Help with Cisco 1121g

Hello Everyone,

I am experiencing a problem with a Cisco 1121g wireless access point. We have configured the access point to use a static ip, with RADIUS auth to auth with our RADIUS server. This configuration went smoothly. When we try to connect to the wap to get an ip via dhcp, we are unable to get an ip. Is there some sort of dhcp relay agent that needs to be used, or how does one configure an ap to have a static address, and to forward dhcp requests to our server. Please note that the ap and dhcp server reside on the same subnet. Also, using the ap as a mini dhcp server is not an option; all requests must be handled by the existing dhcp. Thank you for your time and support.

Find more posts tagged with

Comments

JDMurray

Well, there are a few things to check:

1. Is the wireless client configured with the same SSID as the WAP?

2. Is the wireless client authenticating with the WAP? The client must authenticate with the WAP before its traffic will be passed to the wired network. You should see the client listed in the WAP's SSID table. Open authentication (i.e., no WAP authentication) is normally what's used.

3. Is any other client-specific security mechanism being used that is not configured to recognize the client? For example, is MAC filtering enabled but the client is not listed in the list of allowed MAC addresses?

4. If used, is the correct VLAN ID for the WAP set?

5. Is the WAP configured to use with EAP-RADIUS authentication for its clients?

6. Can you ping the WAP from the wired network?

7. Using a protocol analyzer, can you see the client's DHCP Request message appearing on the wired network?

ransmith

Thanks JD for responding,

I have checked the settings, reduced the system down, and got it to authenticate and receive an ip without encryption enabled, however, when I go to use AES CCMP on the wap, I am not able to get an ip from the dhcp. I am able to associate with the wap, as I can see my mac listed on the web interface when I try to connect. The other thing worth mentioning is that I am only able to enable AES (not AES CCMP) using wpa in the windows wireless networks settings, when I go into the properties of the preferred network. Is there a difference between just straight AES and AES CCMP? Will that cause me not to connect to the dhcp or authenticate with the RADIUS server? Thank you again for you time and help, I greatly appreciate it.

Best Regards,

Randall Smith

JDMurray

Check with the Cisco product page for the 1121g to see if it supports AES-CCMP. I see AES supported in the original product specs, but not AES-CCMP. Maybe it's available with the latest firmware upgrade. Also make sure that the wireless NIC in your client system supports WPA2.

The use of AES-CCMP is one of the significant differences between WPA and WPA2 . Not all WPA-compatible equipment is firmware-upgradeable to full WPA2 specs. The 1121g is an older unit, and I don't know if it fully supports WPA2 (802.11i) or not (I suspect that it does). The wireless clients must also fully support WPA2 (802.11i).

darkuser

there is a hotfix in windows for 802.11i.

if you only have wpa availible then it's prestandard tkip.

you have to select wpa2 to use aes ccmp.

http://www.microsoft.com/downloads/details.aspx?FamilyID=662BB74D-E7C1-48D6-95EE-1459234F4483&displaylang=en&Hash=NKWJBG4

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml

JDMurray

darkuser wrote:

there is a hotfix in windows for 802.11i.

Yes, but the driver/firmware for the wireless NIC must also support 802.11i (WPA2) too.

darkuser

jdmurray wrote:

darkuser wrote:

there is a hotfix in windows for 802.11i.

Yes, but the driver/firmware for the wireless NIC must also support 802.11i (WPA2) too.

\

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml#supp

this page quotes the requirement and im assuming based on this thread that he's using a compatable card and has loaded the most recent firmware.

you can use dell software or cisco software.
i've also used windows only with this patch.