Re: WPA VLAN

tcggg0 · ‎02-07-2005

We have a campus environment with 21 AIR-AP1231G-A-K9 access points. Each AP is configured for 4 VLAN’s and the firmware is

12.2(15)XR2. We are also using one of these AP’s for WDS and we have an ACS authentication server. Currently the VLAN’s are

setup as follows:

VLAN 29 is using 128 bit WEP

VLAN 84 is using LEAP/PEAP 802.1x encryption and is the native VLAN

VLAN 85 is using WPA with TKIP (this is the one I am having problems with)

VLAN 86 is using 128 bit WEP

I cannot get a client connection for the WPA VLAN above. Client says “association processing” and never does connect. Does

the WPA VLAN need to be the native VLAN or is WDS causing an issue? I am attaching the config.

We are using both the HP WLAN 802.11 a/b/g W500 card and a 350 card with ACU version 6.4.

We see the client associate to the AP but no IP ADDR.

I have added an attachment.

owillins · ‎02-11-2005

When you configure TKIP-only cipher encryption (not TKIP + WEP 128 or TKIP + WEP 40) on any radio interface or VLAN, every SSID on that radio or VLAN must be set to use WPA or CCKM key management. If you configure TKIP on a radio or VLAN but you do not configure keymanagement on the SSIDs, client authentication fails on the SSIDs.The following link has more information on this.

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/i12215ja/i12215sc/s15wep.pdf

tcggg0 · ‎02-11-2005

Thanks for the reply but your statement " When you configure TKIP-only cipher encryption (not TKIP + WEP 128 or TKIP + WEP 40) on any radio interface or VLAN, every SSID on that radio or VLAN must be set to use WPA or CCKM key management ". is not true. The problem we were having was that the WDS AP on our WLAN was not setup to "apply to all SSID's". Once we applied this parameter, all VLAN's were functional including the WPA/TKIP VLAN. This is the only VLAN using TKIP so I don't know where you got your info. Thanks for the link