Question : Problem: I cant get wpa to work on cisco AP with no radius

I am lost.  I can get my APs to work fine when they are open.  when I setup WPA i cant join the network.  Windows just gives an error that the network is no longer available.  If I use an intel wireless client, I can manually put in the wpa information, but it wont connect.  I have attached a config.  I do not have a radius server.  

thanks for your help
Code Snippet:
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
Building configuration...
 
Current configuration : 6379 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname GETX-AP2
!
enable secret 5 xxxxxxxxxxxxxxxxxxxx
!
ip subnet-zero
ip domain name iccmax.com
!
!
aaa new-model
!
!
aaa authentication login eap_method local
aaa authentication login mac_method local
aaa authorization exec default local
aaa session-id common
!
dot11 ssid ICC-ADMIN
   vlan 211
   max-associations 15
   authentication open
   accounting accounting-method-list
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxxxx211
!
dot11 ssid ICC-GUEST
   vlan 213
   max-associations 15
   authentication open
   accounting accounting-method-list
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxxxx213
!
dot11 ssid ICC-MANAGE
   vlan 1
   max-associations 15
   authentication open
   accounting accounting-method-list
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxxxx001
!
dot11 ssid ICC-NCOMP
   vlan 210
   max-associations 15
   authentication open
   accounting accounting-method-list
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxxxx210
!
dot11 ssid ICC-OFFICE
   vlan 208
   max-associations 15
   authentication open
   accounting accounting-method-list
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxxxx208
!
dot11 ssid ICC-REMED
   vlan 212
   max-associations 15
   authentication open
   accounting accounting-method-list
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxxxx212
!
dot11 ssid ICC-VOICE
   vlan 209
   max-associations 15
   authentication open
   accounting accounting-method-list
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxxxxxx209
!
!
!
username Cisco password 7 xxxxxxxxxxxxxxxxxxxx
username ICC password 7 xxxxxxxxxxxxxxxxxxxx
username admin password 7 xxxxxxxxxxxxxxxxxxxx
username aseaman privilege 15 password 7 xxxxxxxxxxxxxxxxxxxx
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 encryption vlan 1 mode ciphers tkip
 !
 encryption vlan 208 mode ciphers tkip
 !
 encryption vlan 209 mode ciphers tkip
 !
 encryption vlan 210 mode ciphers tkip
 !
 encryption vlan 211 mode ciphers tkip
 !
 encryption vlan 212 mode ciphers tkip
 !
 encryption vlan 213 mode ciphers tkip
 !
 ssid ICC-ADMIN
 !
 ssid ICC-GUEST
 !
 ssid ICC-MANAGE
 !
 ssid ICC-NCOMP
 !
 ssid ICC-OFFICE
 !
 ssid ICC-REMED
 !
 ssid ICC-VOICE
 !
 mbssid
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
 54.0
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.208
 encapsulation dot1Q 208
 no ip route-cache
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
 bridge-group 2 spanning-disabled
!
interface Dot11Radio0.209
 encapsulation dot1Q 209
 no ip route-cache
 bridge-group 3
 bridge-group 3 subscriber-loop-control
 bridge-group 3 block-unknown-source
 no bridge-group 3 source-learning
 no bridge-group 3 unicast-flooding
 bridge-group 3 spanning-disabled
!
interface Dot11Radio0.210
 encapsulation dot1Q 210
 no ip route-cache
 bridge-group 4
 bridge-group 4 subscriber-loop-control
 bridge-group 4 block-unknown-source
 no bridge-group 4 source-learning
 no bridge-group 4 unicast-flooding
 bridge-group 4 spanning-disabled
!
interface Dot11Radio0.211
 encapsulation dot1Q 211
 no ip route-cache
 bridge-group 5
 bridge-group 5 subscriber-loop-control
 bridge-group 5 block-unknown-source
 no bridge-group 5 source-learning
 no bridge-group 5 unicast-flooding
 bridge-group 5 spanning-disabled
!
interface Dot11Radio0.212
 encapsulation dot1Q 212
 no ip route-cache
 bridge-group 6
 bridge-group 6 subscriber-loop-control
 bridge-group 6 block-unknown-source
 no bridge-group 6 source-learning
 no bridge-group 6 unicast-flooding
 bridge-group 6 spanning-disabled
!
interface Dot11Radio0.213
 encapsulation dot1Q 213
 no ip route-cache
 bridge-group 7
 bridge-group 7 subscriber-loop-control
 bridge-group 7 block-unknown-source
 no bridge-group 7 source-learning
 no bridge-group 7 unicast-flooding
 bridge-group 7 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 hold-queue 160 in
!
interface FastEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface FastEthernet0.208
 encapsulation dot1Q 208
 no ip route-cache
 bridge-group 2
 no bridge-group 2 source-learning
 bridge-group 2 spanning-disabled
!
interface FastEthernet0.209
 encapsulation dot1Q 209
 no ip route-cache
 bridge-group 3
 no bridge-group 3 source-learning
 bridge-group 3 spanning-disabled
!
interface FastEthernet0.210
 encapsulation dot1Q 210
 no ip route-cache
 bridge-group 4
 no bridge-group 4 source-learning
 bridge-group 4 spanning-disabled
!
interface FastEthernet0.211
 encapsulation dot1Q 211
 no ip route-cache
 bridge-group 5
 no bridge-group 5 source-learning
 bridge-group 5 spanning-disabled
!
interface FastEthernet0.212
 encapsulation dot1Q 212
 no ip route-cache
 bridge-group 6
 no bridge-group 6 source-learning
 bridge-group 6 spanning-disabled
!
interface FastEthernet0.213
 encapsulation dot1Q 213
 no ip route-cache
 bridge-group 7
 no bridge-group 7 source-learning
 bridge-group 7 spanning-disabled
!
interface BVI1
 ip address 10.128.15.5 255.255.255.0
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
 password 7 xxxxxxxxxxxxxxxxxxxx
line vty 0 4
 password 7 xxxxxxxxxxxxxxxxxxxx
!
end
 
GETX-AP2#
Open in New Window Select All

Answer : Problem: I cant get wpa to work on cisco AP with no radius

Try adding this under each dot11 ssid

authentication key-management wpa

Random Solutions  
 
programming4us programming4us