100 cards could not do leap. the vlan in question is 342


    !
    ! Last configuration change at 15:06:46 S Wed Jan 19 2005
    ! NVRAM config last updated at 15:06:46 S Wed Jan 19 2005
    !
    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime localtime
    service password-encryption
    !
    hostname HOSTNAME
    !
    logging queue-limit 100
    logging buffered informational
    logging console informational
    enable secret
    !
    username
    clock timezone S -6
    clock summer-time S recurring
    ip subnet-zero
    ip domain name
    ip name-server x.x.x.x
    !
    aaa new-model
    !
    !
    aaa authentication login default local
    aaa authentication login mac_methods local
    aaa authorization exec default local
    aaa session-id common
    no dot11 igmp snooping-helper
    iapp standby timeout 5
    iapp standby poll-frequency 1
    !
    !
    !
    class-map match-all _class-48
    match ip dscp cs6
    class-map match-all _class-18
    match ip dscp af21
    class-map match-all _class-26
    match ip dscp af31
    class-map match-all _class-40
    match ip dscp cs5
    class-map match-all _class-24
    match ip dscp cs3
    class-map match-all _class-16
    match ip dscp cs2
    class-map match-all _class-34
    match ip dscp af41
    class-map match-all _class-10
    match ip dscp af11
    class-map match-all _class-32
    match ip dscp cs4
    class-map match-all _class-46
    match ip dscp ef
    class-map match-all _class-56
    match ip dscp cs7
    class-map match-all _class-8
    match ip dscp cs1
    class-map match-all _class-0
    match ip dscp default
    class-map match-all _class_Protocol_202_PF_202_119
    match access-group name PF_202_119
    !
    !
    policy-map _policy_Voice_Over_IP_202
    class _class_Protocol_202_PF_202_119
    set cos 6
    policy-map fallback_policy
    class _class-0
    set cos 0
    class _class-8
    set cos 1
    class _class-10
    set cos 1
    class _class-16
    set cos 2
    class _class-18
    set cos 2
    class _class-24
    set cos 3
    class _class-26
    set cos 3
    class _class-32
    set cos 4
    class _class-34
    set cos 4
    class _class-40
    set cos 5
    class _class-46
    set cos 5
    class _class-48
    set cos 6
    class _class-56
    set cos 7
    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption vlan 346 mode wep optional
    !
    encryption vlan 345 key 1 size 128bit 7 xxxxxxxxxxxxxxxx transmit-key
    encryption vlan 345 mode wep mandatory
    !
    encryption vlan 344 key 1 size 128bit 7 xxxxxxxxxxxxxxxxxxx transmit-key
    encryption vlan 344 mode wep mandatory
    !
    encryption vlan 343 key 1 size 128bit 7 xxxxxxxxxxxxxxxxxxxxxxx
    transmit-key
    encryption vlan 343 key 2 size 128bit 7 xxxxxxxxxxxxxxxxxxxx
    encryption vlan 343 mode wep mandatory
    !
    encryption vlan 342 key 1 size 128bit 7 xxxxxxxxxxxxxxxxxxxxxxx
    transmit-key
    encryption vlan 342 mode wep mandatory
    !
    encryption vlan 341 key 1 size 128bit 7 xxxxxxxxxxxxxxxxxxxxxxxxx
    transmit-key
    encryption vlan 341 key 2 size 128bit 7 xxxxxxxxxxxxxxxxxxxxxxx
    encryption vlan 341 mode wep mandatory
    !
    encryption vlan 34 key 1 size 128bit 7 xxxxxxxxxxxxxxxxxxxxxxxxx
    transmit-key
    encryption vlan 34 mode wep mandatory
    !
    encryption mode wep mandatory key-hash
    !
    ssid xxx346
    vlan 346
    authentication open
    !
    ssid xxx344
    vlan 344
    authentication open
    authentication network-eap eap_methods
    !
    ssid xxx345
    vlan 345
    authentication open
    !
    ssid xxxx34
    vlan 34
    authentication open eap eap_methods
    authentication network-eap eap_methods
    !
    ssid xxxx342
    vlan 342
    authentication open eap eap_methods
    authentication network-eap eap_methods
    !
    ssid xxxx342
    vlan 343
    authentication open eap eap_methods
    authentication network-eap eap_methods
    !
    ssid xxxx341
    vlan 341
    authentication open
    authentication network-eap eap_methods
    !
    traffic-class background cw-min 5 cw-max 8 fixed-slot 2
    traffic-class best-effort cw-min 5 cw-max 8 fixed-slot 6
    traffic-class video cw-min 4 cw-max 6 fixed-slot 1
    traffic-class voice cw-min 3 cw-max 7 fixed-slot 1
    speed basic-11.0
    rts threshold 2339
    rts retries 32
    power local 100
    packet retries 32
    no preamble-short
    channel 2442
    fragment-threshold 2338
    station-role root fallback shutdown
    no cdp enable
    infrastructure-client
    !
    interface Dot11Radio0.34
    encapsulation dot1Q 34 native
    service-policy output fallback_policy
    no ip route-cache
    no cdp enable
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface Dot11Radio0.341
    encapsulation dot1Q 341
    service-policy output fallback_policy
    no ip route-cache
