• September 18, 2020, 10:05:56 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Use a WiNG controller's radius server with off-brand APs?  (Read 2755 times)

0 Members and 1 Guest are viewing this topic.

Offline jcoehoorn

  • Jr. Member
  • **
  • Posts: 41
Use a WiNG controller's radius server with off-brand APs?
« on: July 02, 2015, 10:16:34 AM »
I'm looking to do a slow migration from an existing hodge-podge of unsecured, stand-alone APs to a Zebra/WiNG system. In the initial deployment I'll only have budget to cover a small portion of our network with the new system.

All of our existing APs do support 802.1x authentication via radius, and I'd like to use radius server onboard the WiNG controller to immediately put out a secured SSID. However, I have not been able to get my off-brand APs to use the WiNG radius server.

One issue is that the APs expect to use a shared secret to connect to radius, but I have not seen where I can set that. Any thoughts?


Offline wings

  • Rookie
  • **
  • Posts: 14
Re: Use a WiNG controller's radius server with off-brand APs?
« Reply #1 on: July 03, 2015, 05:45:50 AM »
Have you checked the radius server policy? There you can set the NAS IP-Addresses as well as shared secret:

cli:

radius-server-policy test
nas 1.1.1.1/32 secret 0 testsecret

Offline jcoehoorn

  • Jr. Member
  • **
  • Posts: 41
Re: Use a WiNG controller's radius server with off-brand APs?
« Reply #2 on: July 06, 2015, 11:09:45 AM »
I was hoping it would be something simple like that.

Unfortunately, it's still not working. My test AP can ping the Zebra controller and the controller can ping the test AP, so basic connectivity is there. However, when I try to connect from the test device (iPad 3) nothing happens. It just sort of hangs. I am prompted for credentials, but after entering them the "Enter Password" screen just sits there for several minutes. Eventually it will give up and switch back to our regular/existing wifi network.

If I turn up logging on the controller (debug radius all / log mon 7) and watch it while attempting to connect, nothing is ever logged to the screen... not even a failed connection attempt.
« Last Edit: July 06, 2015, 11:12:25 AM by jcoehoorn »

Offline wings

  • Rookie
  • **
  • Posts: 14
Re: Use a WiNG controller's radius server with off-brand APs?
« Reply #3 on: July 07, 2015, 10:39:33 AM »
Have you tried a "service pktcap on interface ..." to see if the wlan controller receives the radius packets?

In addition you can try to do "debug wireless radius". May this shows something.

Offline jcoehoorn

  • Jr. Member
  • **
  • Posts: 41
Re: Use a WiNG controller's radius server with off-brand APs?
« Reply #4 on: July 07, 2015, 09:47:35 PM »
Looks like the problem was the AP. We have two main models in our existing environment, and I was using the older style. I tried one of the newer ones and it worked right away. Fortunately, we have fewer than 30 of the old style left.