merowinger
asked on
Cisco Accesspoint - Clients cannot connect
Hi,
i have a cisco aironet 1200 accesspoint configured for TKIP-WPA Enterprise (with IAS Server) and Authentication with Certificates!
The IAS Server is working fine because there's allready configured another accesspoint (netgear) with the same settings!
I get the clients connected with the cisco ap when i delete the IAS Policy "NAS Port Type matches Wireless - IEEE 802.11 or Wireless - Other"
but i dont wanna delete this option!
The eventlog on the ias server shows:
~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~
User user@domain.net was denied access.
Fully-Qualified-User-Name = domain/user
NAS-IP-Address = XX.XX.XX.XX
NAS-Identifier = XXXXXXX
Called-Station-Identifier = XXXXXXXXXXXX
Calling-Station-Identifier = XXXXXXXXXXX
Client-Friendly-Name = XXXXXXX
Client-IP-Address = XX.XX.XX.XX
NAS-Port-Type = Virtual
NAS-Port = 300
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Connections to other access servers
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 65
Reason = The connection attempt failed because remote access permission for the user account was denied. To allow remote access, enable remote access permission for the user account, or, if the user account specifies that access is controlled through the matching remote access policy, enable remote access permission for that remote access policy.
~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~
I read in another forum that when i add the NAS-Port-Type Virtual it should work...but on my ias server there only exsits the NAS-Port-Type Virtual(VPN)...and if i add this one, it doesn't work , too
One different is that i added the cisco ap as Client-Vendor= Cisco to the Radius Clients on the IAS Server...the netgear ap is configured as Client-Vendor=Radius Standard...but it makes no different if i configure the cisco ap as radius standard!
What is the problem? Cisco configuration(i think so), or the ias server...or maybe the wireless clients?
thanks
i have a cisco aironet 1200 accesspoint configured for TKIP-WPA Enterprise (with IAS Server) and Authentication with Certificates!
The IAS Server is working fine because there's allready configured another accesspoint (netgear) with the same settings!
I get the clients connected with the cisco ap when i delete the IAS Policy "NAS Port Type matches Wireless - IEEE 802.11 or Wireless - Other"
but i dont wanna delete this option!
The eventlog on the ias server shows:
~~~~~~~~~~~~~~~~~~~~~~~~~~
User user@domain.net was denied access.
Fully-Qualified-User-Name = domain/user
NAS-IP-Address = XX.XX.XX.XX
NAS-Identifier = XXXXXXX
Called-Station-Identifier = XXXXXXXXXXXX
Calling-Station-Identifier
Client-Friendly-Name = XXXXXXX
Client-IP-Address = XX.XX.XX.XX
NAS-Port-Type = Virtual
NAS-Port = 300
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Connections to other access servers
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 65
Reason = The connection attempt failed because remote access permission for the user account was denied. To allow remote access, enable remote access permission for the user account, or, if the user account specifies that access is controlled through the matching remote access policy, enable remote access permission for that remote access policy.
~~~~~~~~~~~~~~~~~~~~~~~~~~
I read in another forum that when i add the NAS-Port-Type Virtual it should work...but on my ias server there only exsits the NAS-Port-Type Virtual(VPN)...and if i add this one, it doesn't work , too
One different is that i added the cisco ap as Client-Vendor= Cisco to the Radius Clients on the IAS Server...the netgear ap is configured as Client-Vendor=Radius Standard...but it makes no different if i configure the cisco ap as radius standard!
What is the problem? Cisco configuration(i think so), or the ias server...or maybe the wireless clients?
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
1. Download latest firmware .tar file from cisco.com
2. Installed a TFTP Server on the admin machine (for example kiwi enterprise cat tools)
3. Made connection to aironet via hypertrm
4. Executed the following command:
archive download-sw /force-reload /overwrite tftp://IP ADRESSE from TFTP/current .tar file