Cisco Wireless :: WET200 FreeRadius EAP-TLS Authentication?
Feb 29, 2012
I have a new WET200 wireless bridge and cannot authenticate to our WPA2 EAP-TLS freeradius server. Here are the steps that I have taken so far:
1. Renamed my pkcs12 client certificate to .pfx extension and imported it into the WET200.
2. Used the client certificate import password as the "Private Key Password"
3. Typed in the client "Login Name"
The freeradius server recognizes the WET200 with the entered credentials but will not authenticate. The freeradius debug log gives the following error:
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x3e833be03884222b... did not finish!
WARNING: !! Please read [URL]
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Normally, with other wireless devices the CA (ceritificate authority) certificate needs to be installed to the client as well as the pkcs12 client certificate? Is there a way to place a CA and client certificate into the WET200?What is the proper method to install certificates into the WET200 for FreeRadius EPA-TLS authentication?
View 1 Replies
ADVERTISEMENT
Mar 2, 2011
I have two 1310 bridges. one configured as root and the other as non-root. Authentication Settings: Open with EAP and Network EAP with no addition. Set up: when non-root bridge tries to associate with root bridge, root bridge checks with radius server if it's ok to associate with the non-root bridge.
I can see communication with the radius server (I'm using FreeRadius) and the radius server even sends a SUCCESS back to the root bridge. However I'm seeing this error on the non-root bridge: DOT1X_SHIM-3-PLUMB_KEY_ERR: Unable to plumb keys - Eap key struct is NULL and the bridges do not authenticate.
View 2 Replies
View Related
Mar 4, 2011
I've just purchased 2 WET200 wireless bridges for our organisation, with the intention of using them to create a wireless bridge between 2 buildings.I've followed this guide here: url...and I'm unable to configure any kind of security other than WEP. More disconcertingly, the foot of that guide states:WET200 only supports WEP for the Wireless Security."Surely this can't be the case? All the marketing blurb states clearly that the WET200 supports WPA2, and I would have thought WPA2 was a given for any wireless product sold today, especially a business grade product. Have I misunderstood what this device can do?
View 4 Replies
View Related
Nov 27, 2012
How do we setup ip pools in freeradius?
View 1 Replies
View Related
Jun 20, 2011
We are trying to configure our 2106 wireless lan controller to expire wireless users sessions so the user is not remembered indefinitely. We are using freeradius to validate the users login information and passing back a "session-timeout" avpair but the WLC seems to be ignoring this value.
How to configure the session expiration time of wireless users on a 2106?
View 2 Replies
View Related
Feb 29, 2012
I'm not sure if this is a recent issue for our setup, but I've only just noticed it. Although most authenticated users are shown by their correct user names (which are required for 802.1x authentication), a few users show up in the WCS reports as "anonymous", and one as "anonymous@myabc.com", which are not valid usernames on our network.
I can track these users by MAC via our network registration database, but have not yet figured what makes their systems unique. All three in yesterday's report are Win 7. I don't see anything strange in the RADIUS logs, but have not yet caputured "debug" traces of wireless authentication from an anonymous user.
We are running WCS 7.0.172.0 , with a pair of WLC 4402 controllers running 7.0.116.0 . Our WPA2 Enterprise auth uses TTLS/PAP, with the SecureW2 supplicant for Windows.
View 1 Replies
View Related
Jan 20, 2013
I'm looking to bring up a wireless bridge between 2 WET200.I've set in Wireless -> Basic Settings and Wireless -> Security the same parameters in both devices, but it fails.
View 13 Replies
View Related
Feb 9, 2011
after reading the many issues reported here about the WET200's WPA abilities (or lack thereof), I doubt that there will be an easy solution to the issue I'm having, but it's worth a try.The setup consists of a WET200 that should bridge two devices in a remote room to our main network. The AP is a WAP4410N, which works beautifully with all other connected devices. The WAP4410N is set up in 'WPA2-Personal Mixed' mode, and only b/g (as n was giving other, unrelated trouble). The WET200 sees the network just fine, is able to connect and receives an IP from the DHCP server. The devices behind the bridge also have connectivity - all well so far. However, at a certain point in time, which i _believe_ to coincide with the key renewal on the AP, the bridge loses the connection to the AP, even though it reports its WLAN status on the web interface (via LAN) as connected. The AP's log shows the following (MAC address is the WLAN interface on the WET200).
View 2 Replies
View Related
Feb 13, 2013
I just picked up a WET200... connect it wirelessly to a Verizon Mifi so wired devices can get access to the Internet.
I've had zero luck connecting the WET200 to a wireless network...I've tried two different ones and I've also tried changing from WPA to WPA2.
View 1 Replies
View Related
Feb 19, 2012
I just purchased a WET200 wireless bridge. After trying a very long password for an enterprise certificate the bridge restarted and I have not been able to contact the device with the default 192.168.1.226 ip address. I have tried performing a reset even by holding the reset button in for a minute. The bridge will not ping either. I do have a power light and the wireless light flashes and the Ethernet port lights function when plugged into my laptop.
View 3 Replies
View Related
Jun 30, 2010
We Have a WLC-4402 controller with LWAPPs and different VLANs and SSIDs. I've configured a Linksys WET200 to associate to one of the SSIDs.On the WLC I can see, that the WET200 is associated to one Wlan.Then I connect one computer with a static IP address and works fine.But when I connect a second one, everythiing goes down. It does not connect.I can only connect one computer to the WET200.Do I need other seetings on the WLC to allow pass traffic through the WET200?
View 4 Replies
View Related
Aug 8, 2012
I'm having a problem with a cisco bridge WET200 we have a medical equipment whit fixed IP and it has to connect to a wireless network ... and for that I set up the wireless network ... in this bridge but the equipment is not communicating with the gateway, with nothing!WLC always appears the following error:
WiSM-slot9-1) >debug client XX:XX:XX:XX:XX:XX
(WiSM-slot9-1) >*apfReceiveTask: May 23 12:03:27.953: XX:XX:XX:XX:XX:XX Deleting mobile on AP XX:XX:XX:XX:XX:XX(0)
*apfMsConnTask_0: May 23 12:04:11.109: XX:XX:XX:XX:XX:XX Adding mobile on LWAPP AP XX:XX:XX:XX:XX:XX(0)
*apfMsConnTask_0: May 23 12:04:11.109: XX:XX:XX:XX:XX:XX Association received from mobile on AP XX:XX:XX:XX:XX:XX
*apfMsConnTask_0: May 23 12:04:11.109: XX:XX:XX:XX:XX:XX 0.0.0.0 START (0) Changing ACL 'Guest' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_0: May 23 12:04:11.109: XX:XX:XX:XX:XX:XX Applying site-specific IPv6 override for station XX:XX:XX:XX:XX:XX - vapId 5, site 'default-group', interface
[code]....
i have test command config network ip-mac-binding disable but It does not connect....when I do the troubleshooting mac-client, the system always shows authentication error even though it is okay configured?
View 2 Replies
View Related
May 22, 2012
I'm having a problem with a cisco bridge WET200.we have a medical equipment whit fixed IP and it has to connect to a wireless network ... and for that I set up the wireless network ... in this bridge [code] but the equipment is not communicating with the gateway, with nothing!
when I do the troubleshooting mac-client, the system always shows authentication error even though it is okay configured
View 1 Replies
View Related
Nov 24, 2011
I've got a WET200 connecting to a wireless router (linksys WRT54G) setup thru the WET200 site survey.Does the WET200 need to have an ip with the same sub net as the network the WRT54G is connected to?I have a laptop hooked up the the WET200 with a static IP. I cannot ping IP's of the same sub net on the network the WRT54G is connected to nor see anything on the internet?
WET200 connected to wireless AP WRT54G (192.168.23.3)
WET200 IP address = 192.168.23.8
Laptop IP address = 192.168.23.218 (connected to port 1 of WET200)
I can configure the WET200 via the laptop, but not able to see anything across the bridge?
View 1 Replies
View Related
Jan 7, 2010
i am placing a formal request to Cisco and to the firmware development team to create a new-and-improved firmware release for the WET200 wireless Ethernet bridge, a product that is still being produced, shipped, and sold. I purchased the product about one-and-a-half years ago and have enjoyed its performance. There have been, however, some flaws with the device, namely the following:While configured to use WPA2-based security, DHCP-related traffic is not passed from a router/gateway's DHCP Server to connected devices on the WET200. Current firmware release notes indicate this was a known issue and was, supposedly, fixed; however, due to the level of problems customers are reporting, it appears this may have only been resolved, if at all, with security configurations of WPA, WEP, or OPEN. It has not been fixed for customers using WPA2-based security.When I originally purchased the WET200 and configured it to use WPA2-based security, while it, initially, did have a few problems connecting to my router/gateway, it, eventually, did connect and stayed connected for, approximately, one year. However, in September of 2009, it suddenly lost connectivity with my router/gateway and has not been able to establish a connection since, even after reinstalling the latest firmware revision and after several soft and hard resets of the device. I tested the WET200 with another router/gateway, only to experience the same issue. Other devices are connecting to my router/gateway, but, not the WET200. The last firmware update for the WET200 was dated back in July of 2008. Currently, it is January 2010 and since these issues have been known for quite some time, it is unacceptable that the firmware for this device has not been updated in such a long time, especially when there are known issues with the WET200's firmware. Such lack of support is forcing me and my clients to stop using these Cisco-based products and purchase competing hardware, something I would prefer not to do; however, without better support, I and my clients do not have a choice. Expecting me and my clients to use an inferior form of security on the WET200, such as WEP and/or WPA, until a firmware update is issued is unacceptable, especially when that update has not been released in over one-and-a-half years. Such lack of support is especially unforgettable when my clients and I are looking to purchase new networking equipment. In the past, I would not have hesitated to purchase a Cisco-based product; now, with this experience in mind, I am finding it very difficult to recommend to a client that he or she should invest their organization's finances into Cisco-branded equipment. Proper, professional, timely, support of your hardware is expected of your customers, especially if you wish them to remain loyal customers. I have noticed that other similar devices, albeit, higher-end devices, have had their firmware updated, more recently, compared to the WET200. I assumed this meant that the firmware development team was updating all firmware on such devices. So far, I have been disappointed in the lack of firmware updates for the WET200. While I understand the possible desire to update the higher-end products, first, as a professional whose job is to research, recommend, purchase, install,configure, secure, and maintain both the enterprise-level and small business-level devices, I highly encourage Cisco not to overlook their small business products when the firmware development team is updating firmware for any Cisco products. Deficiency in the support of one strata of Cisco-based products is reflective upon the support of any Cisco-based product and is not easily forgiven by Cisco customers, such as myself, when new and additional hardware needs to be purchased.
