1. Home
  2. Cisco Systems
  3. Cisco 350AP and 802.1x EAP

Cisco 350AP and 802.1x EAP

We are currently using stack WEP, and I would like to start using

802.1x with dynamic rotating WEP keys. We are out of maintenance, and we are running 12.02T1 of the VxWorks based OS.

I am having trouble getting this to work. I know my Radius server and supplicants are good, because we use the same supplicants and Radius server for our newer wireless system without any problems. I am trying to figure out the right set of configuration options, and I can not get pass the following warning message when a client tries to associate: Station xx:xx:xx:xx:xx Failed Authentication, status "Unsupported Authentication Algorithm".

If someone could please guide me in the right direction, I would really appreciate it. Thx.

-mike

Reply to
mike
Loading thread data ...

mike schrieb:

First I would suggest upgrading to 12.04 or 12.05 of VxWorks Firmware.

Try "require EAP" under the "open Authentication" in addition to "Network-EAP".

Network EAP is only for LEAP with Cisco client adapters. Many third party adapter do "open authentication with EAP".

Reply to
Uli Link

mike schrieb:

First I would suggest upgrading to 12.04 or 12.05 of VxWorks Firmware.

Try "require EAP" under the "open Authentication" in addition to "Network-EAP".

Network EAP is only for LEAP with Cisco client adapters. Many third party adapter do "open authentication with EAP".

Reply to
Uli Link

The APs are no longer under mainteance, so I can not upgrade.

'Accept Authentication type:' and 'Require EAP:' are both set to open. I have set the broadcast keys to rotate every 30 minutes.

Do I put anything in the key field for WEP key 1 or do I leave it blank?

I am getting closer. I know get messages on the main page that: Station=xx:xx:xx:xx:xx user="domain\\userid" Failed EAP-Authentication

My Radius server is reporting an incorrect login fro the userid.

I can use this very same laptop and userid to authenticate to our current wireless system, so I am suspecting it is something still with the 350 configuration. Any ideas?

-mike

Reply to
mike

mike schrieb:

The final VxWorks firmware was released as a free download in Oct 2004. There is an IOS Conversion Image for the AIR350 APs.

When broadcast key rotation is enabled, you'll don't need to set any WEP key manually- but set encryption to required.

What EAP type, what supplicant, what WLAN card?

Reply to
Uli Link

I upgraded the AP to 12.05 this afternoon. Thanks for the information on that.

A WEP key was previous entered in the field. The field is blank for key 1, and I am not sure how I can zero it out or reset it.

We are using EAP-PEAP and I am using the Windows XP SP2 supplicant. My WLAN card is a Dell Trumobile 1300. I am running the most current Truemobile driver from Dell's website.

You have been very helpful. Thx.

Reply to
mike

End game. Thanks for everyone's help. This is now working. I was running into a bizarre issue with our Nortel load balancer that was performing a round-robin load balance metric between the load balanced radius servers. This was breaking the authentication. I changed the metric on the load balancer to host affinity and everything is working like a champ.

-mike

Reply to
mike

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.