12-12-2006 04:01 AM - edited 07-03-2021 01:21 PM
Hi,
I'm prett new to setting up Cisco WAP. I have tried to copy the config from a working one in another other and changed it to suit my own. I'm attaching a config. The problem is that the AP doesnt automatically get picked up by Wireless cards and when i manually set it up, i get authentication issues - DOG11-7-Auth_Failed from the station MAC-ADDRESS
Any idea? I am confused how the Vlan i have set it up on communicates. Please help?
Solved! Go to Solution.
12-14-2006 05:03 AM
heres a link. Haven't experienced this issue myself but APPEARS to be a possible misconfiguration on the client end.
12-13-2006 05:05 AM
Suggestion before i look at anymore of your config. Please sanitize all of your configs you post on the forums. You have a few passwords in there.
12-13-2006 05:12 AM
Just glancing over i dont see anything that sticks out, have you reference the associated log files on your radius/acs boxes for failed attempts? Also appears your authenicating via mac address so possibly the mac addy isnt present as an authorized device?
12-13-2006 05:19 AM
Thanks for the feedback.
I've been working on alot and built up the config again from scratch.
the problem is definatly around the authentication.
When I set it up as follows, I can't see the wireless netork:
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 key 1 size 128bit 7 3EF6C4C5A0DD03D60ACFBC40F93B transmit-key
encryption vlan 1 mode wep mandatory mic key-hash
!
encryption vlan 18 key 1 size 128bit 7 02DC3457EC1AAFC9DF2FAECDF0DF transmit-key
encryption vlan 18 mode wep mandatory mic key-hash
!
ssid EmP1R3D
vlan 18
authentication open mac-address mac_methods eap eap_methods
authentication network-eap eap_methods mac-address mac_methods
but if i put it in guest mode, then i can see the secured network but can't log on to it. When i try to connect it just times out trying. On the client, it doesn't seem to be able to exchange keys,etc. this is where I am in the dark and have difficulty figuring it out.
I've checked the ACS box and it shows on passed authentications that its fine. I just can't get up user authentication box at this point on the client.
12-13-2006 06:02 AM
I've also checked this on my ACS failed attempts now: I keep getting the following that points it could be related to PEAP
EAP-TLS or PEAP authentication failed during SSL handshake
where could this issue lie?
12-14-2006 05:03 AM
heres a link. Haven't experienced this issue myself but APPEARS to be a possible misconfiguration on the client end.
12-14-2006 08:32 AM
Excatly. I found this yesterday and it worked. The client didn't have the correct Certs so it couldn't authenticate. Cumbersome process but worked.
Thanks for your helpe Robert.
12-29-2020 11:24 PM
Hi,
In the following video step by step process has been shown How to Configure Cisco AIRONET 3602i Autonomous/Standalone Access Point using CLI with WPAv2 Authentication Key.
https://www.youtube.com/channel/UCmZZ2BNGXQH1HPS3uIVnr7A?sub_confirmation=1
https://www.youtube.com/watch?v=JkUfTXuwj2U
============ For 2.4 GHz Radio Interface ============
Step 1: Access Cisco AP|Reset AP| Assign static IP for BVI1 Interface |Default-gateway IP
ap>enable
Password: Cisco [Cisco AP default Password]
## Reset the Access Point with pressing and holding mode button ##
ap#configure terminal
ap(config)#interface bvI 1
ap(config-if)#ip address 192.168.2.4 255.255.255.0 [According to my network setup]
ap(config-if)#exit
ap(config)#ip default-gateway 192.168.2.1 [According to my network setup]
Step 2: Creating SSID | Authentication | Applying WPAv2 Authentication
ap(config)#dot11 ssid Cisco_WLAN [ Create SSID named Cisco_WLAN]
ap(config-ssid)#guest-mode [Broadcast SSID]
ap(config-ssid)#authentication open [allows any device to authenticate]
ap(config-ssid)#authentication key-management wpa version 2 [Applying WPAv2 Authentication]
ap(config-ssid)#wpa-psk ascii Cisco123 [Applying WPA Shared Key ]
ap(config-ssid)#exit
Step 3: Enable Encryption to 4.2GHz Radio interface | Apply SSID to interface| Enable Radio Interface
ap(config)#interface dot11Radio 0 [Selecting 4.2 GHz Radio interface]
ap(config-if)#encryption mode ciphers aes-ccm [Enabling CIPHER AES-CCM Encryption to interface]
ap(config-if)#ssid Cisco_WLAN [Applying SSID to Radio interface]
ap(config-if)#channel least-congested [Selecting Channel type]
ap(config-if)#no shutdown [Finally Enabling the 4.2 GHz Radio Interface]
ap(config-if)#exit
ap(config)#exit
================ For 5 GHz Radio Interface =======================
Step 2: Creating SSID | Authentication | Applying WPAv2 Authentication
ap(config)#dot11 ssid Cisco_WLAN 5GHz [ Create SSID named Cisco_WLAN 5GHz ]
ap(config-ssid)#guest-mode [Broadcast SSID]
ap(config-ssid)#authentication open [allows any device to authenticate]
ap(config-ssid)#authentication key-management wpa version 2 [Applying WPAv2 Authentication]
ap(config-ssid)#wpa-psk ascii Cisco123 [Applying WPA Shared Key ]
ap(config-ssid)#exit
Step 3: Enable Encryption to 5 GHz Radio interface | Apply SSID to interface| Enable Radio Interface
ap(config)#interface dot11Radio 1 [Selecting 5 GHz Radio interface]
ap(config-if)#encryption mode ciphers aes-ccm [Enabling CIPHER AES-CCM Encryption to interface]
ap(config-if)#ssid Cisco_WLAN 5GHz [Applying SSID to Radio interface]
ap(config-if)# channel 36 [Selecting Channel type]
ap(config-if)#no shutdown [Finally Enabling the 5 GHz Radio Interface]
ap(config-if)#exit
ap(config)#exit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide