cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
677
Views
0
Helpful
6
Replies

Wi-Fi Deployment Issues

b.darji
Level 1
Level 1

It seems that I am in a spot of bother with our mass deployment of Wi-Fi.

Essentially we have 30 1200 AP’s which are used to connect to Dell and HP PDA’s using LEAP.

You might find this peculiar:

I have a laptop with a Cisco 350 PCMCIA card which authenticates perfectly and holds the assigned static address [10.x.x.x]. I can also ping relevant gateways.

Using an IPAQ 5400 [older model] with the same IP address range and authentication technique I could ping all relevant gateways.

Here’s the issue:

I decided to try the IPAQ 5550 [due to 5400 EOL] and Dell Axim X3 [both new models]. The IPAQ will not authenticate even through installation of third party software [Odyssey LEAP client].

The same configuration was then entered onto the Dell: Static address, Leap client, etc. Although the ACS server showed as authenticated, the static address previously entered does not show. The device seems to revert back to 169.x.x.x. [not an address range within the organisation].

I have trouble shooted as much as possible but am of the opinion that this could be a bigger issue!

Any suggestions would be useful.

Thanks.

6 Replies 6

vmoopeung
Level 5
Level 5

The range of IP addresses (from 169.254.0.1 through 169.254.255.254) used for APIPA is reserved by the Internet Assigned Numbers Authority (IANA). Any IP addresses within this range are not used on the Internet. Unless the devices are CCX compliant OR are running a supplicant such as Funk or Meetinghouse which is CCX compliant, these devices will not be able to run LEAP. Try out first without LEAP , then debug the authenication like radius , AAA. if satisfactory test with LEAP.

I am aware of the reserved address range and had presumed CCX compliance. The issue is that implementation has occurred within a multi user environment including public domain, therefore, although successful, I do not want to pursue encryption techniques outside of LEAP.

pallette
Level 1
Level 1

You mention that your ACS server shows them connected...Have you tried looking at any debugs from the AP1200's. If you are running IOS, then some of these debugs might be helpful in determining the LEAP acknowledgments are succesfull or not

debug radius authentication

debug dot11 aaa dot1x all

The second debug will give a lot more detail, but may be able to break it down using only

debug dot11 aaa dot1x process

HTH

HTH,

I had previously tried this. Without naming names (!) the issue is down to hardware/ vendor compatibility with open standard LEAP using 3rd party software. In other words the IP address is not carried.

Do you have CMIC, CKIP, or broadcast key rotation enabled on the APs? If so, you might want to try disabling these for troubleshooting purposes.

Not applicable

I have run into similar problems with authentication. Our Odyssey Radius server requires Mac addresses to be inputed in lower case. Check that out.

Review Cisco Networking for a $25 gift card