I've been trying unsuccessfully to get SSO working using a Cisco 
autonomous AP (1240 series, IOS 12.4(10b)JDA3) and WPA-Enterprise. I've 
managed to get WPA working, but not with SSO, despite following a number 
of Cisco (VPN SSO) deployment guides. I know the autonomous stuff isn't 
supported, but I was hoping it would work, since our site has a 50/50 
split of that and lightweight.

I configured my CCA Server (In-band Virtual Gateway, 4.7.1) according to 
the VPN SSO guide, and pointed my AP radius accounting server to it. 
Debugging on the AP seems to indicate the accounting packets are 
successfully sent to the CCA server, when I log in via WPA from my XP 
client. However, the Agent prompts for my username and password as it 
usually does, and there is no indication the CCA Server is even 
acknowledging that. I'm not even sure how to debug that end.

Does anyone have an autonomous AP working using SSO? Was there anything 
unusual about the setup that the documentation might not cover? One 
thing I wondered was whether the Radius attributes being sent from my AP 
were sufficient for SSO. It includes my client MAC address but not the 
client IP address. Is that a show stopper?


-Mike