[spizade]

I have an existing network setup with Cisco Aironet 1200 access points, authenticating against our Domain Controller running Windows Server 2003. It works fine with Linksys brand 802.11g wi-fi cards with Windows XP. I have the update to Airport 3.2 and I am running OS 10.3.1 with 12" Powerbooks with the Airport Extreme cards. I fill in the WPA information in the Airport software controller for our SSID, and the login information, but it just returns back no network found. The WinXP laptop and Linksys card right beside the Apple works just fine. Any suggestions for this Apple configuration?

[mousehouse]

i remember reading somewhere about using LEAP-style authentication using Apple's Airport. you needed to do some tweaking in the username/password fields when authenticating.

sorry i can't be of any more help but if you search google on these maybe you'll get more results...

[spizade]

There isnt much information available on this on Google, I've tried. WPA was just implemented on the latest update late last week. From what I can tell, I am the only person in the world trying to do this, or I am the only person that can't figure it out.

[mousehouse]

hmmm, lets try some basic troubleshooting...

have you tried MacStumbler or something like that to "see" the network, just to verify the settings the Airport card picks up from wireless...

also, you might do a tcpdump on the wireless interface and capture some traffic going forward & backward. maybe your Airport is not getting anything back...

you wouldn't by any chance also be using MAC address authentication as well?

edit...

from Cisco.com,

WEP Enhancements
Enhancements are needed to mitigate the WEP vulnerabilities discussed in the "802.11 Is Insecure" axiom section. IEEE 802.11i includes two encryption enhancements in its draft standard for 802.11 security:

1. Temporal Key Integrity Protocol, or TKIP, which is a set of software enhancements to RC4-based WEP

2. AES, which is a stronger alternative to RC4

In December 2001, Cisco introduced support for TKIP as a component of the Cisco Wireless Security Suite. Because the standard for TKIP was not finalized at that time, the implementation is prestandard and is sometimes referred to as Cisco TKIP. In 2002, 802.11i finalized the specification for TKIP, and the Wi-Fi Alliance announced that it was making TKIP a component of Wi-Fi Protected Access (WPA), which will become a requirement for Wi-Fi compliance before the end of 2003. The enterprise version of WPA also requires 802.1X for 802.11. Both Cisco TKIP and the WPA TKIP include per-packet keying (PPK) and message integrity check (MIC). WPA TKIP introduces a third element: extension of the initialization vector from 24 bits to 48 bits. This section discusses the Cisco TKIP implementation details that demonstrate the security enhancements of TKIP. For more information on WPA, refer to the WECA Web site:

http://www.weca.net

reading this i would also try to find out which software release your aironet is running and see if it's been upgraded to a recent version with proper 802.1X spec conformance.

[spizade]

Ok, new update, I tried using a Cisco brand wifi adapter in another WinXP system at the same location and it is doing the same thing as my Powerbook. It appears to be in a constant state of authenticating, dropping the connection, then authenticating again. This just keeps cycling through over and over. The Linksys wifi card works fine in the same laptop that the Cisco had problems with, and the Cisco had problems in the other WinXP machine I referred to yesterday. I have a hard time thinking that this is an issue with the firmware for both Cisco and Apple with the WiFi adapters, so I opened a trouble ticket with Cisco. We will see what happens. If you have any other suggestions, let me know, if not thanks for the help thus far.

[mousehouse]

well, the only contstant part in here is the Aironet AP, which is the one i suspect. please do let me know what Cisco comes back with... i'm very curious.

[kampl]

I don't think Airport cards support, in their current iteration, the improved WPA cipher scheme. LEAP was basically the same old WEP with TKIP and MIC. WPA supplants WEP and maintains TKIP and MIC.

It's unfortunate that there is such a huge gaping hole in LEAP right now since it was a nice easy stopgap measure til something better comes along.

I too am curious what TAC comes back to you with since migration off LEAP, for me, would be really nice and let me sleep better. Maybe. Please post back. Thanks.

[kampl]

Has TAC come back to you with any solutions regarding your wireless authentication problem?

[kampl]

I dug up the following on Cisco's suport pages:

"Note: Only 350 series and CB20A cards that are installed on computers running Windows 2000 or XP and running LEAP or host-based EAP authentication can be used with WPA."

So I guess even using the Cisco Aironet 350 cards on a Mac will not let you join a WPA protected wireless network at this stage of the game.

Has anyone else seen otherwise?