Wireless and VLANs - VLAN mapping causes authentication failure

Discussion in 'Cisco' started by groupstudy2001@yahoo.co.uk, Jul 20, 2005.

  1. Guest

    When I add a vlan mapping for a working SSID authentication then fails.
    I've followed the notes in books and on Cisco's web site and cannot see
    what is wrong with my config. Could it be that the client software
    needs to recognise 802.1q wireless frames?

    I have the essential config listed below along with the one statement
    that is causing the problem - adding a vlan mapping to an otherwise
    working SSID - in this case SSID test and vlan 15. Can anyone give me a
    clue as to what is stopping this working??? The client uses LEAP if
    that's any clue. TIA.

    !
    bridge irb
    !
    interface Dot11Radio0
    !
    encryption mode ciphers ckip
    !
    encryption vlan 15 key 1 size 128bit 7 <key1> transmit-key
    encryption vlan 15 mode wep mandatory
    !
    encryption vlan 26 key 1 size 128bit 7 <key2> transmit-key
    encryption vlan 26 mode wep mandatory
    !
    ssid primary-guest
    vlan 26
    authentication open eap eap_methods
    authentication network-eap eap_methods
    accounting acct_methods
    guest-mode
    !
    ssid test

    vlan 15 <-- adding this causes authentication to fail

    authentication open eap eap_methods
    authentication network-eap eap_methods
    accounting acct_methods
    !
    speed basic-1.0 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    rts threshold 2312
    station-role root fallback shutdown
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface FastEthernet0
    no ip address
    !
    interface FastEthernet0.15
    encapsulation dot1Q 15 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    !
    interface BVI1
    ip address 10.46.137.169 255.255.255.224
    !
    ip default-gateway 10.46.137.161
    , Jul 20, 2005
    #1
    1. Advertising

  2. David Taylor Guest

    > clue as to what is stopping this working??? The client uses LEAP if
    > that's any clue. TIA.


    Well it's not an answer to the question but that's not a great
    authentication method. Even Cisco admit that you'd be better off not
    using it.

    http://asleap.sourceforge.net/

    http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_bulletin09186
    a00801cc901.html

    http://www.lanarchitect.net/Articles/Wireless/LEAP/

    http://searchnetworking.techtarget.com/originalContent/0,289142,sid7
    _gci959510,00.html

    Strong password policies and numpty users just don't mix.

    David.
    David Taylor, Jul 21, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    572
  2. punisher
    Replies:
    2
    Views:
    2,080
    Charles Deling
    Nov 17, 2005
  3. Chris
    Replies:
    3
    Views:
    462
  4. Johnny
    Replies:
    11
    Views:
    3,075
    Cerebrus
    Aug 4, 2006
  5. Martijn Lievaart

    Mac to VLAN mapping on Cisco switches

    Martijn Lievaart, May 12, 2012, in forum: Cisco
    Replies:
    1
    Views:
    1,469
    Doug McIntyre
    May 12, 2012
Loading...

Share This Page