Configuring Wireless AP with SBS 2003 Standard.

Posted on 2007-04-01
Medium Priority
Last Modified: 2008-02-01
I am having trouble configuring a 3Com Wireless access point with SBS 2003 Standard. Network configuration is as follows: A VINA eLink IAD brings in a T1, from there a SonicWALL TZ-170 firewall is configured as the gateway (with NAT and all the other good things) to a 3Com 24 port 10/100/1000 switch. The server is an HP ML110 G2 with 2 gigs of RAM. SP1 has been installed as has all the current updates. It is the DNS, DHCP and WINS server as well as our Exchange box. The wireless AP is a 3Com OfficeConnect 11g. The AP is configured with a static IP from the excluded range (under 192.168.XXX.100) and is using PEAP. The network also has another sever used for a Symantec Anti Virus server and a secondary DNS and WINS server. I have tried several times using the Microsoft TechNet instructions http://www.microsoft.com/technet/solutionaccelerators/smbiz/sitsol/DsgnNwrk_12.mspx?mfr=true but still can get it to work.
What happens is I can see the SSID (set to broadcast for this install) and the laptop tries to connect but can't get an IP. If I configure an IP to the laptop it connects fine. What I want is to have the laptop connect using the "shared secret" and not have to hard set the IP's. I want the server to provide the IP through DHCP. Also I'm assuming that a "shard secret" is the password or key but I know all to well what happens when you "assume" so if someone could clue me in that would be great.
Any help on this would be very appreciated as I know it's just something I'm missing. (Don't you just hate that)
Question by:Mainsouth
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 18834499
If you can at all avoid using wireless i would recomend so, it is unsecure even with security option set, if you are using encryption ensure its PSK, WEP is crackable in a matter of minutes.

On your server run the internet and email wizare from the server management console (start, server management) this should help you out.

Author Comment

ID: 18838465
Soooooooooooooooo. Is this is like the patient going to the doctor saying "It hurts when I do this" and the doctor telling him "Don't do that"????
I know it can be done and unfortunately so does my boss. So if you could please be a little more descriptive, I'd really appreciate it.

Expert Comment

ID: 18839664
I would first try different authentication methods to see if they work first.  Then work from there.
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18848844
While your network setup sounds a bit strange for an SBS deployment (definitely shouldn't need a secondary DNS and WINS server).  

Anyhow... it seems as though you don't have the proper documentation for the Access Point.  You can find that here: http://support.3com.com/infodeli/tools/wireless/accesspoint/3CRGPOE10075/DUAPOE10075BAA01.pdf

If you review this you'll note that the "Shared Secret" is just for authentication between the RADIUS Server and the WAP.  The client authentication is handled by a certificate issued by the RADIUS Server (which the client is able to authenticate against due to domain membership).

So.... here's my guess... Because you said your Excluded Range is the IPs under x.x.x.100, it sounds as though you did not configure your SBS using the wizards.  Not using them, especially the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > To-Do List) will cause you to have all sorts of problems.  

One thing you did not confirm in your statements above though is that you assigned the WAP the IP address you configured when setting up the IAS as noted in this section of the TechNet guide you are following:

Adding RADIUS Clients to the Internet Authentication Service
You must add wireless APs as RADIUS clients to IAS before they can be configured to connect to the IAS server. Perform the following steps, to add a wireless AP as a RADIUS client, using the Internet Authentication Service (IAS) management console:

 Right-click the RADIUS Clients folder and select New RADIUS Client.
 Enter a friendly name and the IP address of the wireless AP. This is the same name and IP address entered for the wireless AP. If you have not set up the wireless AP yet, use these same values when you configure the wireless AP.
 Select RADIUS Standard as the client-vendor attribute, and then enter the shared secret for this particular wireless AP. Then select the Request must contain the Message Authenticator attribute checkbox. If you have not set up the wireless AP yet, use the same shared secret when you configure the wireless AP.


Expert Comment

ID: 18848854
Well, it sounds to me more like a DHCP problem. Can the AP be set to serve DHCP? That might be an acceptable test. Maybe you need to look into setting up DHCP relay on that AP and pointing it to your server? I assume devices on the LAN get addresses just fine from the DHCP server?
LVL 74

Accepted Solution

Jeffrey Kane - TechSoEasy earned 1000 total points
ID: 18927539
In reviewing your initial question and my response, it seems as though I neglected to point out that the documentation you are using is outdated and you really should be following this paper:  http://sbsurl.com/wireless


Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question