Subject: | |
From: | |
Reply To: | |
Date: | Thu, 21 Jan 2010 11:24:04 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
I've been trying unsuccessfully to get SSO working using a Cisco
autonomous AP (1240 series, IOS 12.4(10b)JDA3) and WPA-Enterprise. I've
managed to get WPA working, but not with SSO, despite following a number
of Cisco (VPN SSO) deployment guides. I know the autonomous stuff isn't
supported, but I was hoping it would work, since our site has a 50/50
split of that and lightweight.
I configured my CCA Server (In-band Virtual Gateway, 4.7.1) according to
the VPN SSO guide, and pointed my AP radius accounting server to it.
Debugging on the AP seems to indicate the accounting packets are
successfully sent to the CCA server, when I log in via WPA from my XP
client. However, the Agent prompts for my username and password as it
usually does, and there is no indication the CCA Server is even
acknowledging that. I'm not even sure how to debug that end.
Does anyone have an autonomous AP working using SSO? Was there anything
unusual about the setup that the documentation might not cover? One
thing I wondered was whether the Radius attributes being sent from my AP
were sufficient for SSO. It includes my client MAC address but not the
client IP address. Is that a show stopper?
-Mike
|
|
|