    no cdp enable
    bridge-group 250
    bridge-group 250 subscriber-loop-control
    bridge-group 250 block-unknown-source
    no bridge-group 250 source-learning
    no bridge-group 250 unicast-flooding
    bridge-group 250 spanning-disabled
    !
    interface Dot11Radio0.342
    encapsulation dot1Q 342
    service-policy output fallback_policy
    no ip route-cache
    no cdp enable
    bridge-group 251
    bridge-group 251 subscriber-loop-control
    bridge-group 251 block-unknown-source
    no bridge-group 251 source-learning
    no bridge-group 251 unicast-flooding
    bridge-group 251 spanning-disabled
    !
    interface Dot11Radio0.343
    encapsulation dot1Q 343
    service-policy output fallback_policy
    no ip route-cache
    no cdp enable
    bridge-group 252
    bridge-group 252 subscriber-loop-control
    bridge-group 252 block-unknown-source
    no bridge-group 252 source-learning
    no bridge-group 252 unicast-flooding
    bridge-group 252 spanning-disabled
    !
    interface Dot11Radio0.344
    encapsulation dot1Q 344
    service-policy output fallback_policy
    no ip route-cache
    no cdp enable
    bridge-group 253
    bridge-group 253 subscriber-loop-control
    bridge-group 253 block-unknown-source
    no bridge-group 253 source-learning
    no bridge-group 253 unicast-flooding
    bridge-group 253 spanning-disabled
    !
    interface Dot11Radio0.345
    encapsulation dot1Q 345
    service-policy output fallback_policy
    no ip route-cache
    no cdp enable
    bridge-group 254
    bridge-group 254 subscriber-loop-control
    bridge-group 254 block-unknown-source
    no bridge-group 254 source-learning
    no bridge-group 254 unicast-flooding
    bridge-group 254 spanning-disabled
    !
    interface Dot11Radio0.346
    encapsulation dot1Q 346
    service-policy output fallback_policy
    no ip route-cache
    no cdp enable
    bridge-group 255
    bridge-group 255 subscriber-loop-control
    bridge-group 255 block-unknown-source
    no bridge-group 255 source-learning
    no bridge-group 255 unicast-flooding
    bridge-group 255 spanning-disabled
    !
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    ntp broadcast client
    !
    interface FastEthernet0.34
    encapsulation dot1Q 34 native
    service-policy output fallback_policy
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    !
    interface FastEthernet0.341
    encapsulation dot1Q 341
    service-policy output fallback_policy
    no ip route-cache
    bridge-group 250
    no bridge-group 250 source-learning
    bridge-group 250 spanning-disabled
    !
    interface FastEthernet0.342
    encapsulation dot1Q 342
    service-policy output fallback_policy
    no ip route-cache
    bridge-group 251
    no bridge-group 251 source-learning
    bridge-group 251 spanning-disabled
    !
    interface FastEthernet0.343
    encapsulation dot1Q 343
    service-policy output fallback_policy
    no ip route-cache
    bridge-group 252
    no bridge-group 252 source-learning
    bridge-group 252 spanning-disabled
    !
    interface FastEthernet0.344
    encapsulation dot1Q 344
    service-policy output fallback_policy
    no ip route-cache
    bridge-group 253
    no bridge-group 253 source-learning
    bridge-group 253 spanning-disabled
    !
    interface FastEthernet0.345
    encapsulation dot1Q 345
    service-policy output fallback_policy
    no ip route-cache
    bridge-group 254
    no bridge-group 254 source-learning
    bridge-group 254 spanning-disabled
    !
    interface FastEthernet0.346
    encapsulation dot1Q 346
    service-policy output fallback_policy
    no ip route-cache
    bridge-group 255
    no bridge-group 255 source-learning
    bridge-group 255 spanning-disabled
    !
    interface BVI1
    ip address dhcp client-id FastEthernet0
    no ip route-cache
    !
    ip default-gateway 172.18.1.1
    ip http server
    ip http help-path
    www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
    ip http authentication aaa
    ip radius source-interface BVI1
    !
    ip access-list extended PF_202
    permit 119 any any
    permit ip any any
    ip access-list extended PF_202_119
    permit 119 any any
    permit ip any any
    logging trap warnings
    logging facility local0
    logging 10.101.1.183
    snmp-server view iso_view iso included
    snmp-server community
    snmp-server enable traps tty
    snmp-server enable traps disassociate
    snmp-server enable traps deauthenticate
    snmp-server enable traps authenticate-fail
    radius-server authorization permit missing Service-Type
    radius-server vsa send accounting
    radius-server vsa send authentication
    bridge 1 route ip
    !
    !
    !
    line con 0
    stopbits 1
    line vty 5 15
    terminal-type teletype
    !
    ntp clock-period 17206570
    ntp server 10.101.1.6
    end



    "z400d3" <> wrote in message
    news:...
    > Hi Barry,
    >
    > First off, I would reccomend that you get this client software and use
    > it for testing as it will eliminate the diferences between the card
    > client software and give you an even playing field to start with.
    >
    > Odyssey Client from www.funk.com
    >
     
    Barry Gross, Jan 20, 2005
    #7
  8. Barry

    Uli Link Guest

    Barry Gross schrieb:

    > !
    > encryption vlan 342 key 1 size 128bit 7 xxxxxxxxxxxxxxxxxxxxxxx
    > transmit-key
    > encryption vlan 342 mode wep mandatory
    > !


    Use cipher wep128 (or better: ckip-cmic) instead of wep.
    AFAIR when using dynamic keys through LEAP you must not set a key in
    slot 1 *and* slot 4.
    This is different behaviour of the IOS and VxWorks APs.

    --
    Uli

    These opinions are mine. All found typos are yours.
     
    Uli Link, Feb 18, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Headtheball
    Replies:
    5
    Views:
    2,151
    Headtheball
    Sep 10, 2004
  2. =?Utf-8?B?Q3VyaW91cyBDYWxseQ==?=

    Please help - Intel Pro/Wireless LAN 2100 3A mini PCI adapter

    =?Utf-8?B?Q3VyaW91cyBDYWxseQ==?=, Oct 14, 2005, in forum: Wireless Networking
    Replies:
    3
    Views:
    15,372
    outoforder
    Jan 22, 2008
  3. Mr Corbett
    Replies:
    5
    Views:
    3,267
    Aaron Leonard
    Aug 19, 2005
  4. John Owens

    Re: Tosh Satellite Pro 2100 and wireless cards.

    John Owens, Nov 6, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    572
  5. roberthob

    an Intel PRO/DSL 2100 or Intel PRO/DSL 2200 Modem

    roberthob, Sep 25, 2005, in forum: Computer Support
    Replies:
    0
    Views:
    1,834
    roberthob
    Sep 25, 2005
Loading...

Share This Page