View 15 Replies
View Related
Sep 26, 2012
I have one WET200 Wireless Brigde, connected to internet router... I can't use the infraestructure mode to broadcast the ssid to wireless cliente like laptops,
Only can use the ad hoc mode, but the wireless clients dont reach the internet from adhoc connection trought WET200...The datasheet saids "client only" for WET200, what is the diference between client only and Access Point mode? ??
View 2 Replies
View Related
Sep 12, 2011
I'm looking to bring up a wireless bridge between 2 WET200.I've set in Wireless -> Basic Settings and Wireless -> Security the same parameters in both devices, but it fails. [code]
View 6 Replies
View Related
May 23, 2012
I have a Linksys WRVA4400N router in my home office that I access my internet with throughout my house. I also have a Linksys WET200 Bridge that I want to use but can’t get them configured together. The Tech support folks keep shifting me back and forth and I’m about the throw my hands in the air. I get to the Advance Configuration setup for the WET200 and when I place the configuration URL 192.168.1.226 I get nothing. I can get to my router adjustments just unsure how to get the WET200 setting entered.
View 1 Replies
View Related
Oct 8, 2012
I have two separate offices in the same building that I'm trying to connect. They are physically far apart so I cannot connect them wirelessly. I have had an ethernet cable run from the main office to the second office and physically connected it to a WET200. I can see the WET200 on my router in the main office. In the second office, I want clients to be able to come in and connect wirelessly to the WET200 which will then connect them to my router and internet connection. The WET200 is the correct device for this?
View 2 Replies
View Related
Jul 6, 2011
I am completely new to wireless networking and know next to nothing. I own an apartment on a complex abroad and they have recently had wireless internet installed. There are some areas of the complex where the signal is very poor.
I have some Cisco small business WET200 ethernet bridging units and was wondering if these would be suitable to boost the signal in these Black spots. How to set this up or any suitable products to over come this problem.
View 1 Replies
View Related
Mar 10, 2008
I decided to upgrade the firmware in my WET200 so downloaded the latest firmware v1.0.10-ESTI filename WET200-ETSI_v1.0.10_200802_fw.img.Update seemed to go well, and the message came up rebooting please wait.Waited about 5 minutes whilst the message stayed the same, decided to try and close my explorer window and connect again, nothing happened.Tried to reset the unit by holding in the reset butting again nothing seemed to happen. The unit had been set up with the ip 192.168.113.4 before the upgrade but this is now unreachable, also tried the default of 192. 168.1 .226. Anything I can do/try to restore my unit, or did the update brick it?
View 3 Replies
View Related
Apr 2, 2012
Just a basic question regarding MAC based authentication of AP with ACS. The scenario is - If I have a ACS installed and I want all my Cisco 3502 APs to be authenticated on MAC basis via ACS. I know that AP mac is used as a username and password at ACS so that whenever we plugin the new AP in the network, it gets authenticated via ACS first and if the AP is authorized to be used in network then only it gets the IP address from DHCP.
My question is - What will happen, if the AP is connected in local mode on a remote location and the WLC, ACS & DHCP are in Data center. The traffic coming from remote location will pass through the Remote-site router and during that pass, it will remove the source mac address of AP and put the router interface MAC address as source, so how will the ACS authenticate the AP in that case.
When working in a LAN I know its possible, but how will it work over the WAN.
View 9 Replies
View Related
Feb 25, 2013
I am in the process of migrating from ACS 4.1.1.23 to ACS 5.4.I have migrated our users and Network Device Groups and configured external Identity stores like AD and RSA.I want to authenticate our Wireless users with AD and VPN users through RSA.I am unable to create policies to get this UP and working.
