On Fri, 2006-03-24 at 09:20 -0500, Earl Barfield wrote: > > Date: Thu, 23 Mar 2006 15:33:20 -0500 > > From: Keith Moores <[EMAIL PROTECTED]> > > Subject: Re: WIRELESS-LAN [Another RADIUS Question (802.1x)] > > > > We are running 12.3(4)JA... but we also run 12.2(15)XR2 on our older > > 350 APs, we haven't had a problem with Apple clients before. > > > > The problem we are having only occurs with the MacBook Pro's "AirPort > > Extreme" card (its probably an intel wireless chipset), not the > > original AirPort Extreme card (broadcom chipset) that the PowerPC > > Macs use. The problem only appears for networks using 802.1X WEP > > encryption, no encryption or WPA (802.1X TKIP) work fine for the > > MacBook Pro. > > > > Our APs encrypted VLAN accepts the following Authentication methods: > > -Open Authentication + EAP > > -Network EAP > > > This sounds suspiciously similar to our Apple problems with 12.3(4)JA. > I dug up the email from our Cisco engineer that put us on the right > path. I'd suggest that you try IOS 12.3(7)JA2 and see if the problem > persists. > > Email from Cisco (8-15-05): > > > I found that you have run into bug CSCei12722 in verion 12.3.4(JA) > > > > That bug has been resolved in version 12.3.7(JA). Please upgrade the > > IOS on the AP and you should be fine. Also, I have verified 3 other > > TAC SRs that have the exact same issue with the exact same wireless > > adapters. So my confidence level is high for this fix.
A bit more info on the MacBook issue. The chipset that is used in the MacBooks is an Atheros a/b/g chipset. The problem that you are seeing is that when using dynamic WEP, there is an error returned when the Mac OS X supplicant attempts to push the WEP key down to the card. You can verify this by turning on the debug mode for the supplicant in OS X and looking at the tail end of the output that is generated. (I think I have a copy of the relevant output if anyone wants to see it.) Interestingly enough, setting WEP keys when using WPA1 or WPA2 doesn't have a problem. Without having access to the API, I suspect this is because many operating systems have different API calls that are used to set WEP keys when dynamic WEP is in use, versus API calls that are used to set WEP keys when WPA is in use. This is usually due to some differences in the mechanics of WPA and WEP. (I can go in to more detail if anyone cares. ;) > > > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
