12-06-2009 05:22 PM - edited 07-03-2021 06:19 PM
I am attempting to set up a WDS using 1240 series access points as the WDS APs. I believe that I have the set up correctly done, but 1240 series AP that is the infrastructure client say the the RADIUS server is dead that is on the 1240 wds-server, below are the configurations of the 1240 aps:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Current configuration : 2060 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname wds-infrastructure
!
enable secret 5 $1$WAa4$.q5Q8IQOxlW6Ge9X5A9340
!
aaa new-model
!
!
aaa group server radius wds-server
server 192.168.10.1 auth-port 1812 acct-port 1813
!
aaa authentication login wds-server group wds-server
!
aaa session-id common
!
!
!
dot11 ssid infrastructure
authentication open eap wds
authentication network-eap wds
authentication key-management cckm
!
power inline negotiation prestandard source
eap profile wds
method fast
method leap
!
!
!
username Cisco password 7 01300F175804
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid infrastructure
!
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.10.2 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
radius-server host 192.168.10.1 auth-port 1812 acct-port 1813 key 7 0214055F02131C
bridge 1 route ip
!
!
wlccp ap username user password 7 13151601181B0B382F
wlccp authentication-server infrastructure wds-server
wlccp wds priority 100 interface BVI1
!
line con 0
line vty 0 4
!
end
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Current configuration : 2241 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname wds-server
!
enable secret 5 $1$WAa4$.q5Q8IQOxlW6Ge9X5A9340
!
aaa new-model
!
!
aaa group server radius wds-server
server 192.168.10.1 auth-port 1812 acct-port 1813
!
aaa authentication login wds-server group wds-server
!
aaa session-id common
!
!
!
dot11 ssid infrastructure
authentication open eap wds
authentication network-eap wds
authentication key-management cckm
!
power inline negotiation prestandard source
eap profile wds
method fast
method leap
!
!
!
username Cisco password 7 106D000A0618
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid infrastructure
!
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.10.1 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
radius-server local
nas 192.168.10.1 key 7 08334D4A000C16
nas 192.168.10.2 key 7 111B18011E0718
user user nthash 7 0403535259071B6B283C204F34295D557D0A0078651706375F455323010C000577
!
radius-server host 192.168.10.1 auth-port 1812 acct-port 1813 key 7 0214055F02131C
bridge 1 route ip
!
!
wlccp ap username user password 7 13151601181B0B382F
wlccp authentication-server infrastructure wds-server
wlccp wds priority 200 interface BVI1
!
line con 0
line vty 0 4
!
end
here are some output from the devices:
wds-infrastructure
*Mar 1 00:11:45.325: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.10.1:1812,1813 is not responding.
*Mar 1 00:11:45.325: %RADIUS-4-RADIUS_ALIVE: RADIUS server 192.168.10.1:1812,1813 has returned.
wds-infrastructure
command: debug wlccp wds all
*Mar 1 00:13:51.468: WDS: WLCCP_TYPE_AAA (START) rcvd, Org = 0023.5e02.8318, Rsp = 0023.5e02.8318, Req 0023.5e02.8318, id 1
auth 4 key 0
*Mar 1 00:13:51.468: WDS: WLCCP_TYPE_AAA (EAPOL) sent with Source IP = 192.168.10.2, Org = 0023.5e02.8318, Rsp = 0023.5e02.8
318, Req 0023.5e02.8318, auth 4, key 0
*Mar 1 00:13:51.469: WDS: WLCCP_TYPE_AAA (START) rcvd, Org = 0023.5e02.8318, Rsp = 0023.5e02.8318, Req 0023.5e02.8318, id 1
auth 4 key 0
*Mar 1 00:13:51.470: WDS: WLCCP_TYPE_AAA (EAP Request) rcvd, Org = 0023.5e02.8318, Rsp = 0023.5e02.8318, Req 0023.5e02.8318,
id 2 auth 0 key 0
*Mar 1 00:13:51.470: WDS: WLCCP_TYPE_AAA (EAP Request) rcvd, Org = 0023.5e02.8318, Rsp = 0023.5e02.8318, Req 0023.5e02.8318,
id 2 auth 0 key 0
*Mar 1 00:14:22.640: WDS: WLCCP_TYPE_AAA (EAPOL) sent with Source IP = 192.168.10.2, Org = 0023.5e02.8318, Rsp = 0023.5e02.8
318, Req 0023.5e02.8318, auth 4, key 0
*Mar 1 00:14:22.640: WDS: DOT11_AAA_FAILURE ...
*Mar 1 00:14:22.640: WDS: WLCCP_TYPE_AAA (FINISH) sent with Source IP = 192.168.10.2, Org = 0023.5e02.8318, Rsp = 0023.5e02.
8318, Req 0023.5e02.8318, auth 4, key 0
*Mar 1 00:14:22.640: WDS: DOT11_AAA_FAILURE ...
wds-infrastructure#show wlccp ap
WDS = 0023.5e02.8318, 192.168.10.2
state = wlccp_ap_st_init
IN Authenticator = 192.168.10.2
It looks like the client device is only attempting to talk to itself, or the WDS server is making no attempt to respond to the infrastructure ap. A constraints for this project are that there cannot be a stand alone RADIUS server.Any help would be greatly appreaciated.
12-07-2009 07:27 AM
hello,
please check the "show wlccp ap" on the wds-server first.
I missing the comand " ip radius source-interface BVI1 "
miro
01-13-2010 12:01 PM
Sorry for the extremely late response but here is the ouput you requested:
wds-server#show wlccp ap
WDS = 0023.5e02.ac80, 192.168.10.1
state = wlccp_ap_st_registered
IN Authenticator = 192.168.10.1
MN Authenticator = 192.168.10.1
wds-infrastructure#show wlccp ap
WDS not discovered
Also I have added:
ip radius source-interface to both the server and the infrastructure device
07-02-2010 12:14 AM
Hi there,
I am just trying to configure the same topology. So did it work???
05-29-2011 07:50 AM
Hi,
Please mark the Question as Answered if the provided information is correct and issue is fixed.
thanks,
Vinay
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide