Chris Hart wrote:
WLSM to pass 802.1x PEAP/MSCHAPv2 Authentication to the Radius server
for client authentication
along with WDS and management - From what I have read this is LEAP.
Gotcha..
We don't have the WLSM, so I'm not sure how well our architecture maps
to yours, but what we do:
We have our AP management interfaces on several RFC-1918 networks. On
each /24, we have one AP configured to be the WDS master and one as a
slave/backup.
We run a radius server on the master and slave APs solely for
authenticating the WDS domain, since we were never able to get the LEAP
stuff sorted out. All of our participating APs in the WDS then
authenticate to the local WDS masters.
What version of IOS do you have on the APs? There's a problem with UDP
and WDS with 12.3(4)JA
We are at 12.3(4). I will have to look into this bug.
Basically, it interferes with UDP traffic headed out via the default
route, which includes the WDS traffic to the WLSE.
I should have been more specific above.. we use LEAP and the radius server
on the master AP to do our AP-AP and AP-WLSE authentication. We use OSC's
RADIATOR to do our 802.1x EAP-TTLS authentication. We aren't using the
AP's radius server to do user authentication.
-JEff
I upgraded the code on a few AP's and they now connect to the WLSM/
WDS. My only issue currently is the WLSE does not seem to be able to
authenticate with the WLSM/WDS. I can see the Auth ok message on the
FreeRadius server.
Thanks again for pointing out the bug.
Chris Hart
(847) 467-7747
IT-TNS
Northwestern University, Evanston
[EMAIL PROTECTED]
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
