cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2641
Views
0
Helpful
6
Replies

Workgroup Bridge only probing.

bouvot_julien
Level 1
Level 1

Hi,

It's my first post so I hope I won't forget important details

I try to configure a WorkGroupBridge AP (Cisco 1240) with a LW-AP connected to a WL Controller 4400.

My situation looks like to this one : http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080905cea.shtml

The only thing I have to modify is the authentication encryption.

untitled.PNG

Below, the WLAN parameters.

Unfortunately and despite of many docs I've found on Cisco website, I don't understand the authentication error I have between WGB and AP.

A debugging on WLC give an infinite result of this error :

*Dec 13 13:24:08.798: 58:8d:09:8e:28:dc Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds

*Dec 13 13:24:08.851: 58:8d:09:8e:28:dc Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds

[...]

On the controller, the AP State is on "Probing" status.

untitled3.PNG

On the WGB I just have this error :

untitled2.PNG

%DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: WPAIE Invalid unicast suite count: 2

Can you help me to resolve this problem?

So, this is the conf I have configured :

____________________________________________________________________________________________________

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

enable secret 5 <Password>

!

clock timezone GMT+1 1

ip subnet-zero

!

!

no aaa new-model

!

dot11 ssid <Wifi SSID>

   authentication open eap eap_methods

   authentication network-eap eap_methods

   authentication key-management wpa

   authentication client username <username> password 7 <encrypted password>

   infrastructure-ssid

!

dot11 network-map

power inline negotiation prestandard source

!

!

username Cisco password 7 <Encrypted Password>

username cat-tacacs privilege 15 password 7 <Encrypted Password>

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

ssid <Wifi SSID>

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role workgroup-bridge

rts threshold 2312

mobile station period 20 threshold 70

beacon period 50

infrastructure-client

bridge-group 1

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

no dfs band block

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

ip address dhcp

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

!

!

control-plane

!

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

login local

!

sntp server <SNTP Server address>

end

__________________________________________________________________________________________________

Looking forward to hearing from you,

J.B

6 Replies 6

George Stefanick
VIP Alumni
VIP Alumni

on your wlc under your WLAN do you have aironet extensions check boxed ?

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George Stefanick
VIP Alumni
VIP Alumni

What security are you using on your wlc ?

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Yes, "Aironet extensions" are checked

What Security? A Radius accounting with TACACS+ for local logging.

I see on the bridge you have WPA / TKIP and on your controller you have WPA/WPA2 and AES and TKIP.

hav you tried just allowing WPA / TKIP on your WLC.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Yes, I tried... No changes.

My advice at this point since its still just in probe state.. Rip the wgb back to basic meaning no security and then start to apply pieces of your Config and test as you go along.

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Review Cisco Networking for a $25 gift card