Configuring Wireless AP with SBS 2003 Standard.

I am having trouble configuring a 3Com Wireless access point with SBS 2003 Standard. Network configuration is as follows: A VINA eLink IAD brings in a T1, from there a SonicWALL TZ-170 firewall is configured as the gateway (with NAT and all the other good things) to a 3Com 24 port 10/100/1000 switch. The server is an HP ML110 G2 with 2 gigs of RAM. SP1 has been installed as has all the current updates. It is the DNS, DHCP and WINS server as well as our Exchange box. The wireless AP is a 3Com OfficeConnect 11g. The AP is configured with a static IP from the excluded range (under 192.168.XXX.100) and is using PEAP. The network also has another sever used for a Symantec Anti Virus server and a secondary DNS and WINS server. I have tried several times using the Microsoft TechNet instructions http://www.microsoft.com/technet/solutionaccelerators/smbiz/sitsol/DsgnNwrk_12.mspx?mfr=true but still can get it to work.
What happens is I can see the SSID (set to broadcast for this install) and the laptop tries to connect but can't get an IP. If I configure an IP to the laptop it connects fine. What I want is to have the laptop connect using the "shared secret" and not have to hard set the IP's. I want the server to provide the IP through DHCP. Also I'm assuming that a "shard secret" is the password or key but I know all to well what happens when you "assume" so if someone could clue me in that would be great.
Any help on this would be very appreciated as I know it's just something I'm missing. (Don't you just hate that)
Thanks
MainsouthAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dinga84Commented:
If you can at all avoid using wireless i would recomend so, it is unsecure even with security option set, if you are using encryption ensure its PSK, WEP is crackable in a matter of minutes.

On your server run the internet and email wizare from the server management console (start, server management) this should help you out.
0
MainsouthAuthor Commented:
Soooooooooooooooo. Is this is like the patient going to the doctor saying "It hurts when I do this" and the doctor telling him "Don't do that"????
I know it can be done and unfortunately so does my boss. So if you could please be a little more descriptive, I'd really appreciate it.
Thanks
0
mkurtzhalsCommented:
I would first try different authentication methods to see if they work first.  Then work from there.
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
While your network setup sounds a bit strange for an SBS deployment (definitely shouldn't need a secondary DNS and WINS server).  

Anyhow... it seems as though you don't have the proper documentation for the Access Point.  You can find that here: http://support.3com.com/infodeli/tools/wireless/accesspoint/3CRGPOE10075/DUAPOE10075BAA01.pdf

If you review this you'll note that the "Shared Secret" is just for authentication between the RADIUS Server and the WAP.  The client authentication is handled by a certificate issued by the RADIUS Server (which the client is able to authenticate against due to domain membership).

So.... here's my guess... Because you said your Excluded Range is the IPs under x.x.x.100, it sounds as though you did not configure your SBS using the wizards.  Not using them, especially the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > To-Do List) will cause you to have all sorts of problems.  

One thing you did not confirm in your statements above though is that you assigned the WAP the IP address you configured when setting up the IAS as noted in this section of the TechNet guide you are following:

Adding RADIUS Clients to the Internet Authentication Service
You must add wireless APs as RADIUS clients to IAS before they can be configured to connect to the IAS server. Perform the following steps, to add a wireless AP as a RADIUS client, using the Internet Authentication Service (IAS) management console:

1.
 Right-click the RADIUS Clients folder and select New RADIUS Client.
 
2.
 Enter a friendly name and the IP address of the wireless AP. This is the same name and IP address entered for the wireless AP. If you have not set up the wireless AP yet, use these same values when you configure the wireless AP.
 
3.
 Select RADIUS Standard as the client-vendor attribute, and then enter the shared secret for this particular wireless AP. Then select the Request must contain the Message Authenticator attribute checkbox. If you have not set up the wireless AP yet, use the same shared secret when you configure the wireless AP.

 
Jeff
TechSoEasy
0
AndrewCinkCommented:
Well, it sounds to me more like a DHCP problem. Can the AP be set to serve DHCP? That might be an acceptable test. Maybe you need to look into setting up DHCP relay on that AP and pointing it to your server? I assume devices on the LAN get addresses just fine from the DHCP server?
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
In reviewing your initial question and my response, it seems as though I neglected to point out that the documentation you are using is outdated and you really should be following this paper:  http://sbsurl.com/wireless

Jeff
TechSoEasy
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.