Link to home
Start Free TrialLog in
Avatar of merowinger
merowingerFlag for Germany

asked on

Cisco Accesspoint - Clients cannot connect

Hi,
i have a cisco aironet 1200 accesspoint configured for TKIP-WPA Enterprise (with IAS Server) and Authentication with Certificates!
The IAS Server is working fine because there's allready configured another accesspoint  (netgear) with the same settings!

I get the clients connected with the cisco ap when i delete the IAS Policy "NAS Port Type matches Wireless - IEEE 802.11 or Wireless - Other"
but i dont wanna delete this option!

The eventlog on the ias server shows:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
User user@domain.net was denied access.
 Fully-Qualified-User-Name = domain/user
 NAS-IP-Address = XX.XX.XX.XX
 NAS-Identifier = XXXXXXX
 Called-Station-Identifier = XXXXXXXXXXXX
 Calling-Station-Identifier = XXXXXXXXXXX
 Client-Friendly-Name = XXXXXXX
 Client-IP-Address = XX.XX.XX.XX
 NAS-Port-Type = Virtual
 NAS-Port = 300
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Connections to other access servers
 Authentication-Type = EAP
 EAP-Type = <undetermined>
 Reason-Code = 65
 Reason = The connection attempt failed because remote access permission for the user account was denied. To allow remote access, enable remote access permission for the user account, or, if the user account specifies that access is controlled through the matching remote access policy, enable remote access permission for that remote access policy.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I read in another forum that when i add the NAS-Port-Type Virtual it should work...but on my ias server there only exsits the NAS-Port-Type Virtual(VPN)...and if i add this one, it doesn't work , too

One different is that i added the cisco ap as Client-Vendor= Cisco to the Radius Clients on the IAS Server...the netgear ap is configured as Client-Vendor=Radius Standard...but it makes no different if i configure the cisco ap as radius standard!


What is the problem? Cisco configuration(i think so), or the ias server...or maybe the wireless clients?

thanks
Avatar of merowinger
merowinger
Flag of Germany image

ASKER

solved after installing the latest firmware version!

1. Download latest firmware .tar file from cisco.com
2. Installed a TFTP Server on the admin machine (for example kiwi enterprise cat tools)
3. Made connection to aironet via hypertrm
4. Executed the following command:
archive download-sw /force-reload /overwrite tftp://IP ADRESSE from TFTP/current .tar file
ASKER CERTIFIED SOLUTION
Avatar of Vee_Mod
Vee_Mod
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial