MAC & Static WEP Authentication

bm_5789 · ‎01-18-2005

I'm running ap1200 with ACS 3.3.

My scenario:

Vlan2, 3 and 4 - LEAP & MAC authen

Vlan5 and 6 - MAC & Static WEP

Vlan7 - MAC Authen

Vlan 10 - Management

Vlans 2, 3 and 4 work correctly. Same with Vlan 7 and 10.

Vlans 5 and 6 are a problem. No association to the AP. Static wep keys and ssid's have been entered and reentered several times. No solution has been found. Anyone have any ideas?

paddyxdoyle · ‎01-19-2005

Hi,

The config i have used to test this which works using ACS3.2 is:

aaa authentication login mac_methods group rad_mac

aaa group server radius rad_mac

server auth-port 1645 acct-port 1646

radius-server host auth-port 1645 acct-port 1646 key 0

interface Dot11Radio0

ssid

vlan

authentication open mac-address mac_methods

encryption vlan key 1 size 128bit xxxx transmit-key

encryption vlan mode wep mandatory

Might be worth comparing with yours?

HTH

Paddy

bm_5789 · ‎01-19-2005

Thanks for the config. I've gone over mine and it looks identical. I've pretty much gone over all aspects; ssid, wep keys, ip address, SM, gateway, I've run out of ideas.

paddyxdoyle · ‎01-19-2005

What happens if you change these VLANs to use say LEAP and MAC authen which you know works

Could it be a VLAN configuration issue with 5 & 6 on you AP?

The steps in the cisco doc using vlan1,2,&3 as examples show:

1. Configure or confirm the configuration of these VLANs on one of the switches on your LAN.

2. On the access point, assign an SSID to each VLAN.

3. Assign authentication types to each SSID.

4. Configure VLAN 1, the Management VLAN, on both the fastethernet and dot11radio interfaces on the access point. You should make this VLAN the native VLAN.

5. Configure VLANs 2 and 3 on both the fastethernet and dot11radio interfaces on the access point.

6. Configure the client devices.

Rgds

Paddy