Hi guys. I would share with you this issue.
Big surprise doing the exercise 3.10 of WB1. Because I actually don´t have any ACS I decided to use local authetication in AAP1 and because the exercise talks about "Ensure that leap is not used" I added the following line to match the requirements: AAP1(config)#radius-server local AAP1(config-radsrv)#authe AAP1(config-radsrv)#no authentication leap I finished to configure all the scenario but bridges can not link, Probably I forgot anything but the configurations seems right (strange!!!!). I see the logs on AAP1 and AAP2 AAP1: *Mar 1 00:33:21.591: %DOT11-7-AUTH_FAILED: Station 0023.ac5b.e710 Authentication failed AAP2: *Mar 1 00:33:59.365: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down *Mar 1 00:34:07.345: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: No Response *Mar 1 00:34:47.345: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Rcvd response from 0023.5d0e.3c10 channel 1 2643 *Mar 1 00:34:58.792: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset These logs normaly informs that your credentials are wrong; I review the credentials but are ok O_o AAP1#debug radius local-server error Radius server error debugging is on AAP1#ter mon AAP1# *Mar 1 00:05:32.247: RADSRV: LEAP authentication is not enabled !! *Mar 1 00:05:35.734: RADSRV: LEAP authentication is not enabled !! *Mar 1 00:05:35.736: %DOT11-7-AUTH_FAILED: Station 0023.ac5b.e710 Authentication failed *Mar 1 00:05:52.249: RADSRV: LEAP authentication is not enabled !! *Mar 1 00:05:52.250: %DOT11-7-AUTH_FAILED: Station 0023.ac5b.e710 Authentication failed Now, I delete the line and... AAP1#conf t Enter configuration commands, one per line. End with CNTL/Z. AAP1(config)#radius-server local AAP1(config-radsrv)#authentication leap AAP1(config-radsrv)# AAP1# AAP1# AAP1# AAP1# AAP1# AAP1# *Mar 1 00:06:59.860: %SYS-5-CONFIG_I: Configured from console by Cisco on vty0 (10.10.210.7) *Mar 1 00:07:00.808: RADSRV: EAP NAK received - starting EAP-FAST *Mar 1 00:07:00.842: %DOT11-6-ASSOC: Interface Dot11Radio0, Station LWAP1 0023.ac5b.e710 Associated KEY_MGMT[WPAv2] AAP2: AAP2# AAP2# *Mar 1 00:06:26.701: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Rcvd response from 0023.5d0e.3c10 channel 6 2654 *Mar 1 00:06:27.059: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio0, Associated To AP AAP1 0023.5d0e.3c10 [EAP-FAST WPAv2] *Mar 1 00:06:27.060: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up *Mar 1 00:06:28.060: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up Wow!!!, I didn´t know using the local radius of an AP and using EAP-FAST I must permit EAP-FAST and LEAP authentication to work. It is probably you would know this issue, but I didn´t have any idea. Best Regards.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
