WRT54GS2.0 w/Talisman1.04: RADIUS not functioning on LAN

Discussion in 'Networking Issues' started by frisbeejonny, Jul 15, 2005.

  1. frisbeejonny

    frisbeejonny Guest

    I Have an existing M$-only corporate network w/ win2k IAS&DHCP, the wireless network needs to use corporate DHCP server for address allocation and RADIUS authentication using EAP; currently using only MAC filtering and a WEP64 key on the clients.

    Network Info:
    Wireless1L1: WRT54GS2.0 Talisman1.0.4gs, WAN port disabled, LAN port has static IP (subnet 103 is exclusively for wireless, LAN port static IP is outside DHCP range). GW: (L3switch used as gateway to other subnets/vlans and out to the firewall). WEP64 working fine on all WDS and Adapter Clients (moving to WPA2 in Q3). For this test, I used a stand-alone (NON-WDS) wireless router.
    Users connected to Wireless1L1 are able to work as they would as if on the 101subnet (standard subnet for all other workstations) - Access to servers/Internet/etc all without issue. Wireless users were able to get DHCP addresses from and ping the DHCPAUTH server.

    Server Info:
    DHCPAUTH: Windows2000Server running DHCP and IAS (RADIUS). IP Address: (100 subnet is used exclusively for servers). GW: (same L3 switch, different VLAN). Configured a new client in the IAS console for Wireless1L1 using the Wireless1L1’s LAN IP ( DHCPAUTH can remotely manage Wireless1L1 via the web interface and can ping wireless clients connected to Wireless1L1 – so inter-vlan routing isn’t an issue.

    Here's my dilemma:
    Attempted to setup Wireless>Security>RADIUS on Wireless1L1 (kept the WEP Key the same, so as to not introduce more complexity during debug). I had to setup a static Route in Advanced Routing to have ALL traffic going to to use the lan interface, because before doing that, (I’m guessing) the RADIUS traffic was going out on the wan interface.
    When connecting to the wireless network with a WinXPsp2 system (using Linksys WMP54GS PCI cards that have been working flawlessly), I was prompted for a username/password/domain as expected. When entering an existing username from the domain that is in the WirelessUsers domain users group (this was configured on the IAS as a RemotePolicy), the prompt would say “validating†for up to 90 seconds, then disappear without connecting the wireless client to the network.

    During each authorization/login attempt from the wireless client, I was monitoring the RADIUS logs on DHCPAUTH; no logging was taking place – it was as though the requests weren’t being delivered to the server. Until I accidentally mistyped my username during one of the wireless auth attempts; immediately an “unknown username†log entry appeared both in the RADIUS logs and the System Events (event viewer).
    This told me that the request WERE being delivered to the RADIUS server (and after opening up my packet capture program, which I put on the 103 subnet, to make sure the packets weren’t being routed incorrectly between the servers); this also told me that the RADIUS server wasn’t the problem, because it was successfully sending and routing the challenge-response packets back to the address of the WRT54GS LAN port.

    SO… I decided to load an older Firmware onto the WRT54GS (loaded Alchemy FINAL, which had been working fine on the WRT54GS2.0 for a few months before upgrading to Talisman1.0.4gs). After loading Alchemy and re-setting all the configurations to pre-RADIUS setup and confirming it worked with the WEP, I again embarked on this RADIUS mission (just RADIUS, not WPA-RADIUS). And again, I was unable to figure out why the RADIUS challenge responses were not being processed by the WRT54GS router.

    So my question to all of you guru in the know is: What’s going on and how do I fix it?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice