Cisco 350AP and 802.1x EAP

Discussion in 'Cisco' started by mike, Apr 3, 2006.

  1. mike

    mike Guest

    We are currently using stack WEP, and I would like to start using
    802.1x with dynamic rotating WEP keys. We are out of maintenance, and
    we are running 12.02T1 of the VxWorks based OS.

    I am having trouble getting this to work. I know my Radius server and
    supplicants are good, because we use the same supplicants and Radius
    server for our newer wireless system without any problems. I am trying
    to figure out the right set of configuration options, and I can not get
    pass the following warning message when a client tries to associate:
    Station xx:xx:xx:xx:xx Failed Authentication, status "Unsupported
    Authentication Algorithm".

    If someone could please guide me in the right direction, I would really
    appreciate it. Thx.

    -mike
     
    mike, Apr 3, 2006
    #1
    1. Advertising

  2. mike

    Uli Link Guest

    mike schrieb:

    > We are currently using stack WEP, and I would like to start using
    > 802.1x with dynamic rotating WEP keys. We are out of maintenance, and
    > we are running 12.02T1 of the VxWorks based OS.


    First I would suggest upgrading to 12.04 or 12.05 of VxWorks Firmware.

    > to figure out the right set of configuration options, and I can not get
    > pass the following warning message when a client tries to associate:
    > Station xx:xx:xx:xx:xx Failed Authentication, status "Unsupported
    > Authentication Algorithm".


    Try "require EAP" under the "open Authentication" in addition to
    "Network-EAP".

    Network EAP is only for LEAP with Cisco client adapters. Many third
    party adapter do "open authentication with EAP".

    --
    Uli
     
    Uli Link, Apr 3, 2006
    #2
    1. Advertising

  3. mike

    Uli Link Guest

    mike schrieb:

    > We are currently using stack WEP, and I would like to start using
    > 802.1x with dynamic rotating WEP keys. We are out of maintenance, and
    > we are running 12.02T1 of the VxWorks based OS.


    First I would suggest upgrading to 12.04 or 12.05 of VxWorks Firmware.

    > to figure out the right set of configuration options, and I can not get
    > pass the following warning message when a client tries to associate:
    > Station xx:xx:xx:xx:xx Failed Authentication, status "Unsupported
    > Authentication Algorithm".


    Try "require EAP" under the "open Authentication" in addition to
    "Network-EAP".

    Network EAP is only for LEAP with Cisco client adapters. Many third
    party adapter do "open authentication with EAP".

    --
    Uli
     
    Uli Link, Apr 3, 2006
    #3
  4. mike

    mike Guest

    The APs are no longer under mainteance, so I can not upgrade.

    'Accept Authentication type:' and 'Require EAP:' are both set to open.
    I have set the broadcast keys to rotate every 30 minutes.

    Do I put anything in the key field for WEP key 1 or do I leave it
    blank?

    I am getting closer. I know get messages on the main page that:
    Station=xx:xx:xx:xx:xx user="domain\userid" Failed EAP-Authentication

    My Radius server is reporting an incorrect login fro the userid.

    I can use this very same laptop and userid to authenticate to our
    current wireless system, so I am suspecting it is something still with
    the 350 configuration. Any ideas?

    -mike
     
    mike, Apr 3, 2006
    #4
  5. mike

    Uli Link Guest

    mike schrieb:

    > The APs are no longer under mainteance, so I can not upgrade.


    The final VxWorks firmware was released as a free download in Oct 2004.
    There is an IOS Conversion Image for the AIR350 APs.

    > 'Accept Authentication type:' and 'Require EAP:' are both set to open.
    > I have set the broadcast keys to rotate every 30 minutes.
    >
    > Do I put anything in the key field for WEP key 1 or do I leave it
    > blank?


    When broadcast key rotation is enabled, you'll don't need to set any WEP
    key manually-
    but set encryption to required.


    > I am getting closer. I know get messages on the main page that:
    > Station=xx:xx:xx:xx:xx user="domain\userid" Failed EAP-Authentication


    What EAP type, what supplicant, what WLAN card?

    --
    Uli
     
    Uli Link, Apr 3, 2006
    #5
  6. mike

    mike Guest

    I upgraded the AP to 12.05 this afternoon. Thanks for the information
    on that.

    A WEP key was previous entered in the field. The field is blank for
    key 1, and I am not sure how I can zero it out or reset it.

    We are using EAP-PEAP and I am using the Windows XP SP2 supplicant. My
    WLAN card is a Dell Trumobile 1300. I am running the most current
    Truemobile driver from Dell's website.

    You have been very helpful. Thx.
     
    mike, Apr 4, 2006
    #6
  7. mike

    mike Guest

    End game. Thanks for everyone's help. This is now working. I was
    running into a bizarre issue with our Nortel load balancer that was
    performing a round-robin load balance metric between the load balanced
    radius servers. This was breaking the authentication. I changed the
    metric on the load balancer to host affinity and everything is working
    like a champ.

    -mike
     
    mike, Apr 7, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Oli
    Replies:
    3
    Views:
    881
  2. Replies:
    1
    Views:
    2,292
    b1-100
    Aug 27, 2011
  3. Replies:
    0
    Views:
    723
  4. frank

    EAP SIM and EAP AKA methods with WZCSVC

    frank, Nov 24, 2006, in forum: Wireless Networking
    Replies:
    0
    Views:
    725
    frank
    Nov 24, 2006
  5. VENZY

    Missing EAP Type = Protected EAP (PEAP)

    VENZY, Nov 19, 2009, in forum: Wireless Networking
    Replies:
    5
    Views:
    4,827
    Peter Foldes
    Feb 23, 2010
Loading...

Share This Page