roger_rex
asked on
WAP4410N setup with WPA2 Enterprise
Hello Experts,
We have a branch LAN with 1 ASA5505, 1 2960 PoE switch and 3 WAP4410N.
ASA's outside is on Vlan 100 and inside is on Vlan 1.
2960 switch is configured with all ports assigned to Vlan 2.
ASA's inside interface and 3 WAP4410N are connected to 2960.
We configured WAP4410N boxes with WPA2 Enterprise and AES encrypt. Only one SSID and VLAN feature on APs is disabled.
Radius server is a Cisco ACS in HQ, which can be reached through site to site VPN on ASA.
A DHCP server is on same LAN in our office.
Connectivity among WAP4410N boxes, DHCP server and Cisco ACS is fine.
All the wired PCs get IP address from DHCP server and can access to resources at HQ without any issue.
Problem starts here. When user notebooks tried to auth on WLAN, the APs sent radius request to ACS and auth was OK, according to logs from ACS.
But client notebooks keep authenticating and flapping between authentication and validation process.
Suspected DHCP and configured WLAN client notebooks with static IP and tested also same result.
Syslog from APs showed that client notebooks got association with all 3 APs, repeatedly.
Tested with 1 AP at a time also same result.
Please help!
Thanks!
We have a branch LAN with 1 ASA5505, 1 2960 PoE switch and 3 WAP4410N.
ASA's outside is on Vlan 100 and inside is on Vlan 1.
2960 switch is configured with all ports assigned to Vlan 2.
ASA's inside interface and 3 WAP4410N are connected to 2960.
We configured WAP4410N boxes with WPA2 Enterprise and AES encrypt. Only one SSID and VLAN feature on APs is disabled.
Radius server is a Cisco ACS in HQ, which can be reached through site to site VPN on ASA.
A DHCP server is on same LAN in our office.
Connectivity among WAP4410N boxes, DHCP server and Cisco ACS is fine.
All the wired PCs get IP address from DHCP server and can access to resources at HQ without any issue.
Problem starts here. When user notebooks tried to auth on WLAN, the APs sent radius request to ACS and auth was OK, according to logs from ACS.
But client notebooks keep authenticating and flapping between authentication and validation process.
Suspected DHCP and configured WLAN client notebooks with static IP and tested also same result.
Syslog from APs showed that client notebooks got association with all 3 APs, repeatedly.
Tested with 1 AP at a time also same result.
Please help!
Thanks!
BTW - I've used about 15 of these and they've all had the same problems no matter what version of hardware or firmware. Sad.
ASKER
Hi Pugglewuggle,
Thanks for comment.
But I have to make this system work.
I am still expecting someone to advise me with kinda work around.
I will remember NOT to buy this crap anymore, though :)
Thanks for comment.
But I have to make this system work.
I am still expecting someone to advise me with kinda work around.
I will remember NOT to buy this crap anymore, though :)
I will tell you that if you ever get it working it will never stick for more than a few weeks. You need to take this back and get something that works or you will never sleep.
I would tell you how to fix it, but the hardware and software are broken by design!
Promise. :-)
I would tell you how to fix it, but the hardware and software are broken by design!
Promise. :-)
ASKER
Hi Experts,
Any possible way of resolving this issue?
I am expecting a lot to receive helping hands from experts here.
Please help.
Any possible way of resolving this issue?
I am expecting a lot to receive helping hands from experts here.
Please help.
Hi Roger,
I'm really not trying to tell you go buy something else because I don't like something - I'm telling you that the answer to your question is that it will not work. The product and interface says it supports, as does their tech support department when you call, it but it does not work and never has. The company will run you through support loops for days and at the end of the day tell you they can't help. I've been there and I've done that.
Cheers!
I'm really not trying to tell you go buy something else because I don't like something - I'm telling you that the answer to your question is that it will not work. The product and interface says it supports, as does their tech support department when you call, it but it does not work and never has. The company will run you through support loops for days and at the end of the day tell you they can't help. I've been there and I've done that.
Cheers!
ASKER
Hi Pugglewuggle,
I do understand you and really appreciate for advise, too.
My situation does not allow me part company with these boxes.
I gotta fix it, as much as possible.
Waiting for an expert with idea of fixing this.
Thanks!
I do understand you and really appreciate for advise, too.
My situation does not allow me part company with these boxes.
I gotta fix it, as much as possible.
Waiting for an expert with idea of fixing this.
Thanks!
I'm sorry, best of luck. I don't think anybody will be responding with a fix because there isn't one. Cheers!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found out solution by doing some research swapping firmware versions.
I can tell you that I have used these unfortunate devices for too long before getting rid of them. They do not work consistently, they route traffic incorrectly and block certain traffic when the're not supposed to, they have almost no support, and they freeze and require hard reboots (unplug and plug). They have the same problems as the RVS4000 and WRVS4400N, both of which I have used.
I highly recommend as someone experienced with these products to dump it and get something that actually works. I thought I would save some money but it cost me more in the end because of all the trouble. I should have just bought Aruba Instant WAPs or Cisco enterprise WAPs instead of these, and I recommend you do the same. They are more expensive but they will solve your problem. I really recommend the Aruba Instant APs - best for the price and totally enterprise grade.
Cheers and let me know if you need anything else!