WAP4410N setup with WPA2 Enterprise
Posted on 2011-10-28
We have a branch LAN with 1 ASA5505, 1 2960 PoE switch and 3 WAP4410N.
ASA's outside is on Vlan 100 and inside is on Vlan 1.
2960 switch is configured with all ports assigned to Vlan 2.
ASA's inside interface and 3 WAP4410N are connected to 2960.
We configured WAP4410N boxes with WPA2 Enterprise and AES encrypt. Only one SSID and VLAN feature on APs is disabled.
Radius server is a Cisco ACS in HQ, which can be reached through site to site VPN on ASA.
A DHCP server is on same LAN in our office.
Connectivity among WAP4410N boxes, DHCP server and Cisco ACS is fine.
All the wired PCs get IP address from DHCP server and can access to resources at HQ without any issue.
Problem starts here. When user notebooks tried to auth on WLAN, the APs sent radius request to ACS and auth was OK, according to logs from ACS.
But client notebooks keep authenticating and flapping between authentication and validation process.
Suspected DHCP and configured WLAN client notebooks with static IP and tested also same result.
Syslog from APs showed that client notebooks got association with all 3 APs, repeatedly.
Tested with 1 AP at a time also same result.