Solved: Re: WLSE not authenticating with 12.3(4)JA?

MATTHEW BALYUZI · ‎04-21-2005

I've just upgraded a couple of our WDS master access points to 12.3(4)JA and find that they are no longer able to authenticate with wlse.

Has anyone else seen this?

Other access points are authenticating against the WDS master with no problem, but there doesn't seem to be any attempt by wlse to authenticate against the WDS master.

I have noticed that whilst I can happily ping wlse from the WDS master something else on the access point is trying to arp for the WLSE address on the local subnet - (WLSE is on a different subnet).

me-wap-wds1#sh ip arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 172.16.66.222 - 000d.28d3.38af ARPA BVI1

Internet 172.16.66.210 60 0011.20eb.0c86 ARPA BVI1

Internet 172.16.66.211 60 000f.f715.b044 ARPA BVI1

Internet 172.18.4.11 0 Incomplete ARPA

Internet 172.16.66.1 0 0001.30bd.5d00 ARPA BVI1

Bug in the wlccp code?

bacland · ‎04-29-2005

This is a known bug, ID: CSCsa90418.

WDS AP running 12.3(4)JA unable to authenticate with WLSE

Workaround(s):

1) Turn on proxy arp (ip proxy-arp) on the router that is the first hop from

the AP-WDS to the WLSE OR

2) If proxy arp cannot be enabled for some reason, then create a static arp

entry on the AP.

I have downgraded to 12.3(2)JA and will wait for 12.3(4)JA to be fixed.

View solution in original post

rmushtaq · ‎04-21-2005

Is WLSE at the latest 2.11 version?

MATTHEW BALYUZI · ‎04-22-2005

Yes it is.

rmushtaq · ‎04-22-2005

Try if you can use the 12.3(2)JA/JA2 to see if it works.

MATTHEW BALYUZI · ‎04-25-2005

The bulk of our access points are on 12.3(2)JA2 - and this is working fine.

I'm still rather suspicious that the AP seems to be ARPing for the WLSE address despite it being on another subnet - hence my suspicion that something has broken in the 12.3(4) wlccp code.

I've also tried configuring a 12.3(4) AP from scratch and see the same problem.

jklausse · ‎04-25-2005

Strange,

I have WLSE 2.11 and 1232AG AP's working well with 12.3(4)!

Do you have differente AP HW in your solution?

MATTHEW BALYUZI · ‎04-27-2005

I've seen this on 1100s and 1131s.

Do you have WLSE on a different subnet to the APs + proxy-arp off on your routers?

wbrowning · ‎04-26-2005

I am seeing the exact same problem you are. I upgraded our WLSE to 2.11 and our APs to 12.3(4)and now all attempts at authenticating WLSE to WDS fail.

I have both 1100 and 1210 series APs and the problem is happening on both models. Other APs authenticate to the WDS with no problems, however.

It MUST be a bug in the code. I am going to open a TAC Case tomorrow.

MATTHEW BALYUZI · ‎04-27-2005

Excellent, at least I know I'm not going totally mad :-)

Do you also see the odd ARP entry?

wbrowning · ‎04-27-2005

Yes, the 'show ip arp' output I'm seeing matches the output you posted earlier.

Very odd indeed. I'm glad I'm not the only one experiencing this. Racked my brain for 2 days before I checked the forums.

bacland · ‎04-27-2005

Ok, this is actually the same person that posted as wbrowning, I just got my own account.

Here's an update. I have opened a TAC Case w/ Cisco regarding this error. In the meantime, I have downgraded my access points to 12.3(2)JA and the problem has been resolved.

I did a 'show ip arp' on the access points now running 12.3(2)JA and the WLSE no longer shows up in the table.

I would say all this points to a bug in 12.3(4)JA. I'll let you know when I get a resolution on the TAC Case.

bacland · ‎04-29-2005