(RADIATOR) problems w/ HP420 802.11g, radiator 3.11, PEAP, TTLS auth

Wed Oct 5 13:12:02 CDT 2005

Hello,

Mike McCauley wrote:
> Hello Jennifer,
> 
> 
> On Wednesday 05 October 2005 08:25, Jennifer Mehl wrote:
> 
>>Mike, thanks for the reply.
>>
>>I do have the latest firmware for the HP 420 (2.1.0).
>>
>>I have tried many different cards, and all seem to work fine on the
>>b-only radio mode of the AP with WPA/WPA2 and AES/TKIP, cards using EAP
>>methods PEAP and/or TTLS in supplicant.
>>
>>(The cards also work fine when the AP radio is set to b+g or g and using
>>no auth/encryption or simple WEP on a separate SSID.)
>>
>>For the b+g or g-only modes on the AP with WPA, here are the results:
>>1) D-Link DWL-G650 (b+g card) authenticates finally after 45 sec or so
>>on both b+g and g
>>2) SMC2532W (b-only card) authenticates quickly on b+g
>>3) Linksys WPC54Gv3 (b+g) never authenticates
>>4) Dell Wireless 1350 (b+g) never authenticates
>>5) Motorola WN825G (b+g) never authenticates
>>
>>I have the latest drivers for all wireless PC cards, and the WPA2 update
>>for XPSP2 installed on the host systems.
> 
> 
> Hmmm, this is very puzzling.
> We know that WPA and WPA2 work with Radiator and other APs and clients tested 
> here. The a/g type and encryption type is completely transparent to Radiator, 
> so if it works with g and not a, we suspect either the AP or the client 
> wireless card. We have not tested the HP 420 here, though.
> 
> It still looks like a client/AP problem to me.

I agree, but wanted to check with you Radiator "experts" to be sure. 
:-)  I'm talking to HP about this problem and hopefully they will be 
able to resolve it.

Is anyone else reading this list using HP 420s?  I'd love to know that 
it's not just that I made some stupid mistake...

thanks,
Jennifer

> 
> Cheers.
> 
> 
>>Jennifer
>>
>>========================================
>>Jennifer L. Mehl
>>Senior Systems Administrator
>>University of California, Santa Barbara
>>Physics Computing Services
>>jmehl -at- physics.ucsb.edu
>>(805) 893-8366 work
>>(805) 451-7486 cell
>>========================================
>>
>>Mike McCauley wrote:
>>
>>>Hello Jennifer,
>>>
>>>On Tuesday 04 October 2005 13:20, Jennifer Mehl wrote:
>>>
>>>>Hi everyone,
>>>>
>>>>I'm experiencing some strange problems, and I'm not sure if this is a
>>>>Radiator issue or an AP issue, or some combination thereof, so I'm
>>>>hoping for some ideas from any of you who may have a similar setup or
>>>>have similar equipment you could test.
>>>
>>>This _sounds_ like an AP issue. Some APs do not do mixed mode very well
>>>and g compatibility is sometimes poor in early firmware.
>>>
>>>Do you have the latest firmware for your AP?
>>>
>>>Are you able to try different pc client wireless cards? What is the
>>>result?
>>>
>>>Cheers.
>>>
>>>
>>>>Here is my environment:
>>>>
>>>>HP ProCurve 420 AP (2.1.0 firmware)
>>>>WPA/TKIP and WPA2/AES supported
>>>>802.1x authentication to Radiator 3.11 on RedHat Enterprise Linux 3
>>>>Radiator config for PEAP and TTLS to flat file, dynamic VLAN assignment,
>>>>SSL cert issued by Thawte Premium CA
>>>>Various wireless cards for WinXP built-in client or SecureW2 client
>>>>(Dell 1350 and D-Link DWL-G650) and Mac OS X 10.4 (Airport)
>>>>
>>>>Here is the problem:
>>>>If I configure the 420 AP radio to 802.11b-only mode, authentication
>>>>happens successfully, and quickly, for TTLS and PEAP clients.  BUT, If I
>>>>change the 420 AP radio back to its default radio setting, 802.11g+b or
>>>>802.11g only, the 802.1x authentication process never completes.  It
>>>>seems that the Access-Challenge is the last thing sent by the RADIUS
>>>>server to the AP/client.  The client keeps sending Access-Requests until
>>>>it gives up.
>>>>
>>>>I have tried playing around with EAPTLS_MaxFragmentSize in my Radiator
>>>>config, but I haven't had any luck, and I'm not entirely sure if that
>>>>option even has anything to do with the problem... it doesn't make sense
>>>>to me that authentication would complete with 802.11b but not 802.11g if
>>>>packet size or fragmentation were the issue (please correct me if I'm
>>>>wrong!).  The AP 2.1.0 firmware has a new configuration option in the
>>>>wireless-g config interface called "fragmentation-threshold" and the
>>>>default value is 2346.  Not sure if/how this might relate to
>>>>EAPTLS_MaxFragmentSize (which I currently have set at 1000).
>>>>
>>>>I believe I had the same problem with the older HP 420 firmware, 2.0.41.
>>>>I also have a support call in with HP (their 1st line of support says
>>>>she's never heard of this issue), but I'd like to be able to rule out
>>>>Radiator as a "suspect" in this problem before continuing on with HP.
>>>>
>>>>I have 7 APs that all exhibit this exact same problem, and I have tried
>>>>configuring a fresh "bare bones" config on them as well.  I do not have
>>>>another AP to test with Radiator, nor another RADIUS server to test the
>>>>APs with, to rule either of them out.  Right now, I have all of the
>>>>production APs running at 802.11b, and one test AP with a different SSID
>>>>running at 802.11b+g so I can troubleshoot this issue.
>>>>
>>>>My Radiator config is below, as well as a Level 5 trace of a "failed"
>>>>authentication while on the 802.11g radio.
>>>>
>>>>Thanks for any help you all can provide,
>>>>Jennifer
> 
> 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.