all the wireless client get ip address from the DHCP server. The wireless client keep at this asscociation processing atage . The same mac address stuck there till Client off power (after work).

Regards

Mc

do the wireless client get an IP address from the DHCP server? Do you enable encryption?

If encryption is enable (i.e. WEP), I will disable it and find out if the wireless clients can get an IP address or not. If you disable encryption fixes the problem, I think that the static WEP keys on the wireless clients and on the AP do not match.

Yes all the client get there ip address from the DHCP server, yes it is encryptiob with wep enable, The wep key is dymanic not quite possible for the wireless client to know the wep, Your advise please. Those client are centrino CCX mostly

Regards

Mc

I am confused. If you want dynamic WEP keys, you need to enable one of the 802.1x types or WPA-PSK.

From the output of show dot11 association, the state of the wireless clients is "Associated." If the clients use one of the 802.1x types, the output of show dot11 association should show the state as "LEAP-Assoc" or "EAP-Assoc" I deduce that you configure WPA-PSK. Can you confirm that you use WPA-PSK? Please post the AP configuration.

Hi,

Sorry for the confuseion, please view the configuration

SDC#sh ru

Building configuration...

Current configuration : 5163 bytes

!

! Last configuration change at 19:52:06 H Mon Aug 30 2004

! NVRAM config last updated at 19:52:06 H Mon Aug 30 2004

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime localtime

service password-encryption

!

hostname SDC

!

logging queue-limit 100

logging buffered informational

logging console informational

!

username xxx privilege 15 password xxxx

clock timezone H 8

ip subnet-zero

ip domain name default.domain

!

aaa new-model

!

!

aaa group server radius rad_eap

server 10.x.101.x auth-port 1645 acct-port 1646

server 10.x.101.x auth-port 1645 acct-port 1646

server 10.x.101.x auth-port 1645 acct-port 1646

!

aaa group server radius rad_acct

server 10.x.101.x auth-port 1645 acct-port 1646

server 10.x.101.x auth-port 1645 acct-port 1646

server 10.x.101.x auth-port 1645 acct-port 1646

!

aaa authentication login default local

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

aaa session-id common

dot11 network-map

no dot11 igmp snooping-helper

iapp standby timeout 5

iapp standby poll-frequency 1

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode wep mandatory

!

ssid tsunami

authentication open eap eap_methods

authentication network-eap eap_methods

accounting acct_methods

infrastructure-ssid optional

!

traffic-class background cw-min 5 cw-max 8 fixed-interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

ntp broadcast client

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.x.99.x 255.255.0.0

no ip route-cache

!

ip default-gateway 10.x.99.8

ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100

ip http authentication aaa

ip radius source-interface BVI1

!

ip access-list extended Voice_Over_IP_300

permit 119 any any

permit ip any any

ip access-list extended Voice_Over_IP_301

permit 119 any any

permit ip any any

logging facility local0

access-list 111 permit tcp any any neq telnet

snmp-server view iso_view iso included

snmp-server community admin view iso_view RW

snmp-server location avc

snmp-server contact xxxx

snmp-server enable traps snmp authentication

snmp-server enable traps tty

snmp-server enable traps disassociate

snmp-server enable traps deauthenticate

snmp-server enable traps authenticate-fail

radius-server host 10.x.x.x auth-port 1645 acct-port 1646 timeout 5 retransmit 3 key 7

radius-server host 10.x.x.x auth-port 1645 acct-port 1646 timeout 5 retransmit 3 key 7

radius-server host 10.x.x.x auth-port 1645 acct-port 1646 timeout 5 retransmit 3 key 7

radius-server deadtime 2

radius-server authorization permit missing Service-Type

radius-server vsa send accounting

radius-server vsa send authentication

bridge 1 route ip

!

!

!

line con 0

stopbits 1

line vty 0 4

access-class 111 in

line vty 5 15

access-class 111 in

!

ntp clock-period 17189129

end

The configuration looks OK. What kind of 802.1x type do you use? show dot11 assoc should show EAP-Assoc if the wireless client is EAP associated, which is configured on the AP. I have the following questions:

1. If you configure static IP, do you have IP connectivity?

2. Please go to the radius server log, do you see the radius server grants access to the wireless clients?

Hi,

Thanks for the prompt reply, Currently we've peap, eap-tls and leap authenication, I presume all are 802.1x,

1. If you configure static IP, do you have IP connectivity?

Yes I able to get connectivity to the AP

2. Please go to the radius server log, do you see the radius server grants access to the wireless clients?

FYI all the client are using Active direvtory for authenicated.

Regards

Mc,