11-27-2008 06:13 AM - edited 07-03-2021 04:49 PM
Hi,
I am installing a WLC and LWAPPs to replace heavyweight Cisco 1121 AP's. I have deployed the WLC and LWAPP's in the same subnet as the Original 1121's. I have replicated the 1121 settings on the controller.
The scanners associate with the SSID and pass authentication on the ACS server. However the linktest fails from the WLC the scanners can't ping theit servers either. However the WLC can ping the scanner's server.
It works fine when I bring the scanners back to a location with the heavyweight 1121's.
Solved! Go to Solution.
12-01-2008 12:40 PM
Just out of curiousity, are you using Symbol / Motorola scanners? There was an EAP setting on the WLC that needed to be set in order to get my handhelds to play nice with 802.1X. Check to see if this setting is in place on the WLC...
key index = 3, not 0
To check, run this...
show advanced eap
Check the key index value. If it is zero, please try setting it to three.
config advanced eap key-index 3
Also, if this is indeed Motorola equipment, I recommend that you have the latest OS update (wireless Fusion drivers) installed...
11-27-2008 06:22 AM
The first step I usually take when trying to troubleshoot connectivity for nontraditional clients is to associate my laptop to the same SSID and see if I can replicate the problem- if I can, then figuring it is usually a lot easier from my laptop.
The first obvious questions to ask in this scenario are, do your clients get DHCP addresses, and can they ping their gateway?
11-27-2008 07:01 AM
Hi,
So the scanners are statically addressed and cant even ping their default gateway. (Remeber they can if I bring them to an area where the old 1121's are) The Layer 3 interface-default gateway is on a PIX.
The scanners use a "wavelink" application to and communicate with an "avalanche" server The current setup uses 802.1x with WEP encryption.
The scanner has a configuration simular to this ... http://ja.pastebin.ca/raw/34326.
How could I test it on my laptop ?
11-28-2008 04:01 AM
So I tested this on my laptop and it works fine.
What I did was I created a second SSID (on the same VLAN as the Scanners) but this time used just a WPA key to authenticate.
The only difference between the 2 SSID's is the SSID for the scanners uses 802.1x with WEP encryption and the SSID for the laptop uses a WPA key.
When I check the Controller I can see the scanner associated and authenticated and when i check the ACS I can see the scanner has passed authentication. Yet the scanner cant ping anything.
On the heavyweight AP's on the same VLAN the scanner works fine ???
I am confused.
12-01-2008 12:40 PM
Just out of curiousity, are you using Symbol / Motorola scanners? There was an EAP setting on the WLC that needed to be set in order to get my handhelds to play nice with 802.1X. Check to see if this setting is in place on the WLC...
key index = 3, not 0
To check, run this...
show advanced eap
Check the key index value. If it is zero, please try setting it to three.
config advanced eap key-index 3
Also, if this is indeed Motorola equipment, I recommend that you have the latest OS update (wireless Fusion drivers) installed...
12-03-2008 07:02 AM
Good tip. Will standard Windows still connect using the modified key index value?
12-04-2008 08:01 AM
Hi I just wanted to note on the other question that was asked. Yes, with the eap index set to 3, you can still have phones, laptops, scanners, etc. connect without problems. I have multiple site locations with this config (key-index 3) and they run without any authentication issues...
12-02-2008 07:10 PM
The same thing fixed my Symbol handhelds, I could assoicate but not ping anything.
config advanced eap key-index 3
12-19-2008 06:01 AM
Worked like a charm.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide