You've listed several different requirements, which may or may not work with what you are wanting to do:
1. The 1121 as a repeater 2. Authenticating the repeater to the 1142 3. Authenticating client traffic to the same SSID as the repeater is authenticating to 4. Authenticating clients to Active Directory As I said previously, you should first remove the security if possible to verify that the repeater function is working. If you can't use open authentication to start, because clients are using the 1142, that will complicate things. I would also remove the MAC list. Also, only list the Dot11Radio 0 mac address of the 1142 as a parent. The 1121 won't be able to connect to a 5GHz radio, and the BVI is never the parent. What type of EAP are you using for authentication? Keep in mind that the 1121 will ONLY allow you to use LEAP, EAP-FAST, or EAP-TLS if it is the client (which is what it is when it is a repeater). You mention Active Directory. What RADIUS server are you using? You can't authenticate directly from the APs to AD - you must use RADIUS. If you are using Microsoft's IAS or NPS, you would only be able to use EAP-TLS for the 1121, as those RADIUS servers don't support LEAP or EAP-FAST. And, have fun getting EAP-TLs to work... So, in short, what you are trying to do may not be possible with your current equipment. Jason Boyers, CCIE #26024 (Wireless) Blog: netboyers.wordpress.com On Tue, Nov 20, 2012 at 1:36 AM, Kumar Gollapudi <[email protected]>wrote: > Hi Jason, > > There is no WDS or Wireless Bridge Group in our WLAN. Could you help with > some config examples to configure on repeater & standalone root station. > > The motive is to provide seamless accessibility, the Standalone Repeater > Station (1121) should associate with Root Station (1142) and all the mobile > user's association (MAC-Filtering & AD based Authentication) should be > happen it from the database/list of the 1142. > > Thanks > Kumar G > > > On Mon, Nov 19, 2012 at 11:55 PM, Jason Boyers <[email protected]> wrote: > >> First - does the 1121 connect and repeat traffic properly without >> security enabled? Please verify that first. For the 1121 client config, >> what form of authentication are you using - LEAP, EAP-FAST, or EAP-TLS? >> Those are the only three types that the APs can use as clients. Also, are >> you using WDS? >> >> >> Jason Boyers, CCIE #26024 (Wireless) >> Blog: netboyers.wordpress.com >> >> >> On Mon, Nov 19, 2012 at 12:19 PM, Kumar Gollapudi >> <[email protected]>wrote: >> >>> Hi Jason, >>> >>> Sorry, I didn't configured any extra config on 1121 to authenticate with >>> 1142.*(Also, your configuration doesn't show how the 1121 is actually >>> sending credentials to the 1142)*. >>> >>> Could you help me with the config what to be configured to authencticate >>> with Root device. >>> >>> Thanks >>> Kumar G >>> >>> >>> On Mon, Nov 19, 2012 at 10:35 PM, Jason Boyers <[email protected]>wrote: >>> >>>> The parent should never be a BVI - only radios can be parents. Also, >>>> have you tried to associate without using encryption and without the >>>> mac-list on the 1142? That is always the first step - get the association >>>> to work, then add security to that. Otherwise, you run into the issue of >>>> not knowing what is causing the problem - the wireless component or the >>>> security component. Also, your configuration doesn't show how the 1121 is >>>> actually sending credentials to the 1142. That needs to be configured, and >>>> the configuration will depend on the EAP type used. >>>> >>>> Jason Boyers, CCIE #26024 (Wireless) >>>> Blog: netboyers.wordpress.com >>>> >>>> >>>> On Mon, Nov 19, 2012 at 9:19 AM, Kumar Gollapudi >>>> <[email protected]>wrote: >>>> >>>>> Hi, >>>>> >>>>> There is a challenge in configuring Cisco Access Point 1121 into >>>>> Repeater Mode with Root Station AP 1142. The Root station has two Radio's >>>>> 0 >>>>> & 1 (2.4 Ghz & 5.Ghz). We configurfed to associate the Cisco AP 1121 on >>>>> both Radio Stations & BVI1. But its trying to assoicate with 1142 with lot >>>>> of error's. >>>>> >>>>> '%DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Not >>>>> specified parent >>>>> >>>>> %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: No >>>>> Response >>>>> >>>>> %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Rcvd >>>>> response from >>>>> >>>>> Actually the Root Stations has been configured with MAC & AD based >>>>> authenticatoin to associate the client devices(laptops). Looking for your >>>>> valuable suggestions on the issue. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *On Root Station: (Standalone Cisco 1142 Access Point)* >>>>> >>>>> >>>>> >>>>> dot11 ssid AC-CORP-WIFI-IND >>>>> >>>>> authentication open eap eap_methods1 >>>>> >>>>> authentication network-eap eap_methods1 >>>>> >>>>> authentication key-management wpa >>>>> >>>>> >>>>> >>>>> interface Dot11Radio0 >>>>> >>>>> no ip address >>>>> >>>>> no ip route-cache >>>>> >>>>> ! >>>>> >>>>> encryption mode ciphers aes-ccm >>>>> >>>>> ! >>>>> >>>>> ssid XXXXXXX >>>>> >>>>> ! >>>>> >>>>> speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 >>>>> >>>>> station-role root >>>>> >>>>> dot1x reauth-period 3 >>>>> >>>>> bridge-group 1 >>>>> >>>>> bridge-group 1 subscriber-loop-control >>>>> >>>>> bridge-group 1 block-unknown-source >>>>> >>>>> no bridge-group 1 source-learning >>>>> >>>>> no bridge-group 1 unicast-flooding >>>>> >>>>> bridge-group 1 spanning-disabled >>>>> >>>>> >>>>> >>>>> dot11 association mac-list xxxx >>>>> >>>>> ip radius source-interface BVI1 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *On Repeater Device: (Cisco Access 1121) >>>>> * >>>>> >>>>> >>>>> >>>>> dot11 ssid XXXXXXXXXX >>>>> >>>>> authentication open eap eap_methods1 >>>>> >>>>> authentication network-eap eap_methods1 >>>>> >>>>> authentication key-management wpa >>>>> >>>>> infrastructure-ssid optional >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> interface Dot11Radio0 >>>>> >>>>> no ip address >>>>> >>>>> no ip route-cache >>>>> >>>>> ! >>>>> >>>>> encryption mode ciphers aes-ccm >>>>> >>>>> ! >>>>> >>>>> ssid AC-CORP-WIFI-IND >>>>> >>>>> ! >>>>> >>>>> speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 >>>>> >>>>> station-role repeater >>>>> >>>>> dot1x reauth-period 3 >>>>> >>>>> parent 1 xxxx.xxxx.xxxx (BVI1) >>>>> >>>>> parent 2 xxxx.xxxx.xxxx (Dot11Radio0) >>>>> >>>>> parent 3 xxxx.xxxx.xxxx (Dot11Radio1) >>>>> >>>>> bridge-group 1 >>>>> >>>>> bridge-group 1 subscriber-loop-control >>>>> >>>>> bridge-group 1 block-unknown-source >>>>> >>>>> no bridge-group 1 source-learning >>>>> >>>>> no bridge-group 1 unicast-flooding >>>>> >>>>> bridge-group 1 spanning-disabled >>>>> Thanks >>>>> Kumar G >>>>> >>>>> >>>>> _______________________________________________ >>>>> For more information regarding industry leading CCIE Lab training, >>>>> please visit www.ipexpert.com >>>>> >>>>> Are you a CCNP or CCIE and looking for a job? Check out >>>>> www.PlatinumPlacement.com >>>>> >>>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
