(RADIATOR) problems w/ HP420 802.11g, radiator 3.11, PEAP, TTLS auth

Jennifer Mehl jmehl at physics.ucsb.edu
Tue Oct 4 17:25:07 CDT 2005


Mike, thanks for the reply.

I do have the latest firmware for the HP 420 (2.1.0).

I have tried many different cards, and all seem to work fine on the 
b-only radio mode of the AP with WPA/WPA2 and AES/TKIP, cards using EAP 
methods PEAP and/or TTLS in supplicant.

(The cards also work fine when the AP radio is set to b+g or g and using 
no auth/encryption or simple WEP on a separate SSID.)

For the b+g or g-only modes on the AP with WPA, here are the results:
1) D-Link DWL-G650 (b+g card) authenticates finally after 45 sec or so 
on both b+g and g
2) SMC2532W (b-only card) authenticates quickly on b+g	
3) Linksys WPC54Gv3 (b+g) never authenticates
4) Dell Wireless 1350 (b+g) never authenticates
5) Motorola WN825G (b+g) never authenticates

I have the latest drivers for all wireless PC cards, and the WPA2 update 
for XPSP2 installed on the host systems.

Jennifer

========================================
Jennifer L. Mehl
Senior Systems Administrator
University of California, Santa Barbara
Physics Computing Services
jmehl -at- physics.ucsb.edu
(805) 893-8366 work
(805) 451-7486 cell
========================================

Mike McCauley wrote:
> Hello Jennifer,
> 
> On Tuesday 04 October 2005 13:20, Jennifer Mehl wrote:
> 
>>Hi everyone,
>>
>>I'm experiencing some strange problems, and I'm not sure if this is a
>>Radiator issue or an AP issue, or some combination thereof, so I'm
>>hoping for some ideas from any of you who may have a similar setup or
>>have similar equipment you could test.
> 
> 
> This _sounds_ like an AP issue. Some APs do not do mixed mode very well and g 
> compatibility is sometimes poor in early firmware.
> 
> Do you have the latest firmware for your AP?
> 
> Are you able to try different pc client wireless cards? What is the result?
> 
> Cheers.
> 
> 
>>Here is my environment:
>>
>>HP ProCurve 420 AP (2.1.0 firmware)
>>WPA/TKIP and WPA2/AES supported
>>802.1x authentication to Radiator 3.11 on RedHat Enterprise Linux 3
>>Radiator config for PEAP and TTLS to flat file, dynamic VLAN assignment,
>>SSL cert issued by Thawte Premium CA
>>Various wireless cards for WinXP built-in client or SecureW2 client
>>(Dell 1350 and D-Link DWL-G650) and Mac OS X 10.4 (Airport)
>>
>>Here is the problem:
>>If I configure the 420 AP radio to 802.11b-only mode, authentication
>>happens successfully, and quickly, for TTLS and PEAP clients.  BUT, If I
>>change the 420 AP radio back to its default radio setting, 802.11g+b or
>>802.11g only, the 802.1x authentication process never completes.  It
>>seems that the Access-Challenge is the last thing sent by the RADIUS
>>server to the AP/client.  The client keeps sending Access-Requests until
>>it gives up.
>>
>>I have tried playing around with EAPTLS_MaxFragmentSize in my Radiator
>>config, but I haven't had any luck, and I'm not entirely sure if that
>>option even has anything to do with the problem... it doesn't make sense
>>to me that authentication would complete with 802.11b but not 802.11g if
>>packet size or fragmentation were the issue (please correct me if I'm
>>wrong!).  The AP 2.1.0 firmware has a new configuration option in the
>>wireless-g config interface called "fragmentation-threshold" and the
>>default value is 2346.  Not sure if/how this might relate to
>>EAPTLS_MaxFragmentSize (which I currently have set at 1000).
>>
>>I believe I had the same problem with the older HP 420 firmware, 2.0.41.
>>I also have a support call in with HP (their 1st line of support says
>>she's never heard of this issue), but I'd like to be able to rule out
>>Radiator as a "suspect" in this problem before continuing on with HP.
>>
>>I have 7 APs that all exhibit this exact same problem, and I have tried
>>configuring a fresh "bare bones" config on them as well.  I do not have
>>another AP to test with Radiator, nor another RADIUS server to test the
>>APs with, to rule either of them out.  Right now, I have all of the
>>production APs running at 802.11b, and one test AP with a different SSID
>>running at 802.11b+g so I can troubleshoot this issue.
>>
>>My Radiator config is below, as well as a Level 5 trace of a "failed"
>>authentication while on the 802.11g radio.
>>
>>Thanks for any help you all can provide,
>>Jennifer
> 
> 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list