Question : Problem: I cant get wpa to work on cisco AP with no radius

I am lost.  I can get my APs to work fine when they are open.  when I setup WPA i cant join the network.  Windows just gives an error that the network is no longer available.  If I use an intel wireless client, I can manually put in the wpa information, but it wont connect.  I have attached a config.  I do not have a radius server.  

thanks for your help

Code Snippet:

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 269: 270: 271: 272: 273: 274: 275: 276: 277: 278: 279: 280: 281: 282: 283: 284: 285: 286: 287: 288: 289: 290: 291: 292:

Building configuration... Current configuration : 6379 bytes ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname GETX-AP2 ! enable secret 5 xxxxxxxxxxxxxxxxxxxx ! ip subnet-zero ip domain name iccmax.com ! ! aaa new-model ! ! aaa authentication login eap_method local aaa authentication login mac_method local aaa authorization exec default local aaa session-id common ! dot11 ssid ICC-ADMIN vlan 211 max-associations 15 authentication open accounting accounting-method-list mbssid guest-mode wpa-psk ascii 7 xxxxxxxxxxxxxxxxx211 ! dot11 ssid ICC-GUEST vlan 213 max-associations 15 authentication open accounting accounting-method-list mbssid guest-mode wpa-psk ascii 7 xxxxxxxxxxxxxxxxx213 ! dot11 ssid ICC-MANAGE vlan 1 max-associations 15 authentication open accounting accounting-method-list mbssid guest-mode wpa-psk ascii 7 xxxxxxxxxxxxxxxxx001 ! dot11 ssid ICC-NCOMP vlan 210 max-associations 15 authentication open accounting accounting-method-list mbssid guest-mode wpa-psk ascii 7 xxxxxxxxxxxxxxxxx210 ! dot11 ssid ICC-OFFICE vlan 208 max-associations 15 authentication open accounting accounting-method-list mbssid guest-mode wpa-psk ascii 7 xxxxxxxxxxxxxxxxx208 ! dot11 ssid ICC-REMED vlan 212 max-associations 15 authentication open accounting accounting-method-list mbssid guest-mode wpa-psk ascii 7 xxxxxxxxxxxxxxxxx212 ! dot11 ssid ICC-VOICE vlan 209 max-associations 15 authentication open accounting accounting-method-list mbssid guest-mode wpa-psk ascii 7 xxxxxxxxxxxxxxxxx209 ! ! ! username Cisco password 7 xxxxxxxxxxxxxxxxxxxx username ICC password 7 xxxxxxxxxxxxxxxxxxxx username admin password 7 xxxxxxxxxxxxxxxxxxxx username aseaman privilege 15 password 7 xxxxxxxxxxxxxxxxxxxx ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers tkip ! encryption vlan 1 mode ciphers tkip ! encryption vlan 208 mode ciphers tkip ! encryption vlan 209 mode ciphers tkip ! encryption vlan 210 mode ciphers tkip ! encryption vlan 211 mode ciphers tkip ! encryption vlan 212 mode ciphers tkip ! encryption vlan 213 mode ciphers tkip ! ssid ICC-ADMIN ! ssid ICC-GUEST ! ssid ICC-MANAGE ! ssid ICC-NCOMP ! ssid ICC-OFFICE ! ssid ICC-REMED ! ssid ICC-VOICE ! mbssid speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.208 encapsulation dot1Q 208 no ip route-cache bridge-group 2 bridge-group 2 subscriber-loop-control bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding bridge-group 2 spanning-disabled ! interface Dot11Radio0.209 encapsulation dot1Q 209 no ip route-cache bridge-group 3 bridge-group 3 subscriber-loop-control bridge-group 3 block-unknown-source no bridge-group 3 source-learning no bridge-group 3 unicast-flooding bridge-group 3 spanning-disabled ! interface Dot11Radio0.210 encapsulation dot1Q 210 no ip route-cache bridge-group 4 bridge-group 4 subscriber-loop-control bridge-group 4 block-unknown-source no bridge-group 4 source-learning no bridge-group 4 unicast-flooding bridge-group 4 spanning-disabled ! interface Dot11Radio0.211 encapsulation dot1Q 211 no ip route-cache bridge-group 5 bridge-group 5 subscriber-loop-control bridge-group 5 block-unknown-source no bridge-group 5 source-learning no bridge-group 5 unicast-flooding bridge-group 5 spanning-disabled ! interface Dot11Radio0.212 encapsulation dot1Q 212 no ip route-cache bridge-group 6 bridge-group 6 subscriber-loop-control bridge-group 6 block-unknown-source no bridge-group 6 source-learning no bridge-group 6 unicast-flooding bridge-group 6 spanning-disabled ! interface Dot11Radio0.213 encapsulation dot1Q 213 no ip route-cache bridge-group 7 bridge-group 7 subscriber-loop-control bridge-group 7 block-unknown-source no bridge-group 7 source-learning no bridge-group 7 unicast-flooding bridge-group 7 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto hold-queue 160 in ! interface FastEthernet0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.208 encapsulation dot1Q 208 no ip route-cache bridge-group 2 no bridge-group 2 source-learning bridge-group 2 spanning-disabled ! interface FastEthernet0.209 encapsulation dot1Q 209 no ip route-cache bridge-group 3 no bridge-group 3 source-learning bridge-group 3 spanning-disabled ! interface FastEthernet0.210 encapsulation dot1Q 210 no ip route-cache bridge-group 4 no bridge-group 4 source-learning bridge-group 4 spanning-disabled ! interface FastEthernet0.211 encapsulation dot1Q 211 no ip route-cache bridge-group 5 no bridge-group 5 source-learning bridge-group 5 spanning-disabled ! interface FastEthernet0.212 encapsulation dot1Q 212 no ip route-cache bridge-group 6 no bridge-group 6 source-learning bridge-group 6 spanning-disabled ! interface FastEthernet0.213 encapsulation dot1Q 213 no ip route-cache bridge-group 7 no bridge-group 7 source-learning bridge-group 7 spanning-disabled ! interface BVI1 ip address 10.128.15.5 255.255.255.0 no ip route-cache ! ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ! ! control-plane ! bridge 1 route ip ! ! ! line con 0 password 7 xxxxxxxxxxxxxxxxxxxx line vty 0 4 password 7 xxxxxxxxxxxxxxxxxxxx ! end GETX-AP2#

Open in New Window Select All

Answer : Problem: I cant get wpa to work on cisco AP with no radius

Try adding this under each dot11 ssid

authentication key-management wpa