Aironet CB21ag drivers and LEAP Auth failure

CSCsb80735 ?

Merv schrieb:

No, that's not the issue. I have WZC service disabled. The card does not lose connection, it

*never* passes authentication. There are no credential failures logged in RADIUS logs.

AIR1120B running 12.3(2)JA5 as WDS, CKIP cipher (doesn't matter) The APs are running 12.3(2)JA5 or (4)JA1 (doesn't matter)

It also doesn't if I use Funk Odyssee Server or the IOS embedded RADIUS.

The same setup works flawlessly with driver/supplicant v1.2, v2.0 and v2.1 and PCM352 cards with fw 5.41.

With v2.5 I can WPA authenticate using PEAP if I allow both CCKM and WPA on the ESSID.

I would open a case with the Ciso TAC.

I would open a case with the Ciso TAC.

Did you see this in the release notes for the 2.5 drivers:

Access Point Setting for LEAP or EAP-FAST Authentication

Access points must be set for both Network-EAP and open authentication in order to associate to CB21AG and PI21AG client adapters running LEAP with WPA/WPA2/CCKM or EAP-FAST

Merv schrieb:

this is mandatory for all CCX cards. Not specific to the CB21ag or any driver release.

! dot11 ssid a-wlan-network! ! -- for open auth -- authentication open mac-address mac_methods eap eap_methods ! -- for LEAP with Aironet cards -- authentication network-eap eap_methods mac-address mac_methods authentication key-management cckm infrastructure-ssid ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers ckip ! broadcast-key change 3600 ! ! ssid a-wlan-network! ! short-slot-time speed basic-1.0 basic-2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 power local cck 20 power local ofdm 20 power client 50 channel 2412 station-role root fallback shutdown antenna gain 0 world-mode dot11d country DE indoor no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled !