Re: Cannot get WLSE to authenticate with WDS

tgregory9 · ‎09-06-2005

HI everyone..

Ok heres the scenario..

I've setup an AP as a local radius server and I can get all my infrastructure APs to authenticate with it.. however I cannot get the WDS to authenticate with the WLSE.. see below outputs..

WIG-ap03#sh wlccp wnm s

WNM IP Address : 192.168.94.250 Status : NOT AUTHENTICATED

And bits from my config off the WDS:

wlccp authentication-server infrastructure eap_methods

wlccp wds priority 255 interface BVI1

wlccp wnm ip address 192.168.94.250

wlccp ap username CiscoWLSE password 7 <removed>

On the WLSE I have the Wlccp credentials set to the same Radius username and password the AP's use to authenticate with the WDS.. no joy though

The WLSE is in the same subnet as the AP and can ping all the AP's.

Any help would be greatly appreciated.

Thanks

Tim

tgregory9 · ‎09-07-2005

Also, am I right in thinking that the wlccp credentials you enter into the WLSE are basically the same as the "wlccp ap username password" you put into AP's?

Also, my SNMP strings and telnet passwords on the WLSE all work with the APs..

Please help lol :(:(

Rob Huffman · ‎09-07-2005

Hi Tim,

A co-worker of mine was having the exact same problem last week between the WDS and WLSE.The only way he could fix this problem was to upgrade the version on the WLSE to 2.9. What version are you running on the WLSE? Maybe this is the same problem.

HTH - Rob

tgregory9 · ‎09-07-2005

I think its already 2.9.... see below output from the "about" button on the main page:

Appliance 2.1wlse Tue Nov 9 07:15:33 UTC 2004

WLSE Release 2.9FCS Wed Nov 10 23:05:20 UTC 2004

WLSE1130

iwearing · ‎09-08-2005

Hi,

I am having a similar issue. I have multiple WDS domains on separate IP Subnets. Only one has manged to authenticate the WLSE.

I am currently using WLSE Ver 2.11FCS.

Regards

Ian.

tgregory9 · ‎09-12-2005

Hi,

I assume 2.11fcs is the latest version of WLSE software available?

I'm wondering if I should upgrade...

sethgarnar · ‎09-14-2005

Hold off on your wlse upgrade 2.13 is comming out in the next week.

amakan · ‎09-14-2005

Hi there, Are you still encountering this issue? If so, the reason that one subnet has authenticated and the others have not is due to the fact that wlccp uses multicasts.

Zim

jmorgan · ‎09-14-2005

Version 12.2(15)XR2 works for me. When I tried later versions it wouldn't work. I use WLSE 2.11.

Rob Huffman · ‎09-15-2005

Hi Tim ... maybe Joel is onto something here. I talked to my co-worker who had been having the same problem with the WDS/WLSE authentication and he indicated that he also is using 12.2(15) for the AP's including the WDS. Perhaps this is the source of your problems.

hth - Rob

tgregory9 · ‎09-15-2005

hmm

It seems 12.2(15) is deferred with serious problems.... the replacment is 12.3(7) which I am using... not sure whether I should use 12.2(15) if its deferred.. im sure the WLSE should authenticate to the WDS with other IOS versions?..... its silly if I have to use a old vulnerable IOS to fix the problem? :(

Thanks for your help though, still awaiting more reponse from Cisco TAC - they are looking into it.

stschmidt · ‎09-23-2005

Here are a couple things to check:

1. If you are running 12.3(4)JA on the WDS Primary check to make sure that the WDS primary has an arp entry for the WLSE using "sh arp". If it does not add a static arp entry for the WLSE pointing it to the default gateway of the WDS AP or enable proxy arp on default gateway interface of primary WDS ap.

2. If you are running ACS 3.3.3 there may be an issue with authentication to the ACS server. Enable "debug radius" on the WDS ap to see if the authentication ever completes. Generally you should see an access-accept when the WDS/WLSE authenticate.

The workaround for this is to enable local authentication on the WDS AP or downgrade ACS to 3.3.2.

barryfowles · ‎10-24-2005

Tim,

Did you manage to get this working, if so, how? I am having a similar problem with an WLSE Express box running 2.11FCS. I have set up a simple network with one WDS and one infrastructure AP and I'm using the WDS as a local radius sever. Everything works except that there is no WLSE authentication to the WDS. The APs are running 12.3(7)JA1.