Hi there I was just playing around and tried to configure a WGB with EAP-TLS and CCKM. If I use the following configuration without CCKM, all works great:
dot11 ssid wgb-eap-tls authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa If I change it to CCKM, after the reauth timeout it re-connects the WGB and shows the message at the bottom: wlccp ap username d password 7 050F020B25 wlccp authentication-server infrastructure eap_methods wlccp authentication-server client any eap_methods ssid wgb-eap-tls wlccp wds priority 255 interface BVI1 dot11 ssid wgb-eap-tls authentication open eap eap_methods authentication network-eap eap_methods authentication key-management cckm Jan 5 17:33:10.971: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio0, Associated To AP root 003a.9927.57b0 [EAP-TLS CCKM] Jan 5 17:33:11.008: %DOT11-4-CCMP_REPLAY: AES-CCMP TSC replay was detected on a packet (TSC 0x2) received from 003a.9927.57b0. Jan 5 17:33:11.108: %DOT11-4-CCMP_REPLAY: AES-CCMP TSC replay was detected on a packet (TSC 0x2) received from 003a.9927.57b0. @Cisco it says: AES-CCMP TSC replay was indicated on a frame. A replay of the AES-CCMP TSC in a received packet almost indicates an active attack. I do not attack my own network ;-) Does anybody know what the problem could be? Regards Dominic
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
