Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1619
Views
0
Helpful
4
Replies

Cisco 1240AG AP as WDS Radius Server

exonetinf1nity
Level 1
Level 1

‎08-13-2009 04:54 AM - edited ‎07-03-2021 05:56 PM

Greetings, we have a need to deploy an autonomous wireless network which will support 7921G handsets and various client data devices, there will be 5 AP's in total, 4 x 1130AG's and 1 x 1240AG.

As we don't have the budget for Cisco ACS i would like the use the 1240AG as the radius server so that we can configure WDS and fast secure roaming, however looking at both the design guide for UC over Wireless and the 1240AG configuration guide i am having trouble defining what is best practise in terms of authentication and encryption required to support 7921G handsets and fast secure roaming in this scenario.

Would i be correct in assuming that i need to use WEP+LEAP in addition to configuring local accounts on the 1240AG AP for authenticating Infrastructure AP's and Client devices?

http://www.cisco.com/en/US/products/hw/wireless/ps458/products_configuration_example09186a008059a559.shtml

Any assistance would be much appreciated.

Regards

Labels:
0 Helpful
4 Replies 4

dancampb
Level 7
Level 7

‎08-13-2009 05:20 AM

You could do LEAP or EAP-FAST for the authentication. I would highly recommend using CCKM. CCKM is what gives you the fast secure roaming.

0 Helpful

exonetinf1nity
Level 1
Level 1
In response to dancampb

‎08-13-2009 06:12 AM

Thank you for your reply, ive got a 1240AG in the lab and configured WDS without issue, unfortunately i am unable to select CCKM under the SSID manager, i have followed through the "Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services" guide but am unsure where im going wrong.

1. Clear AP Config

2. Set Cipher for A/G Radios to CKIP-CMIC

3. Naigate to SSID Manager

4. Create new SSID specifying Network EAP for authentication

5. Define Key Management as Mandatory and use CCKM

6. Click Apply

7. Error message "Error Key Management WPA is required for "WPA Pre-Shared Key"

Any help would be much appreciated

Regards

0 Helpful

mborga
Level 1
Level 1
In response to exonetinf1nity

‎08-27-2009 03:41 AM

Hello exonetinf1nity, I also had similar issues. CKIP-CMIC is as far as I know not recommended with WPA. Try with WPA & CCKM and Cipher TKIP (if your client support TKIP/WPA). Try to tonfigure the option in CLI instead of GUI. Finally, check with on CLI "show dot11 associations all-client" if the client which should have CCKM have CCKM for Key-Management

Regards

0 Helpful

exonetinf1nity
Level 1
Level 1
In response to mborga

‎08-27-2009 05:56 AM

Thank you for your replies, finally got it working, configured the ciphers as TKIP and configured wpa cckm for key management under the ssid.

Problem was i missed the basic rate settings for both the A and G radios, ive now changed the basic rates to the following and it has fixed the issue, much thanks to Cisco TAC, i then found the 7921G deployment guide which states that these settings should exist in order for the handsets to operate properly, my mistake!

It should be noted though that the final configuration couldnt be applied via the web interface and only worked through the CLI, interesting :)

int dot11r0

speed basic-11.0 18.0 24.0 36.0 48.0 54.0

!

int dot11r1

speed basic-12.0 18.0 24.0 36.0 48.0 54.0

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card