09-06-2005 07:39 AM - edited 07-04-2021 11:06 AM
HI everyone..
Ok heres the scenario..
I've setup an AP as a local radius server and I can get all my infrastructure APs to authenticate with it.. however I cannot get the WDS to authenticate with the WLSE.. see below outputs..
WIG-ap03#sh wlccp wnm s
WNM IP Address : 192.168.94.250 Status : NOT AUTHENTICATED
And bits from my config off the WDS:
wlccp authentication-server infrastructure eap_methods
wlccp wds priority 255 interface BVI1
wlccp wnm ip address 192.168.94.250
wlccp ap username CiscoWLSE password 7 <removed>
On the WLSE I have the Wlccp credentials set to the same Radius username and password the AP's use to authenticate with the WDS.. no joy though
The WLSE is in the same subnet as the AP and can ping all the AP's.
Any help would be greatly appreciated.
Thanks
Tim
09-07-2005 12:36 AM
Also, am I right in thinking that the wlccp credentials you enter into the WLSE are basically the same as the "wlccp ap username password" you put into AP's?
Also, my SNMP strings and telnet passwords on the WLSE all work with the APs..
Please help lol :(:(
09-07-2005 06:05 AM
Hi Tim,
A co-worker of mine was having the exact same problem last week between the WDS and WLSE.The only way he could fix this problem was to upgrade the version on the WLSE to 2.9. What version are you running on the WLSE? Maybe this is the same problem.
HTH - Rob
09-07-2005 06:43 AM
I think its already 2.9.... see below output from the "about" button on the main page:
C) Copyright 2004 by Cisco Systems Inc.
Appliance 2.1wlse Tue Nov 9 07:15:33 UTC 2004
WLSE Release 2.9FCS Wed Nov 10 23:05:20 UTC 2004
WLSE1130
09-08-2005 06:54 AM
Hi,
I am having a similar issue. I have multiple WDS domains on separate IP Subnets. Only one has manged to authenticate the WLSE.
I am currently using WLSE Ver 2.11FCS.
Regards
Ian.
09-12-2005 12:03 AM
Hi,
I assume 2.11fcs is the latest version of WLSE software available?
I'm wondering if I should upgrade...
09-14-2005 10:11 AM
Hold off on your wlse upgrade 2.13 is comming out in the next week.
09-14-2005 08:59 AM
Hi there, Are you still encountering this issue? If so, the reason that one subnet has authenticated and the others have not is due to the fact that wlccp uses multicasts.
Zim
09-14-2005 01:01 PM
Version 12.2(15)XR2 works for me. When I tried later versions it wouldn't work. I use WLSE 2.11.
09-15-2005 05:12 AM
Hi Tim ... maybe Joel is onto something here. I talked to my co-worker who had been having the same problem with the WDS/WLSE authentication and he indicated that he also is using 12.2(15) for the AP's including the WDS. Perhaps this is the source of your problems.
hth - Rob
09-15-2005 05:43 AM
hmm
It seems 12.2(15) is deferred with serious problems.... the replacment is 12.3(7) which I am using... not sure whether I should use 12.2(15) if its deferred.. im sure the WLSE should authenticate to the WDS with other IOS versions?..... its silly if I have to use a old vulnerable IOS to fix the problem? :(
Thanks for your help though, still awaiting more reponse from Cisco TAC - they are looking into it.
09-23-2005 05:59 PM
Here are a couple things to check:
1. If you are running 12.3(4)JA on the WDS Primary check to make sure that the WDS primary has an arp entry for the WLSE using "sh arp". If it does not add a static arp entry for the WLSE pointing it to the default gateway of the WDS AP or enable proxy arp on default gateway interface of primary WDS ap.
2. If you are running ACS 3.3.3 there may be an issue with authentication to the ACS server. Enable "debug radius" on the WDS ap to see if the authentication ever completes. Generally you should see an access-accept when the WDS/WLSE authenticate.
The workaround for this is to enable local authentication on the WDS AP or downgrade ACS to 3.3.2.
10-24-2005 08:09 AM
Tim,
Did you manage to get this working, if so, how? I am having a similar problem with an WLSE Express box running 2.11FCS. I have set up a simple network with one WDS and one infrastructure AP and I'm using the WDS as a local radius sever. Everything works except that there is no WLSE authentication to the WDS. The APs are running 12.3(7)JA1.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide