Help with AP 1141N Authentication Issue

NetEng20k · ‎02-25-2020

I am attempting to add a new 1141N-A-K9 AP. I have 2 existing APs of the same kind up and running in my environment. I have copied the config from the running APs (AP2 and AP3) to this new AP (AP5) with no luck. Users cant authenticate to it. It connects with our PCs and cell phones but when you enter the password, it fails every time.

I've tried this every which way but I cant get this to work.

There is no WLC. These are just standalone APs.

The ssid of concern is Accutest.

I've pasted the configs below and have uploaded th .txt files as well. Please help!

Below is the config for AP2 which is running with no problems:

ASE-AP2#sh run
Building configuration...

Current configuration : 4590 bytes
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ASE-AP2
!
!
logging rate-limit console 9
enable secret 5 $1$75Vd$Yl7Pdgb5lcH9KBNEBZxA80
!
no aaa new-model
ip cef
no ip domain lookup
ip domain name ase.accutest.com
!
!
!
dot11 syslog
dot11 vlan-name Client vlan 8
dot11 vlan-name Management vlan 100
!
dot11 ssid Accutest
vlan 8
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 1533050D2F25252029
!
dot11 ssid Accutest-Guest
vlan 14
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 7 014154570E2C130A3258
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1841606166
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1841606166
revocation-check none
rsakeypair TP-self-signed-1841606166
!
!
crypto pki certificate chain TP-self-signed-1841606166
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383431 36303631 3636301E 170D3933 30353234 32313031
32335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38343136
30363136 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009858 89F67FC2 8CFF215F B069CEDA 9F5776A5 4A7364FD E1FCDD91 A3C7BA8A
286ED4D7 71D4F2BE A2CEF79C BBCA3460 36B228B0 1F3FE1ED A56E96F3 EE80072E
D62207B5 9446A4CD F036462D 2BAA69FE B33A1986 49431822 993F249D 62C74440
BF675CB1 C2667B74 D9E0A565 E20BDAB0 B124B0F9 3F047C18 F4E8589E 2CFF3130
01430203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 140B4E41 058FDC6F 9D39BD5F 3BFE47AD A45D50A3 80301D06
03551D0E 04160414 0B4E4105 8FDC6F9D 39BD5F3B FE47ADA4 5D50A380 300D0609
2A864886 F70D0101 05050003 81810021 BD7DB195 7244AAD5 D6AB4167 72A6C272
7FF0FCFE 8FD9687B 12F9A522 86611507 DE195278 48EDEC41 9EC0C893 FA7ABBB9
97257C87 CB651CB7 9E454A65 4C693C99 824503A2 049AC7C5 789BEA78 FD76E71B
8C58A66B D5B10788 30086C6D 48A7B973 D6D899E4 FA95AB60 1A1937BD F37D8882
326FFBA3 989F16A0 AE0DB40C F13AC0
quit
username admin privilege 15 secret 5 $1$EJYU$/mxBkmP2Vke5XPHPdPl2x/
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption vlan 8 mode ciphers tkip
!
encryption vlan 14 mode ciphers tkip
!
ssid Accutest
!
ssid Accutest-Guest
!
antenna gain 0
mbssid
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 2437
station-role root
!
interface Dot11Radio0.8
encapsulation dot1Q 8
bridge-group 8
bridge-group 8 subscriber-loop-control
bridge-group 8 spanning-disabled
bridge-group 8 block-unknown-source
no bridge-group 8 source-learning
no bridge-group 8 unicast-flooding
!
interface Dot11Radio0.14
encapsulation dot1Q 14
bridge-group 14
bridge-group 14 subscriber-loop-control
bridge-group 14 spanning-disabled
bridge-group 14 block-unknown-source
no bridge-group 14 source-learning
no bridge-group 14 unicast-flooding
!
interface Dot11Radio0.100
encapsulation dot1Q 100 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
no keepalive
!
interface GigabitEthernet0.8
encapsulation dot1Q 8
bridge-group 8
bridge-group 8 spanning-disabled
no bridge-group 8 source-learning
!
interface GigabitEthernet0.14
encapsulation dot1Q 14
bridge-group 14
bridge-group 14 spanning-disabled
no bridge-group 14 source-learning
!
interface GigabitEthernet0.100
encapsulation dot1Q 100 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address 10.30.100.13 255.255.255.0
!
ip default-gateway 10.30.100.1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip route 0.0.0.0 0.0.0.0 10.30.100.1
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
length 0
transport input ssh
line vty 5 15
timeout login response 300
login local
transport input ssh
!
end

ASE-AP2#

Below is the config for the new AP (AP5) that is having the authentication failure:

ASE-AP5#sh run
Building configuration...

Current configuration : 4718 bytes
!
! Last configuration change at 00:00:48 UTC Mon Mar 1 1993 by admin
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ASE-AP5
!
!
logging rate-limit console 9
enable secret 5 $1$4DBT$LYodEzaEnqI2dT4wZGxBN0
!
no aaa new-model
ip cef
no ip domain lookup
ip domain name ase.accutest.com
!
!
!
dot11 syslog
dot11 vlan-name Client vlan 8
dot11 vlan-name Management vlan 100
!
dot11 ssid Accutest
vlan 8
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 7 072E2F4D6506170116
!
dot11 ssid Accutest-Guest
vlan 14
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 014154570E2C130A3258
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1452959384
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1452959384
revocation-check none
rsakeypair TP-self-signed-1452959384
!
!
crypto pki certificate chain TP-self-signed-1452959384
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343532 39353933 3834301E 170D3933 30333031 30303133
35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34353239
35393338 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D181 25D06874 99B66DC2 BAA4BCE9 93BEBE79 306D8029 EEE63B25 3B7936BE
24CE71DC 70ACEF4D C5BD065B FBD03A55 E92E240A 1F0E9707 61885661 659524C7
5257644B CD058156 2B2BEBB2 C2FFDF45 43FE249A 638033E4 E3E77F55 EE6EEDA4
D14C6B46 08685770 B4F466DB F7A3D754 080FAACD 17C023AF 6327A273 F3B93047
2AF50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 142F4658 86124A6F E484CEE4 75A0E66B D9B7E5F0 56301D06
03551D0E 04160414 2F465886 124A6FE4 84CEE475 A0E66BD9 B7E5F056 300D0609
2A864886 F70D0101 05050003 81810041 FFF9D7CD 919FD8C6 B0ABFBA3 88DB1F82
7627B109 729DCEA5 F0B5D78E 0E91E2FF F32DDC4C F068C75A 53700F57 31FE65E9
F47CD010 822EE244 09B5C5E4 39467C37 3A1AEE79 1599DC7B 6B2798BF D58E1881
D49F6274 38AB4689 F112C40E 4E51B4A2 5E16ACE6 26077E57 9A83C0A0 AB590C39
ACB4725D B4776D9E F951C99F E9A6D8
quit
username Cisco password 7 05280F1C2243
username admin privilege 15 secret 5 $1$bxc2$uVlOY/cpW3BJPOH.CI6Ck1
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption vlan 8 mode ciphers tkip
!
encryption vlan 14 mode ciphers tkip
!
ssid Accutest
!
ssid Accutest-Guest
!
antenna gain 0
mbssid
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 2462
station-role root
!
interface Dot11Radio0.8
encapsulation dot1Q 8
bridge-group 8
bridge-group 8 subscriber-loop-control
bridge-group 8 spanning-disabled
bridge-group 8 block-unknown-source
no bridge-group 8 source-learning
no bridge-group 8 unicast-flooding
!
interface Dot11Radio0.14
encapsulation dot1Q 14
bridge-group 14
bridge-group 14 subscriber-loop-control
bridge-group 14 spanning-disabled
bridge-group 14 block-unknown-source
no bridge-group 14 source-learning
no bridge-group 14 unicast-flooding
!
interface Dot11Radio0.100
encapsulation dot1Q 100 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
no keepalive
!
interface GigabitEthernet0.8
encapsulation dot1Q 8
bridge-group 8
bridge-group 8 spanning-disabled
no bridge-group 8 source-learning
!
interface GigabitEthernet0.14
encapsulation dot1Q 14
bridge-group 14
bridge-group 14 spanning-disabled
no bridge-group 14 source-learning
!
interface GigabitEthernet0.100
encapsulation dot1Q 100 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address 10.30.100.15 255.255.255.0
!
ip default-gateway 10.30.100.1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip route 0.0.0.0 0.0.0.0 10.30.100.1
!
bridge 1 route ip
!
!
!
line con 0
logging synchronous
line vty 0 4
login local
length 0
transport input ssh
line vty 5 15
timeout login response 300
login local
transport input ssh
!
end

ASE-AP5#