Configuring Wireless AP with SBS 2003 Standard.

I am having trouble configuring a 3Com Wireless access point with SBS 2003 Standard. Network configuration is as follows: A VINA eLink IAD brings in a T1, from there a SonicWALL TZ-170 firewall is configured as the gateway (with NAT and all the other good things) to a 3Com 24 port 10/100/1000 switch. The server is an HP ML110 G2 with 2 gigs of RAM. SP1 has been installed as has all the current updates. It is the DNS, DHCP and WINS server as well as our Exchange box. The wireless AP is a 3Com OfficeConnect 11g. The AP is configured with a static IP from the excluded range (under 192.168.XXX.100) and is using PEAP. The network also has another sever used for a Symantec Anti Virus server and a secondary DNS and WINS server. I have tried several times using the Microsoft TechNet instructions http://www.microsoft.com/technet/solutionaccelerators/smbiz/sitsol/DsgnNwrk_12.mspx?mfr=true but still can get it to work.
What happens is I can see the SSID (set to broadcast for this install) and the laptop tries to connect but can't get an IP. If I configure an IP to the laptop it connects fine. What I want is to have the laptop connect using the "shared secret" and not have to hard set the IP's. I want the server to provide the IP through DHCP. Also I'm assuming that a "shard secret" is the password or key but I know all to well what happens when you "assume" so if someone could clue me in that would be great.
Any help on this would be very appreciated as I know it's just something I'm missing. (Don't you just hate that)
Thanks
MainsouthAsked:
Who is Participating?
 
Jeffrey Kane - TechSoEasyConnect With a Mentor Principal ConsultantCommented:
In reviewing your initial question and my response, it seems as though I neglected to point out that the documentation you are using is outdated and you really should be following this paper:  http://sbsurl.com/wireless

Jeff
TechSoEasy
0
 
Dinga84Commented:
If you can at all avoid using wireless i would recomend so, it is unsecure even with security option set, if you are using encryption ensure its PSK, WEP is crackable in a matter of minutes.

On your server run the internet and email wizare from the server management console (start, server management) this should help you out.
0
 
MainsouthAuthor Commented:
Soooooooooooooooo. Is this is like the patient going to the doctor saying "It hurts when I do this" and the doctor telling him "Don't do that"????
I know it can be done and unfortunately so does my boss. So if you could please be a little more descriptive, I'd really appreciate it.
Thanks
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
mkurtzhalsCommented:
I would first try different authentication methods to see if they work first.  Then work from there.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
While your network setup sounds a bit strange for an SBS deployment (definitely shouldn't need a secondary DNS and WINS server).  

Anyhow... it seems as though you don't have the proper documentation for the Access Point.  You can find that here: http://support.3com.com/infodeli/tools/wireless/accesspoint/3CRGPOE10075/DUAPOE10075BAA01.pdf

If you review this you'll note that the "Shared Secret" is just for authentication between the RADIUS Server and the WAP.  The client authentication is handled by a certificate issued by the RADIUS Server (which the client is able to authenticate against due to domain membership).

So.... here's my guess... Because you said your Excluded Range is the IPs under x.x.x.100, it sounds as though you did not configure your SBS using the wizards.  Not using them, especially the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > To-Do List) will cause you to have all sorts of problems.  

One thing you did not confirm in your statements above though is that you assigned the WAP the IP address you configured when setting up the IAS as noted in this section of the TechNet guide you are following:

Adding RADIUS Clients to the Internet Authentication Service
You must add wireless APs as RADIUS clients to IAS before they can be configured to connect to the IAS server. Perform the following steps, to add a wireless AP as a RADIUS client, using the Internet Authentication Service (IAS) management console:

1.
 Right-click the RADIUS Clients folder and select New RADIUS Client.
 
2.
 Enter a friendly name and the IP address of the wireless AP. This is the same name and IP address entered for the wireless AP. If you have not set up the wireless AP yet, use these same values when you configure the wireless AP.
 
3.
 Select RADIUS Standard as the client-vendor attribute, and then enter the shared secret for this particular wireless AP. Then select the Request must contain the Message Authenticator attribute checkbox. If you have not set up the wireless AP yet, use the same shared secret when you configure the wireless AP.

 
Jeff
TechSoEasy
0
 
AndrewCinkCommented:
Well, it sounds to me more like a DHCP problem. Can the AP be set to serve DHCP? That might be an acceptable test. Maybe you need to look into setting up DHCP relay on that AP and pointing it to your server? I assume devices on the LAN get addresses just fine from the DHCP server?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.