M
Matt B
I have a conundrum...
I'm setting up a wireless network using 802.1x authentication. I currently
have a test network with a Windows 2000 Server running Active Driectory,
DNS, DHCP and IAS (with the 802.1x patch installed) . I also have a Windows
2000 Certificate server which has a root certificate and has been used to
create a certificate for the IAS server. All my wireless clients have the
root cert installed in order to validate the IAS server. I'm using various
wireless APs including a DLink DWL-6000AP and Intel 5000/2011B APs.
Within IAS I have used a profile that only allows NAS-Port-Type="Wireless -
Other or Wireless - IEEE 802.11" (i.e. only allow wireless devices). I am
using PEAP MS-CHAP V2 authentication and have had this working without
problems on the Intel APs with various different wireless cards. My problem
comes when I attempt to use the DLink AP on the same setup. I'm not
entirely sure that I have actually set the settings on the DLink correctly
(the quirky interface doesn't really help...). However, I'm pretty sure I
have because I can see from the IAS logs that the DLink is trying to
authenticate ok (so the shared key and RADIUS IP I have put in must be
correct). I identified from the logs that the DLink was failing to
authenticate because it was trying to use NAS-Port-Type 15 and after looking
at rfc2865 found this to be "Ethernet". Hmm, not standard on wireless
devices as far as I was aware but I added this to the allowed NAS-Port-Types
in my profile on the IAS server thinking this might work.
I tried again but this time no logs were generated at all. I found this a
bit odd so I did some further investigation - basically the AP was rebooting
each time the wireless client was trying to authenticate! So it seems the
problem is with the AP itself...
I have tried various firmware releases right up to v223e (since I'm in
Europe) but none of these have solved the problem. DLink tech support are
next to useless and their documentation is non-existent, hence I'm posting
this in the hope that someone may have come across this problem before or
may be able to help me. Otherwise I'll be ditching the DLink!
TIA,
Matt
I'm setting up a wireless network using 802.1x authentication. I currently
have a test network with a Windows 2000 Server running Active Driectory,
DNS, DHCP and IAS (with the 802.1x patch installed) . I also have a Windows
2000 Certificate server which has a root certificate and has been used to
create a certificate for the IAS server. All my wireless clients have the
root cert installed in order to validate the IAS server. I'm using various
wireless APs including a DLink DWL-6000AP and Intel 5000/2011B APs.
Within IAS I have used a profile that only allows NAS-Port-Type="Wireless -
Other or Wireless - IEEE 802.11" (i.e. only allow wireless devices). I am
using PEAP MS-CHAP V2 authentication and have had this working without
problems on the Intel APs with various different wireless cards. My problem
comes when I attempt to use the DLink AP on the same setup. I'm not
entirely sure that I have actually set the settings on the DLink correctly
(the quirky interface doesn't really help...). However, I'm pretty sure I
have because I can see from the IAS logs that the DLink is trying to
authenticate ok (so the shared key and RADIUS IP I have put in must be
correct). I identified from the logs that the DLink was failing to
authenticate because it was trying to use NAS-Port-Type 15 and after looking
at rfc2865 found this to be "Ethernet". Hmm, not standard on wireless
devices as far as I was aware but I added this to the allowed NAS-Port-Types
in my profile on the IAS server thinking this might work.
I tried again but this time no logs were generated at all. I found this a
bit odd so I did some further investigation - basically the AP was rebooting
each time the wireless client was trying to authenticate! So it seems the
problem is with the AP itself...
I have tried various firmware releases right up to v223e (since I'm in
Europe) but none of these have solved the problem. DLink tech support are
next to useless and their documentation is non-existent, hence I'm posting
this in the hope that someone may have come across this problem before or
may be able to help me. Otherwise I'll be ditching the DLink!
TIA,
Matt