Hi all - I'm going back through WB1 and have hit an interesting issue with lab 3.12. It's a basic WGB lab with the requirement to "ensure only Cisco clients can associate" - which leads to CCKM. I configure the SSID as follows -
dot11 ssid WGB-01 vlan 11 authentication open eap eap_methods authentication key-management wpa version 2 cckm With this configuration, I can't even get the WGB to associate. But simply remove "cckm" from the authentication key and everything immediately begins working. Something I'm missing? If CCKM can't be used, how else would you only allow Cisco clients? Here's an example of what I see on the root. (Set auth to WPA2 only - Working) AAP1(config)#dot11 ss WGB-01 AAP1(config-ssid)#auth k w v 2 AAP1(config-ssid)# AAP1#sh dot11 ass 802.11 Client Stations on Dot11Radio0: SSID [WGB-01] : MAC Address IP address Device Name Parent State 0024.c4a1.e852 10.10.110.101 WGB AAP2 self EAP-Assoc 2477.033d.da08 0.0.0.0 ccx-client AAP1 self AAA_Auth (Set auth to WPA2/CCKM – AAP2 drops and won't associate) AAP1(config)#dot11 ss WGB-01 AAP1(config-ssid)#auth k w v 2 c AAP1#sh dot11 ass AAP1# Thanks - Jay Killion, CCIE #17873
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
