Chris, We had the same issue you are talking about here at UofR. After hours of trying to figure it out, we decided to use the WLSM as a local radius server for the WLSE and all of our APs. This has been working for us and it keeps our infrastructure authentications separate from our client authentications. They are all going, through the WLSM to the Radius Server.
Another note regarding 12.3(4), and WLSM version 1.3.1. When the clients associate with the AP, and received an IP address from DHCP, it was not recognized by the WLSM and showed up as 0.0.0.0 ip on the mobility mobile node. The fix was to reboot the AP, or force a re-authentication on a new AP. At the same time, the WLSM was nailing the radius server with client requests. We have apparently fixed these issues with an upgrade to 12.3(7) on the AP, WLSM to 1.4.1, and the 720 sup module to 12.2.18sxd5. You may want to look at this upgrade if you are having these issues. Good luck. Chip -----Original Message----- From: Chris Hart [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 31, 2005 12:13 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WinXP 802.1x and password changes >> >>>Chris Hart wrote: >>> >>>>WLSM to pass 802.1x PEAP/MSCHAPv2 Authentication to the Radius server >>>>for client authentication >>>>along with WDS and management - From what I have read this is LEAP. >>> >>> >>>Gotcha.. >>> >>>We don't have the WLSM, so I'm not sure how well our architecture maps >>>to yours, but what we do: >>> >>>We have our AP management interfaces on several RFC-1918 networks. On >>>each /24, we have one AP configured to be the WDS master and one as a >>>slave/backup. >>> >>>We run a radius server on the master and slave APs solely for >>>authenticating the WDS domain, since we were never able to get the LEAP >>>stuff sorted out. All of our participating APs in the WDS then >>>authenticate to the local WDS masters. >>> >>>What version of IOS do you have on the APs? There's a problem with UDP >>>and WDS with 12.3(4)JA >> >>We are at 12.3(4). I will have to look into this bug. > > >Basically, it interferes with UDP traffic headed out via the default >route, which includes the WDS traffic to the WLSE. > >I should have been more specific above.. we use LEAP and the radius server >on the master AP to do our AP-AP and AP-WLSE authentication. We use OSC's >RADIATOR to do our 802.1x EAP-TTLS authentication. We aren't using the >AP's radius server to do user authentication. > >-JEff I upgraded the code on a few AP's and they now connect to the WLSM/ WDS. My only issue currently is the WLSE does not seem to be able to authenticate with the WLSM/WDS. I can see the Auth ok message on the FreeRadius server. Thanks again for pointing out the bug. Chris Hart (847) 467-7747 IT-TNS Northwestern University, Evanston [EMAIL PROTECTED] ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
