cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

11984
Views
0
Helpful
10
Replies

Wifi WPA2 Enterprise with RADIUS - Connection Problem

Hello,

I have here a brand new ISA 570w with the latest firmware (1.2.17).

Anyway, I can't get the wifi to work in WPA2 Enterprise mode with RADIUS authentication.

WPA2 PSK mode is no problem.

I configured the RADIUS properly and I can connect directly to it via NTRadPing without any problem. Also the test in the web interface works without any issues (see screenshot 2,3).

The RADIUS server is a Synology RADIUS Server on a Synology NAS, which is a FreeRADIUS server under the hood.

In the wireless settings of the ISA I set this RADIUS server for authentication (see screenshot 1,4).

However, I can't connect connect to the network:

On the iPhone (iOS 6.1.3) I get a prompt for a username and password, but when I click connect it says 'Connect to "cisco3"...' and stays there.

In the log of the ISA 570w it says:

Information

Wireless

msg=Add station MAC in ATU list;VID=5;MAC=5C:59:48:02:78:3E;

Information

Wireless

msg=Wireless mode is 802.11 b_g_n mixed

When I cancel the attempt to connect it says:

Information

Wireless

msg=The Client has disassociated;

On my Thinkpad with Windows 7 Professional I configured everything as usual (see screenshots 5,6,7,8) but when I try to connect I don't get a prompt where I'm asked for username and password and finally the connection can't be established (see screenshot 9). Also tried it with the same configuration on another fresh installed Windows 7 Pro notebook with the same issue.

In the logs of the RADIUS I can't see any attempts from the ISA 570w to authenticate anything.

Also the capture of the network traffic on the LAN port to the Synology NAS doesn't show any RADIUS packets.

I already disabled CDP because I read that this may cause problems, but it didn't help.

Can you please suggest anything else I can try?

Thanks in advance!

Kind regards,

Dominik

1 ACCEPTED SOLUTION

Accepted Solutions

I did see those screenshots however that settings screen comes from selecting the Configure button next to the Authentication Method in the User Authentication section under Users.  In each of your screenshots, the RADIUS Server ID number is 1 so I would also ensure that I've configured RADIUS Server ID 1 which can only be configured by going to Users -> RADIUS Servers.

All that said, I did see that your tests succeeded and I also don't understand the point of having RADIUS settings on the other screens and then having RADIUS ID info.  My thinking is that you would be able to configure RADIUS once in the Users -> RADIUS Servers screen and then select the RADIUS Server ID in all the remaining screens without having to enter the RADIUS info over and over again.  It would also think that you could skip the Users -> RADIUS Server screen and enter the RADIUS information over and over again and it should work...just like you set it up originally.  However, based on past experience of programmatic errors, I would recommend configuring the RADIUS Server ID 1 under Users -> RADIUS Servers if you haven't already...just in case. 

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

View solution in original post

10 REPLIES 10

rest of the screenshots...

Have you tried running WPA2-Enterprise only instead of WPA/WPA2 Mixed? I've had mixed results with Mixed mode, no pun intended.

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Hi Shawn,

thanks for the reply.

Yes, I already tried this before and just tried it again with no success.

Also tried to change the default name to cisco-test, but this didn't the trick.

I can see that the ISA 570w receives some packages from my computer, but doesn't send any:

Name

cisco-test

Rx Packets

0

Tx Packets

30

Any more ideas?

In the Users -> User Authentication, did you change the Authentication Method to RADIUS or RADIUS + Local Database?

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

To RADIUS + Local Database

Just changed it to RADIUS only without success.

I will do a factory reset now and configure it again. Let's see if this helps...

And you configured RADIUS 1 under Users -> RADIUS Servers with the appropriate settings?

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Yep, as you can see in screenshots 2 and 3 the test works fine.

I did see those screenshots however that settings screen comes from selecting the Configure button next to the Authentication Method in the User Authentication section under Users.  In each of your screenshots, the RADIUS Server ID number is 1 so I would also ensure that I've configured RADIUS Server ID 1 which can only be configured by going to Users -> RADIUS Servers.

All that said, I did see that your tests succeeded and I also don't understand the point of having RADIUS settings on the other screens and then having RADIUS ID info.  My thinking is that you would be able to configure RADIUS once in the Users -> RADIUS Servers screen and then select the RADIUS Server ID in all the remaining screens without having to enter the RADIUS info over and over again.  It would also think that you could skip the Users -> RADIUS Server screen and enter the RADIUS information over and over again and it should work...just like you set it up originally.  However, based on past experience of programmatic errors, I would recommend configuring the RADIUS Server ID 1 under Users -> RADIUS Servers if you haven't already...just in case. 

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

This did the trick!

I started entering the RADIUS info in the wireless connection settings and not in the RADIUS server settings in the Users section. Since the settings were also in the RADIUS server settings in the Users section when I looked it up after setting it up in the Wireless section, I didn't bother with that.

After refreshing them in the Users->RADIUS server section and also refreshing them in the Users->User Authentication and Wireless->Basic Settings in the right network everything works fine now, I get a prompt for user and pw and also I'm asked on the iPhone if I want to accept the certificate.

Tank you so much for the help!