I'm trying to setup a 871 to authenticate users using PEAP over a site-to-site VPN to an MS IAS server. I setup the IAS according to an MS document. I have the site-to-site up and connected but can't get the client to authenticate. When I check the IAS logs, I show no activity at all. So I suspect a problem with the ACL, but don't really know. My cleaned config is attached below. Any and all help is much appreciated.
Solved! Go to Solution.
Wow! Thanks, that got me authenticated. I knew it was going to be something incredibly simple.
Now, I'm authenticated, but not getting a dhcp address. I'm questioning the statement "no ip dhcp use vrf connected", I don't know what that means, I'm going to try removing it and see what happens.
OK, I'm still not getting DHCP to work, I configured an IP helper for the radio interface pointing back to the BVI, but to no avail.
I also tried toggling the "use vrf connected" and still nothing.
If you have an idea, I'd love it, but if not, I'll start another thread. Thanks again.
IPHELPER should be on the AP side of the Router or L3 switch, pointing to the DHCP server.
IPHELPER converts/packages the DHCP broadcast into a unicast aimed at the DHCP server. The DHCP server will unicast the address bid back to the requester.
Also be advised that other broadcasts are passed by default. You can configure which broadcasts that IPHELPER will "help" if this is an issue for you.
I think I follow you when you say the "AP Side", but I've tried that. I applied IPHELPER pointing to the BVI1 interface to both the dot11radio0 and dot11radio0.1. Is there something I need to do to tell the router that I want the BVI1 interface to be the DHCP server?
At this point extranieous broadcasts are fine, I just want to get it working, I figure then I can fine tune it until I break it again.