12-09-2004 01:38 PM - edited 03-05-2019 11:21 AM
This is probably two questions in one, but they are the same issue that I'm trying to troubleshoot. Members of our management are having trouble going from one building on our site to another. Each building has its own Aironet 1100, and supposedly configured identical. I've been working with another team member to resolve this issue, but we cannot come to a resolution.
Most of our management team uses IBM Thinkpads - good ones, but not the latest. I personlly have Linksys 802.11b-g card in my T20 for the test. Mangement team members say that when they go from one building to another, they sometimes hibernate their laptop after being authenticated in their building, and go to another building for a meeting. Once there they bring the laptop back up but can't authenticate to the different WAP.
I have not tried to do the building change yet, but when I did a hibernate on my laptop in my building and brought it back up, I was prompted to authenticate. We use RADIUS for authentication, so I thought it may be something related to that. The log shows the following every 30 seconds, which I would expect. T11-7-AUTH_FAILED: Station 000c.41fc.7721 Authentication failed
Dec 9 15:17:57.516 zone: %DO -- However every 30 seconds I'm prompted, even sometimes when I'm entering the information into the login box. Finally after 3 attempts it connected. There doesn't appear to be any relevant explanation at cisco.com for the above error.
Managers are saying that when they go to a new building and try to authenticate, they are looking at Network Connections\Properties on their laptops, in the issues explained above. The status shows "Attempting to Authenticate", and it hangs. Is this a known issue? I'm wondering if it's not laptop related (user?)
I was not involved in setting this up, but have been asked to look into it. All devices are the same = - Aironet 1100 - 12.2(15) All of the site switches go back to the same core switches/RSM's.
Can someone point me to any issues that maybe I missed? I wondered if it was ARP? How does a WAP pass off authentication? Maybe that's it.
Thanks in advance,
Jim
12-09-2004 05:40 PM
I believe your problem lies in the encryption (changing the AP should change the encryption seeds.
You may want to investigate Wireless Domain Services (WDS).
The short story there is that as you pass from one AP to another, the hashed credentials are sent from the original authenticator to the next.... maintaining the connection.
In it's ultimate configuration, you'd use a WLSE to manage the system and a WLSM blade in your 6500. For a two AP system, that's gonna be overkill (to the max). As a minumum system, you can designate one AP as a manager (and still use it as an AP, but the client count supported is reduced).
I'd suggest you search the main Cisco site for "WDS" and "SWAN" to give you an idea of the architecture and the setup recommendations.
Good Luck
Scott
12-10-2004 07:47 AM
Thanks Scott.
Another corporate group manages the setup of the wireless devices corporate and world wide, but we are expected to troubleshoot our local devices. According to those folks, our access points are set up identical to other offices which are working fine. That's why I wondered if there were any LAN compatability issues for this.
I'll spend some time on the WDS and SWAN and compare it with our current configs.
Jim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide