I've been trying to set up a secure wireless network in our building.
The infrastructure consists of a Cisco WLAN controller WLC2106 with AIR-AP1131AG-E-K9 access points. I'm pretty certain these are configures corrctly as we have a 'guest' WLAN set up and working which uses the built in user authentication.
The Radius server is a Windows 2003 Enterprise server SP1 running IAS. Laptops are running XP SP3 with Wireless Zero configuration.
Created a self signed certificate using SelfSSL.exe
Exported the certificate (without the private key)
Created a Group Policy 'PKI policy' that imports the exported certificate into the Trusted Root Certificate Authority and applied it to a test OU containing a test laptop.
Created a Group Policy 'Wifi settings' that sets the Wireless Network Policy with settings:
The Radius client in IAS is set with the correct IP for the Cisco Wireless LAN controller The Client-Vendor setting is RADIUS Standard (should it be for this type of LAN controller) and I've redone the shared secret several times to make sure.
I've created a Remote Access Policy:
The test laptop gets the policies, the certificate seems to be present and the wireless profile is set up (and can't be changed on the laptop as it should be when configured by Group Policy). The latop attempts to connect, but sticks on Validating identity
. The Wireless controller logs show repeated Thu Sep 23 09:27:22 2010 RADIUS server 192.168.153.21:1812 failed to respond to request (ID **) for client 00:12:f0:1f:1a:ce / user 'unknown'
(thats the MAC of the test laptop.
Where do I troubleshoot from here? I'm willing to provide more info if needed, just let me know.