Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Wireless Networking > Wireless Internet > Wireless and VLANs - VLAN mapping causes authentication failure

Reply
Thread Tools Display Modes

Wireless and VLANs - VLAN mapping causes authentication failure

 
 
groupstudy2001@yahoo.co.uk
Guest
Posts: n/a

 
      07-20-2005, 08:49 PM

When I add a vlan mapping for a working SSID authentication then fails.
I've followed the notes in books and on Cisco's web site and cannot see
what is wrong with my config. Could it be that the client software
needs to recognise 802.1q wireless frames?

I have the essential config listed below along with the one statement
that is causing the problem - adding a vlan mapping to an otherwise
working SSID - in this case SSID test and vlan 15. Can anyone give me a
clue as to what is stopping this working??? The client uses LEAP if
that's any clue. TIA.

!
bridge irb
!
interface Dot11Radio0
!
encryption mode ciphers ckip
!
encryption vlan 15 key 1 size 128bit 7 <key1> transmit-key
encryption vlan 15 mode wep mandatory
!
encryption vlan 26 key 1 size 128bit 7 <key2> transmit-key
encryption vlan 26 mode wep mandatory
!
ssid primary-guest
vlan 26
authentication open eap eap_methods
authentication network-eap eap_methods
accounting acct_methods
guest-mode
!
ssid test

vlan 15 <-- adding this causes authentication to fail

authentication open eap eap_methods
authentication network-eap eap_methods
accounting acct_methods
!
speed basic-1.0 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role root fallback shutdown
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
!
interface FastEthernet0.15
encapsulation dot1Q 15 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.46.137.169 255.255.255.224
!
ip default-gateway 10.46.137.161
 
Reply With Quote
 
 
 
 
David Taylor
Guest
Posts: n/a

 
      07-21-2005, 01:05 PM
> clue as to what is stopping this working??? The client uses LEAP if
> that's any clue. TIA.

Well it's not an answer to the question but that's not a great
authentication method. Even Cisco admit that you'd be better off not
using it.

http://asleap.sourceforge.net/

http://www.cisco.com/en/US/products/..._bulletin09186
a00801cc901.html

http://www.lanarchitect.net/Articles/Wireless/LEAP/

http://searchnetworking.techtarget.c.../0,289142,sid7
_gci959510,00.html

Strong password policies and numpty users just don't mix.

David.
 
Reply With Quote
Reply

« WRT54G link WPC54G without WPA.....!!!!!! | Help-reset speed on WRT54G »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Routing and Remote Access - Authentication Failure George Valkov Windows Networking 26 05-30-2009 02:35 AM
VLAN - Security risk or not: 1 Port in 2 VLAN's arno Windows Networking 6 11-28-2006 10:57 PM
VPN Authentication & Mapping Issue JD Benton Windows Networking 7 12-01-2005 03:28 PM
Deploying Win2003 Internet Authentication Service (IAS) with VLans Gio Windows Networking 0 07-02-2005 08:17 PM
Base station log Authentication failure Chris Broadband Hardware 4 06-09-2004 10:33 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11