View 9 Replies
View Related
Feb 9, 2013
There is a feature in WLC 7.3.0 like Configuring a Fallback Policy with MAC Filtering and Web Authentication .We have an option to configure mac filtering and we can create a policy that if mac filtering failes redirect it to web authentication
Here i am using mac filtering is only for my mac caching process. But when i tried this its not working.
My mac address is not there in the WLC, so it should prompt me the web authentication page.But its not happening. As long as my mac is not there in the table, i am not able to connect to the SSID.
So what is this feature (Configuring a Fallback Policy with MAC Filtering and Web Authentication) meant for ?
View 4 Replies
View Related
Jun 13, 2012
Error: AAA Authentication Failure for UserName:radiususername User Type: WLAN USER
I am using a window radius server. I have added my WLC 4402 as a radius client on my radius server.
I followed the instructions on the MS link : [URL]
I want to use my windows raduis authentication for WLC management login and Web-Auth for guest WLAN user login.
View 2 Replies
View Related
Sep 23, 2012
I have a small wireless network, which consists of three AP1121G with c1100-k9w7-mx.123-8.JEB1 ios and one 871w with c870-advipservicesk9-mz.124-24.T1. I've configured two different ssid's with individual authorisation types - ssid_1 with eap, ssid_2 with wpa. All three ap's works as it should be, but 871w authorises only eap connections, and all other types are rejected
View 3 Replies
View Related
Apr 4, 2013
I want to disable the MAC authentication that is configured in my Aironet 1200 Cisco Access Point, now set to "Local list only". I want that any wireless device can connect if the user knows the wep password.
I cannot find the option to disable the MAC authentication.
View 1 Replies
View Related
Dec 18, 2011
We are attempting to use LDAP for web authentication on a WLC 4402.
[URL]
You are able to connect to the SSID and it reidrects you to the login page as it should. When you enter your username and password you get a message that "the username and password combination you have entered is invalid." Based on the following log it looks like the LDAP bind is the issue.
*LDAP DB Task 1: Dec 19 11:19:26.584: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
We are able to test the following configuration with ldp.exe successfully,
Server: ***.***.***.***
Port Number: 389
Bind Username: CiscoBYOT
[Code].....
View 2 Replies
View Related
Feb 27, 2013
We're not getting the authentication webpage from the WLC, Normally the webpage would appear with a 1.1.1.1 url and you are presented with the username and password boxes. It authentics those, which are Active Directory credentials , and lets you in.Now we're not getting that page at all just the browser message about unable to display.I've phyically checked the WLC card in our 6500 and lights are green no alarms and I'm able to log on to the WLC as well.I was told someone had rebooted the controller to try to resolve the problem but its' still the same.Is it the case that the web page has just stopped and needs to be restarted some how?
View 3 Replies
View Related
Jul 24, 2012
I am designing wireless controller solution for one of our customer network with Cisco 5500 series controller, wireless client authentication part.
1. There are 25 departments around the campus, each will be given one or two access points.
2. One Cisco AIR-CT5508-50-K9 Controller shall be used.
3. Single SSID/ VLAN shall be used for entire campus.
4. Wireless Authentication credentials used by one department shouldn’t work for other department
View 7 Replies
View Related
Sep 9, 2012
How do we configure our controllers/radius-servers to use MAC-addresses instead of authenticate against a certain group in the AD? We would, if possible, like to combine these two ways of authentication in on SSID.We're running 7.0.116.0 on our controllers (5500-series) and our radius-servers are one W2k8 and one W2k3.
View 10 Replies
View Related
Apr 4, 2013
We have a WLC 2504, since a few months, it was working fine, we have a guest Wlan configure with web authentication and the DHCP scope for this in the WLC. The problem today is that its no redirecting the web browser to 1.1.1.1, we try it with 3 laptops and they recieve a correct IP from the DHCP but still can not get redirect to the web authentication portal. Have the default configuration Internal (Default).
In laptops we check the firewall, dont have a proxy activate and have google DNS.. 4.2.2.2 8.8.8.8. In fact this laptops connected to this ssid before.
View 1 Replies
View Related
Sep 8, 2011
how can i remove webauth files from WLC?I have few versions of login.tar file used for web-authentication. After uploading a new login.tar file, the wlc still show old webauth bundle files. I tried to remove customized webauth login from wireless LAN, issue clear webauth-bundle and show>custom-web webauth-bundle WebAuth Bundle does not contain any files but when i upload new login.tar that does not include files from previous login.tar, i still get the old webauth. Is it possible to delete extracted webauth files from the controller using CLI?
WLC is running 7.0.116.0 code.
View 8 Replies
View Related
