Wireless Access

Hello,

I'm having a problem with my 3200 controller right now. 

The problem is that I can't create new vap profile because when I entered the AAA profile and SSID profile and click apply button it says dot1x profile needs to be enabled in aaa profile default. The aaa profile I choosed is not default profile. And I created a dot1x profile via Layer 2 Authentication under 802.1x. I tried to configure it from wizard and CLI interface but I was not successful on both. What could be the point I'm missing. I have a radius server and I'm trying to authenticate users via this server also put them into the appropriate user role with appropriate server rule which matches the role via tunnel-private-group-id.

And also I've already created one test profile before and it works fine but now I have different vlans and different user roles. I want to create a new ap group. The only difference between the time i created the test profile and now is the OS version of the controller. Back then the version is 6.3.1.2 but now it is 6.3.1.8.

Any help will be appreciated!

Could you share your configuration of the profile with us?

The configuration of the working profile is below

wlan virtual-ap "test"
aaa-profile "deneme_internal"
ssid-profile "arubatest"
vlan 60,70,80
no broadcast-filter arp
no blacklist

wlan ssid-profile "arubatest"
essid "arubatest"
opmode wpa-tkip wpa2-aes

aaa profile "deneme_internal"
mac-default-role "authenticated"
authentication-dot1x "test"
dot1x-default-role "authenticated"
dot1x-server-group "deneme_Server_group"
enforce-dhcp

aaa authentication dot1x "test"
reauth-server-termination-action
termination inner-eap-type eap-mschapv2

The second part is the one that gives the error. I only created the aaa profile that concerns vlan 60. I will add the vlan 70 and 80's aaa profile with the same ssid profile. And will use the server-derivation rule to assing users to appropriate user role and vlan.

aaa profile "uzak_lokasyon_vlan60_aaa"
authentication-dot1x "uzak_lokasyon_dot1x"
dot1x-default-role "vlan60_dot1x_default"
dot1x-server-group "deneme_Server_group"

aaa authentication dot1x "uzak_lokasyon_dot1x"
machine-authentication user-default-role "authenticated"

user-role vlan60_dot1x_default
vlan 60
access-list session ra-guard
access-list session allowall
access-list session v6-allowall

wlan ssid-profile "uzaklokasyon" %The SSID will be used.
essid "uzaklokasyon"
opmode wpa-tkip wpa2-aes

Where is the configuration for the non-working Virtual AP?

the vap I try to create is in a different Ap group. Under that ap group when I try to create that vap it gives the errors below where the bottom line, I think, indicates the error that it can't create the virtual ap profile.

Error processing command 'wlan virtual-ap "vlan60_vap"':Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa2-psk-aes" configured in ssid profile "default"
Error processing command 'wlan virtual-ap "vlan60_vap" aaa-profile "uzak_lokasyon_vlan60_aaa"':Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa2-psk-aes" configured in ssid profile "default"
Error processing command 'wlan virtual-ap "vlan60_vap" ssid-profile "uzaklokasyon"':Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa2-psk-aes" configured in ssid profile "default"
Error processing command 'ap-group "uzak_lokasyon_APG" virtual-ap "vlan60_vap"':Virtual AP profile "vlan60_vap" does not exist.

do this:

config t
wlan virtual-ap "vlan60_vap"
clone virtual-ap test
vlan 60
exit

Thanks for your quick return. I entered the first line of your commands;

wlan virtual-ap "vlan60_vap"

And the output from the CLI is:

Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa2-psk-aes" configured in ssid profile "default"

Then remove it:

config t
no wlan virtual-ap "vlan60_vap

 After that, try the commands again.

The output is this;

(Trustnet3200) (config) #no wlan virtual-ap "vlan60_vap"
Virtual AP profile "vlan60_vap" undefined.

(Trustnet3200) (config) #wlan virtual-ap "vlan60_vap"
Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa2-psk-aes" configured in ssid profile "default"

 I would try a different Virtual-ap name.  Not sure why you have that error.

Tried with a different name, expvap. Also used the aaa and ssid profile of the working vap profile. Same result. Maybe i should factory reset it as it is working in a test enviroment right now. 

The output is below:

Error processing command 'wlan virtual-ap "expvap"':Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa2-psk-aes" configured in ssid profile "default"
Error processing command 'wlan virtual-ap "expvap" aaa-profile "deneme_internal"':Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa2-psk-aes" configured in ssid profile "default"
Error processing command 'wlan virtual-ap "expvap" ssid-profile "arubatest"':Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa2-psk-aes" configured in ssid profile "default"
Error processing command 'ap-group "uzak_lokasyon_APG" virtual-ap "expvap"':Virtual AP profile "expvap" does not exist.

or you can do this:

config t
aaa profile default
authentication-dot1x "test"

 Try again after that...

It worked. Thank you for your help.

Try the WLAN/LAN Wizard under configuration...  That will create all the profiles for you.

I have already tried it. It didn't work.