Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
964
Views
13
Helpful
8
Replies

Can't get LEAP to work on new LWAPP WCS

bculler
Level 1
Level 1

‎03-23-2006 10:38 AM - edited ‎07-04-2021 11:50 AM

I have the WCS and LWAPP talking. If I do WEP or no encryption I can connect to the AP, once I turn on LEAP I get nothing.

1) On WCS in Security I have my ACS server defined.

2) On WLAN's under the SSID I have 802.1x checked in layer 2.

3) I am using 104 bit encryption.

4) On my ACS server I have a entry for the same IP address as VLAN2 (the vlan I am trying to connect to).

5) The AAA client is a "Cisco Radius Aironet".

When I look at my ACS server I don't get any logs for failed or passed attempts, it's like the request is never getting to the ACS server

I am using Cisco ADU for the client, it never passes the 1st step- "starting leap authentication"

WCS version - 3.2.116.21

AP LWAPP version - 12.3(7)JX3

ACS on Windows 2K version - 3.3(3) Build 11

ADU version - 2.6.0.1

Windows XP SP2

WHAT THE HECK AM I MISSING?????

Labels:
0 Helpful
8 Replies 8

a-vazquez
Level 6
Level 6

‎03-29-2006 11:28 AM

Which IP address is configured on the ACS server for adding the WLAN controller as a AAA client. It should be the management interface IP address. Check on this.

phil.s
Level 1
Level 1

‎04-04-2006 01:42 PM

Try setting your layer 2 security to WPA or WPA2 rathr than 802.1x. If you're using a client that supports LEAP, it should support WPA as well (latest version of Centrino drivers support more than you could ever want!)

Personally, now WPA and WPA2 are out and well supported, I don't really see any need to be trying to get WEP working, even in it's dynamic form.

Also, even if you select RADIUS (Cisco Aironet) on the ACS Server, it seems to prefer ports 1812 rather than 1645 - I've got LEAP, EAP-FAST, PEAP and EAP-TLS all working between a WLC and an ACS using WPA/WPA2 encryption and the WLC/ACS talking on port 1812...

sungy
Level 1
Level 1

‎04-04-2006 09:33 PM

ACS server should have an entry of the controller management interface ip address. It is that interface that will be talking RADIUS with ACS and not the virtual interface ip address for your vlan 2.

tjbrickner
Level 1
Level 1

‎07-27-2006 05:24 AM

I'm also having the same problem, trying with an Atheros client and 128 encryption though, same everything else. I'm going to try WPA today and see where that gets me. Did anyone figure this out yet? As with the previous suggestions, the management IP is in as a AAA client.

0 Helpful

bculler
Level 1
Level 1
In response to tjbrickner

‎07-27-2006 11:19 AM

is your Radius server on the same subnet as your management interface?

tjbrickner
Level 1
Level 1
In response to bculler

‎07-27-2006 01:24 PM

nope, two different VLANs

0 Helpful

tjbrickner
Level 1
Level 1
In response to tjbrickner

‎07-28-2006 05:21 AM

Should have specified this better. Two different subnets and there are routes with them able to talk to each other.

0 Helpful

tjbrickner
Level 1
Level 1

‎07-27-2006 10:23 AM

So I setup up WPA and now everything is working, which is great, but we have handheld devices that can't do WPA. So can anyone give me some guidance as to how to get it working with WEP?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card