cancel
Showing results for 
Search instead for 
Did you mean: 

AP-7532 authentication trouble ?

AP-7532 authentication trouble ?

john30
New Contributor

Hello,

I have an issue to connect to the SSID I created. I can see it but can't connect.
AP is used in a domestic environment at the moment.


Below is the config that I have set up, if someone can enlighten me ?

Many thanks !


! Configuration of AP7532 version 5.9.1.2-006R
!
!
version 2.5
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
no stateful-packet-inspection-l2
ip tcp adjust-mss 1400
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
wlan svizec
ssid svizec
vlan 1
bridging-mode local
encryption-type ccmp
authentication-type none
wpa-wpa2 psk 0 sun123456
!
!
management-policy default
telnet
no http server
https server
ssh
user admin password 1 6ed64629f4a056583e143868b15becf048a0be0e46226472fc585e4cbaabeb6b role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
nsight-policy default
!
profile ap7532 default-ap7532
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
service pm sys-restart
router ospf
adoption-mode controller
!
rf-domain default
timezone CET
country-code gb
use nsight-policy default
!
ap7532 B8-50-01-37-42-E4
use profile default-ap7532
use rf-domain default
hostname ap7532-3742E4
ip default-gateway 192.168.0.0
interface radio1
channel smart
power 30
placement indoor
wlan svizec bss 1 primary
interface radio2
channel smart
power 30
placement indoor
wlan svizec bss 1 primary
interface ge1
switchport mode trunk
switchport trunk native vlan 1
switchport trunk native tagged
switchport trunk allowed vlan 1
interface vlan1
ip address 192.168.0.1/24
no adoption-mode
!
!

2 ACCEPTED SOLUTIONS

Christoph_S
Extreme Employee

Hello John,

By "Can't connect" do you mean:

1 - Can't see the SSID?

2 - Can see the SSID but can't connect using your credentials?

3 - Connect to the SSID but don't pull a DHCP IP address?

4 - Pull a DHCP IP address but can't get to the Internet?

etc.

From what I can see the default gateway you configured is the network IP address so you should look at that first, then reduce the radio power to 10db (only for testing). You may also want to add the best practices firewall policy: https://extremeportal.force.com/ExtrArticleDetail?an=000078342

Is there a reason the ge 1 port is trunked and native vlan tagged? Please change ge 1 to access port and make sure that the native VLAN is untagged and test. 

What is the full AP model?

Upgrade the firmware at the very  least to the latest 5.9 version. 

BR,

Christoph S.

View solution in original post

ckelly
Extreme Employee

Are you maybe trying to use the AP7532 as your Internet router? (Using both Ethernet ports?) Guessing not, but based on some configs, seems like maybe....

The actual WLAN settings look fine. If you are not able to associate to the WLAN, then you are likely just entering the wrong passphrase....or your wireless adapter (or whatever you are using to try to connect) has a driver problem. I'm guessing that actually associating to the WLAN though is not the real problem (You are associating but just can't reach the Internet).

First, the default gateway value is not correct. If you have another device that is providing your Internet connection, that device's IP address needs to be configured here. Since you seem to be using a 192.168.0.0 network, that device (default gateway) usually has the address of 192.168.0.1/24 (which is why I'm wondering if you are maybe attempting to make the AP7532 the Internet connected router).  If whatever device you are using that has the actual Internet connection DOES use the 192.168.0.1 address though, then you also need to also change the static IP address of the AP7532 to something else...otherwise, IP conflict and things break.

Agree that your configuration of using a trunked interface with tagged native vlan is not likely not what you intended (Is the AP7532 connected to a VLAN capable switch?). If you're not sure, then pretty certain you don't need these settings. To remove those configs:

#self

#remove-override interface ge 1

#remove-override ip default-gateway

       #commit write mem

 

You then still likely need to correctly define what your ip default-gateway IP is and also enter a non-conflicting IP address for the AP7532.

View solution in original post

3 REPLIES 3

ckelly
Extreme Employee

Are you maybe trying to use the AP7532 as your Internet router? (Using both Ethernet ports?) Guessing not, but based on some configs, seems like maybe....

The actual WLAN settings look fine. If you are not able to associate to the WLAN, then you are likely just entering the wrong passphrase....or your wireless adapter (or whatever you are using to try to connect) has a driver problem. I'm guessing that actually associating to the WLAN though is not the real problem (You are associating but just can't reach the Internet).

First, the default gateway value is not correct. If you have another device that is providing your Internet connection, that device's IP address needs to be configured here. Since you seem to be using a 192.168.0.0 network, that device (default gateway) usually has the address of 192.168.0.1/24 (which is why I'm wondering if you are maybe attempting to make the AP7532 the Internet connected router).  If whatever device you are using that has the actual Internet connection DOES use the 192.168.0.1 address though, then you also need to also change the static IP address of the AP7532 to something else...otherwise, IP conflict and things break.

Agree that your configuration of using a trunked interface with tagged native vlan is not likely not what you intended (Is the AP7532 connected to a VLAN capable switch?). If you're not sure, then pretty certain you don't need these settings. To remove those configs:

#self

#remove-override interface ge 1

#remove-override ip default-gateway

       #commit write mem

 

You then still likely need to correctly define what your ip default-gateway IP is and also enter a non-conflicting IP address for the AP7532.

Christoph_S
Extreme Employee

Hello John,

By "Can't connect" do you mean:

1 - Can't see the SSID?

2 - Can see the SSID but can't connect using your credentials?

3 - Connect to the SSID but don't pull a DHCP IP address?

4 - Pull a DHCP IP address but can't get to the Internet?

etc.

From what I can see the default gateway you configured is the network IP address so you should look at that first, then reduce the radio power to 10db (only for testing). You may also want to add the best practices firewall policy: https://extremeportal.force.com/ExtrArticleDetail?an=000078342

Is there a reason the ge 1 port is trunked and native vlan tagged? Please change ge 1 to access port and make sure that the native VLAN is untagged and test. 

What is the full AP model?

Upgrade the firmware at the very  least to the latest 5.9 version. 

BR,

Christoph S.

Hello Christoph,

Many thanks for your help. I did apply all and it works perfectly now.

Have a good day
John

GTM-P2G8KFN