Problem with Cisco WLC 2106 and Microsoft IAS

For one of my SSID's I am using 802.1x with WPA2/AES. I have configured IAS on windows server 2003 and from the server message logs I am able to authenticate a user. I never complete the authentication through the eyes of the WLC though. In using debug commands on the WLC I can see an error that I can not solve.

                               
Wed Apr  7 03:09:40 2010: 00:23:4e:70:a9:97 Received EAPOL-Key from mobile 00:23:4e:70:a9:97
Wed Apr  7 03:09:40 2010: 00:23:4e:70:a9:97 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 00:23:4e:70:a9:97
Wed Apr  7 03:09:40 2010: 00:23:4e:70:a9:97 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 00:23:4e:70:a9:97
Wed Apr  7 03:09:40 2010: 00:23:4e:70:a9:97 Stopping retransmission timer for mobile 00:23:4e:70:a9:97

 
I suspect my issues revolves around the message: Ignoring invalid EAPOL version (1) in EAPOL-key message

 
Anyone have any idea or insight on additional debug steps that can be taken?

westernITAsked:
Who is Participating?
 
araberuniConnect With a Mentor Commented:
You need to use WPA2/AES in WLC and client config. You need AAA server setup in WLC. verify ur config with this http://araihan.wordpress.com/2010/04/30/complete-guide-to-build-a-cisco-wireless-infrastructure-using-cisco-wlc-5500-cisco-1142-ap-and-microsoft-radius-server/

Regards,
Raihan
0
 
merowingerCommented:
Have you choosen Radius Client type "Cisco"?
Also checkt the Reqest Authenticator setting:
http://technet.microsoft.com/en-us/library/cc727945(WS.10).aspx
0
 
westernITAuthor Commented:
If the client type is changed from "Radius-Standard" to "Cisco", IAS will no longer authenticate the user. I also checked the Request Authenticator setting and have it unchecked. Thanks for the feedback.
0
All Courses

From novice to tech pro — start learning today.