Hi all,
I have a strange problem where Cisco Aironet 1702i will connect wireless RADIUS clients on 5GHz radio interface but not on 2.4GHz radio interface. This AP is running in Autonomous mode. RADIUS/EAP clients were initially able to connect to the 2.4 GHz interface but some time (a month) after deployment all RADIUS clients which are attempting to connect to the 2.4 GHz interface are unable to connect. There were no changes done on AP or the RADIUS server.
Here is IOS version that is running on this AP:
Cisco IOS Software, c1700 Software (AP3G2-K9W7-M), Version 15.3(3)JAB, RELEASE SOFTWARE (fc1)
Here is my AP config:
aaa new-model
!
!
aaa authentication login default group radius local
aaa authentication login eap_methods group radius
aaa authorization exec default group radius if-authenticated
aaa accounting delay-start
aaa accounting exec default start-stop group radius
aaa accounting system default start-stop group radiusip inspect WAAS flush-timeout 10
no dot11 igmp snooping-helper
dot11 syslog
dot11 vlan-name DMZ vlan 2
dot11 vlan-name INSIDE vlan 1
!
dot11 ssid Tsunami_2
vlan DMZ
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa version 2
accounting eap_methods
guest-mode
!
dot11 ssid Tsunami_5
vlan DMZ
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa version 2
accounting eap_methods
guest-mode
!
dot11 ssid Typhoon_2
vlan INSIDE
authentication open
authentication key-management wpa version 2
wpa-psk ascii some_password_for_non_eap_clients
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
ssid Tsunami_2
!
ssid Typhoon_2
!
antenna gain 0
stbc
station-role root
no dot11 extension aironet
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
!
interface Dot11Radio1
no ip address
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
ssid Tsunami_5
!
antenna gain 0
traffic-metrics aggregate-report
peakdetect
dfs band 2 3 block
stbc
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. a1ss7 a2ss7 a3ssnone
channel dfs
station-role root
no dot11 extension aironet
no cdp enable
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 spanning-disabled
no bridge-group 2 source-learning
!
interface GigabitEthernet1
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
mac-address 7c0e.ceee.1333
ip address 192.168.21.7 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
Non EAP clients can connect to the 2.4GHz interface on Typhoon_2 SSID without issues.
