cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Cisco 1142 AP as WGB

dominikhug
Beginner
Beginner

Hi

I'm trying to connect a full-IOS Cisco 1142 access point as WGB to our WLAN infrastructure.

I have these settings configured on our WLC:

wlc.JPG

There is a Win2k8 R2 NPS (Network Policy Server) RADIUS server in the background for handling the authentications against the active directory. I can see passed authentication in the event log.

The WGB is configured like this:

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

logging rate-limit console 9

enable secret 5 $1$YnK.$37j/OyuZDBr4DSnAEHWFT1

!

no aaa new-model

!

!

dot11 syslog

!

dot11 ssid InternalSSID

   authentication open eap eap_methods

   authentication network-eap eap_methods

   authentication key-management cckm

   dot1x credentials ADCred

   dot1x eap profile EAPProfile

   infrastructure-ssid

!

eap profile EAPProfile

method mschapv2

!

!

!

dot1x credentials ADCred

username ADUsername

password ADPassword

!

username Cisco password 7 01300F175804

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

shutdown

antenna gain 0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm

!

ssid InternalSSID

!

antenna gain 0

station-role workgroup-bridge

bridge-group 1

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

ip address dhcp client-id GigabitEthernet0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

login local

!

end

I'm able to get a association to an AP but I'm not able to authenticate.

ap#sh dot11 associations all-client

Address           : 0026.994f.xxxx     Name             : APName

IP Address        : xx.xx.xx.xx.       Interface        : Dot11Radio 1

Device            : LWAPP-Parent      Software Version : NONE

CCX Version       : 5                  Client MFP       : On

State             : EAP-Assoc          Parent           : -

SSID              : InternalSSID

VLAN              : 0

Hops to Infra     : 0                  Association Id   : 1

Tunnel Address    : 0.0.0.0

Key Mgmt type     : CCKM               Encryption       : AES-CCMP

Current Rate      : m15.               Capability       : WMM

Supported Rates   : 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

Voice Rates       : disabled           Bandwidth        : 40 MHz

Signal Strength   : -54  dBm           Connected for    : 0 seconds

Signal to Noise   : 45  dB            Activity Timeout : 15 seconds

Power-save        : Off                Last Activity    : 0 seconds ago

Apsd DE AC(s)     : NONE

Packets Input     : 2287               Packets Output   : 225

Bytes Input       : 553482             Bytes Output     : 26055

Duplicates Rcvd   : 45                 Data Retries     : 0

Decrypt Failed    : 0                  RTS Retries      : 0

MIC Failed        : 0                  MIC Missing      : 0

Packets Redirected: 0                  Redirect Filtered: 0

Protocol                    Status            Auth     Port     WGB

Can somebody help me? Do I have to post more information?

Thank you!

13 REPLIES 13

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru

Have you looked at this doc?

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080905cea.shtml

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Hi Scott

I read different documents including the one you mentioned.

I used this doc for configuring because is uses exactly the same methods I use:

WGB Roaming: Internal details and Configuration

https://supportforums.cisco.com/docs/DOC-14944

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru

Well as a WGB, you would connect that to a single SSID and everything should pass right through. So all you need us for the WGB to associate to your WLAN SSID.

Simple sample config

http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_lwap.html#wp1895378

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

I've added guest-mode because this is the only difference between the sample config and my config but it still doesn't work.

On console I can see this message:

%DOT11-4-CANT_ASSOC: Interface Dot11Radio1, cannot associate: Too many retries

And I think the WGB ist flapping between different reachable APs propagating the same SSID. Is it possible to change this behaviour?