Problems setting up WPA2

[redlair2000]

Hello,

I have a question that I know someone can answer. I have a Cisco Aironet 1100 running 12.3(7)Ja2. I beleive I setup WPA2 and MAC filtering correctly, but I cannot see or connect to it. If I turn off MAC filtering I am able to see it and connect. Any ideas of what I am doing wrong?

My setup included:

Cipher > AES CCMP
Open Authentication w/ MAC Filtering
Madatory WPA Shared Key

 

[jdeisenm]

Leave mac filtering off. That's worthless.

 

[redlair2000]

I agree. But I need to have both working. Is there some good documentation for setting wpa up on a aironet. I have looked and can not find anything. It seems like I am the only one who cant get both to work.

 

[jdeisenm]

post your config

this is a mac only config for 12.37ja1 pointing to aaa

dot11 ssid tsunami
authentication open mac-address mac_methods

 

[redlair2000]

Here is what I had yesterday.

!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname TIS_FAP01
!
no logging console
enable secret 5 $1$s2cD$JHDMeOQIGKw1rvBwX7I5I/
!
ip subnet-zero
ip domain name TIS
!
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache
!
aaa group server tacacs+ tac_admin
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa cache profile admin_cache
all
!
aaa session-id common
dot11 vlan-name VL302 vlan 302
dot11 vlan-name VL401 vlan 401
!
dot11 ssid 022_F01
vlan 302
authentication open mac-address mac_methods
authentication key-management wpa
!
!
crypto pki trustpoint TP-self-signed-4187892834
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4187892834
revocation-check none
rsakeypair TP-self-signed-4187892834
!
!
crypto ca certificate chain TP-self-signed-4187892834
certificate self-signed 01 nvram:IOS-Self-Sig#3401.cer
username skps password 7 095F651A
username 0012f036a55c password 7 06565F701E48594A5316475E0F
username 0012f036a55c autocommand exit
username 0012f0365974 password 7 06565F701E48594A53424B5C58
username 0012f0365974 autocommand exit
username 000e352126d0 password 7 03540B5B035C741E1F5B4F0147
username 000e352126d0 autocommand exit
username 0012f0365973 password 7 00544357565D5B55597415195A
username 0012f0365973 autocommand exit
username 0012f036a2c6 password 7 1447425A5E027A787229613674
username 0012f036a2c6 autocommand exit
username 0012f036a2a7 password 7 1447425A5E027A787229613475
username 0012f036a2a7 autocommand exit
username 000e35df59cf password 7 0256540B0E555A254A1B501A03
username 000e35df59cf autocommand exit
username 0013ce2b36df password 7 06565F701F4D0C4B0744440F0A
username 0013ce2b36df autocommand exit
username 000cf14b1587 password 7 15425B5C072C7A702A62607A44
username 000cf14b1587 autocommand exit
username 000e352126cf password 7 101E5949004447595D567C2822
username 000e352126cf autocommand exit
username 0012f0041790 password 7 1447425A5E027A7B7079646C72
username 0012f0041790 autocommand exit
username 00e098d88c13 password 7 06565F241C17511D5D4F115A5F
username 00e098d88c13 autocommand exit
username 00e098dfedfc password 7 08711C4B59405D13140E080229
username 00e098dfedfc autocommand exit
username 000cf15e8594 password 7 075F711C4D0F4850124A5E5550
username 000cf15e8594 autocommand exit
username 000b7d23efad password 7 055B565F231B4A5B4A0011130F
username 000b7d23efad autocommand exit
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 302 mode ciphers aes-ccm
!
ssid 022_F01
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no dot11 extension aironet
!
interface Dot11Radio0.302
encapsulation dot1Q 302
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
!
interface Dot11Radio0.401
encapsulation dot1Q 401 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.302
encapsulation dot1Q 302
no ip route-cache
bridge-group 255
no bridge-group 255 source-learning
bridge-group 255 spanning-disabled
!
interface FastEthernet0.401
encapsulation dot1Q 401 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.2.77.79 255.255.255.128
no ip route-cache
!
ip default-gateway 10.2.77.1
no ip http server
ip http secure-server
ip http help-path

http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1
!
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
transport preferred all
transport output all
line vty 0 4
transport preferred all
transport input all
transport output all
line vty 5 15
transport preferred all
transport input all
transport output all
!
end

 

[welolo]

l was configuring a WRT54G Linksys router and l enabled WPA2 but entered more than 13 characters. At first one of the laptops can detect the wireless network but cannot authenticate if when l entere the right network key. Now l cannot even get access to the setup page from any of the PCs, both wireless and cable(connected to the router's switch).
What can l do? Maybe to erase the network key and start all over again.
Please help.


Thanks

welolo