I have Cisco access points with just G radios running the following version Cisco IOS Software, C1200 Software (C1200-K9W7-M), Version
12.3(8)JEB1,I have laptops running XP sp2 with all the patches that I could find
I?m using the Intel 3945abg wireless Adapters and the Proset/wireless manager with the admin tool kit
I have 2 Cisco access points setup for primary and secondary WDS
I have a SSID setup to do WPA2-PEAP
I authenticate again Microsoft IAS and AD
In general it works except for the following
I will be doing machine authentication against IAS/AD when they boot up and before the windows login prompt, which will be just like if they are wired into our network. This way, group policy?s, at machine level will get applied, network scans and etc can take place.
It works great if a device has never been connected to the network or the time out flushes the cache authenticated/credentials from the WDS access point. Or if you reapply the Intel Proset/wireless profile before a reboot.
Otherwise if on the network and do a reboot and let it sit at the (wait until credentials are flushed) windows login prompt and wait until you can ping the device (ping device ?t), the following is what you get on the access point log. Windows does not support EAPOL-Stop or PEAP-Stop because of denial of service attacks, which would solve this problem if windows would issue these commands during a reboot.
The following is the logs from cisco access point if I just wait for the flush timer
Dec 12 08:20:02.429 CST: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0016.6fca.fb69 Reason: Sending station has left the BSS
Dec 12 08:20:33.979 CST: %DOT11-7-AUTH_FAILED: Station 0016.6fca.fb69 Authentication failed Dec 12 08:21:04.012 CST: %DOT11-7-AUTH_FAILED: Station 0016.6fca.fb69 Authentication failed Dec 12 08:22:07.040 CST: %DOT11-7-AUTH_FAILED: Station 0016.6fca.fb69 Authentication failed Dec 12 08:22:37.087 CST: %DOT11-7-AUTH_FAILED: Station 0016.6fca.fb69 Authentication failed Dec 12 08:23:07.184 CST: %DOT11-7-AUTH_FAILED: Station 0016.6fca.fb69 Authentication failed Dec 12 08:24:11.275 CST: %DOT11-6-ASSOC: Interface Dot11Radio0, Station MACCESS14 0016.6fca.fb69 Associated KEY_MGMT[WPAv2]
-) Is there a reg key for Intel or Microsoft that will help in this issue?
-) Is it a configuration problem?
-) is there even a way to fix this issue
------------------------------------------------------------------------ View this thread: