?
Solved

Cisco Accesspoint - Clients cannot connect

Posted on 2007-08-01
2
Medium Priority
?
534 Views
Last Modified: 2013-11-12
Hi,
i have a cisco aironet 1200 accesspoint configured for TKIP-WPA Enterprise (with IAS Server) and Authentication with Certificates!
The IAS Server is working fine because there's allready configured another accesspoint  (netgear) with the same settings!

I get the clients connected with the cisco ap when i delete the IAS Policy "NAS Port Type matches Wireless - IEEE 802.11 or Wireless - Other"
but i dont wanna delete this option!

The eventlog on the ias server shows:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
User user@domain.net was denied access.
 Fully-Qualified-User-Name = domain/user
 NAS-IP-Address = XX.XX.XX.XX
 NAS-Identifier = XXXXXXX
 Called-Station-Identifier = XXXXXXXXXXXX
 Calling-Station-Identifier = XXXXXXXXXXX
 Client-Friendly-Name = XXXXXXX
 Client-IP-Address = XX.XX.XX.XX
 NAS-Port-Type = Virtual
 NAS-Port = 300
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Connections to other access servers
 Authentication-Type = EAP
 EAP-Type = <undetermined>
 Reason-Code = 65
 Reason = The connection attempt failed because remote access permission for the user account was denied. To allow remote access, enable remote access permission for the user account, or, if the user account specifies that access is controlled through the matching remote access policy, enable remote access permission for that remote access policy.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I read in another forum that when i add the NAS-Port-Type Virtual it should work...but on my ias server there only exsits the NAS-Port-Type Virtual(VPN)...and if i add this one, it doesn't work , too

One different is that i added the cisco ap as Client-Vendor= Cisco to the Radius Clients on the IAS Server...the netgear ap is configured as Client-Vendor=Radius Standard...but it makes no different if i configure the cisco ap as radius standard!


What is the problem? Cisco configuration(i think so), or the ias server...or maybe the wireless clients?

thanks
0
Comment
Question by:merowinger
2 Comments
 
LVL 31

Author Comment

by:merowinger
ID: 19616346
solved after installing the latest firmware version!

1. Download latest firmware .tar file from cisco.com
2. Installed a TFTP Server on the admin machine (for example kiwi enterprise cat tools)
3. Made connection to aironet via hypertrm
4. Executed the following command:
archive download-sw /force-reload /overwrite tftp://IP ADRESSE from TFTP/current .tar file
0
 
LVL 1

Accepted Solution

by:
Vee_Mod earned 0 total points
ID: 19698416
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question