02-23-2007 07:17 AM - edited 07-03-2021 01:41 PM
hi
can somebody fill me in on how to link the WLC 4402 to the Cisco ACS SE.i am trying to authenticate from the windows AD,having configured the Windows Remote Agent and the Windows Database how do i make sure that the WLC can see the ACS.
if somebody have done a similar setup before pleas give me detailed steps as to how to go on about it,i found the ACS to be very complicated.
02-25-2007 12:27 PM
hi ,
Do "debug aaa all enable "
if your wlc is communicating with ACS server you get the logs
Hope this helps !
Seema
02-25-2007 09:24 PM
where do i issue the command
02-25-2007 11:44 PM
this is the output that i get when i run the debug aaa all enable command from the wlc but i cnt understand the output.
(Cisco Controller) >debug aaa all enable
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >Mon Feb 26 09:37:16 2007: User admin authenticated
Mon Feb 26 09:37:16 2007: Returning AAA Error 'Success' (0) for mobile 00:00:00:
57:00:00
Mon Feb 26 09:37:16 2007: AuthorizationResponse: 0x35906990
Mon Feb 26 09:37:16 2007: structureSize................................70
Mon Feb 26 09:37:16 2007: resultCode...................................0
Mon Feb 26 09:37:16 2007: protocolUsed.................................0x0
0000008
Mon Feb 26 09:37:16 2007: proxyState...................................00:
00:00:57:00:00-00:00
Mon Feb 26 09:37:16 2007: Packet contains 2 AVPs:
Mon Feb 26 09:37:16 2007: AVP[01] Service-Type........................
.....0x00000006 (6) (4 bytes)
Mon Feb 26 09:37:16 2007: AVP[02] Airespace / WLAN-Identifier.........
.....0x00000000 (0) (4 bytes)
02-26-2007 10:00 AM
Hi
Looks like your wlc is not communicating with the acs server ;
Is the basic configuration to accept radius request configured on the acs server ?
Regards
Seema
02-26-2007 09:25 PM
thats where i am struggling maybe am still trying to install certificates because i am using Peap..where do i get them?
02-27-2007 12:43 AM
this is the the debug aaa all enable output that i get from my wlc 4402,does it mean that its now communicating with the ACS?
(Cisco Controller) >Tue Feb 27 10:38:30 2007: AccountingMessage Accounting Inter
im: 0x12dccbd8
Tue Feb 27 10:38:30 2007: Packet contains 16 AVPs:
Tue Feb 27 10:38:30 2007: AVP[01] User-Name...........................
.....0012f0325e83 (12 bytes)
Tue Feb 27 10:38:30 2007: AVP[02] Nas-Port............................
.....0x00000001 (1) (4 bytes)
Tue Feb 27 10:38:30 2007: AVP[03] Nas-Ip-Address......................
.....0x0a01100a (167841802) (4 bytes)
Tue Feb 27 10:38:30 2007: AVP[04] NAS-Identifier......................
.....Cisco_46:bf:23 (14 bytes)
Tue Feb 27 10:38:30 2007: AVP[05] Airespace / WLAN-Identifier.........
.....0x00000001 (1) (4 bytes)
Tue Feb 27 10:38:30 2007: AVP[06] Acct-Session-Id.....................
.....45e3f2cc/00:12:f0:32:5e:83/22 (29 bytes)
Tue Feb 27 10:38:30 2007: AVP[07] Acct-Authentic......................
.....0x00000003 (3) (4 bytes)
Tue Feb 27 10:38:30 2007: AVP[08] Acct-Status-Type....................
.....0x00000003 (3) (4 bytes)
Tue Feb 27 10:38:30 2007: AVP[09] Acct-Input-Octets...................
.....0x001d9720 (1939232) (4 bytes)
Tue Feb 27 10:38:30 2007: AVP[10] Acct-Output-Octets..................
.....0x0057727e (5730942) (4 bytes)
Tue Feb 27 10:38:30 2007: AVP[11] Acct-Input-Packets..................
.....0x00002e64 (11876) (4 bytes)
Tue Feb 27 10:38:30 2007: AVP[12] Acct-Output-Packets.................
.....0x000025b0 (9648) (4 bytes)
Tue Feb 27 10:38:30 2007: AVP[13] Acct-Session-Time...................
.....0x0000175a (5978) (4 bytes)
Tue Feb 27 10:38:30 2007: AVP[14] Acct-Delay-Time.....................
.....0x00000000 (0) (4 bytes)
Tue Feb 27 10:38:30 2007: AVP[15] Calling-Station-Id..................
.....10.1.16.119 (11 bytes)
Tue Feb 27 10:38:30 2007: AVP[16] Called-Station-Id...................
.....10.1.16.10 (10 bytes)
Tue Feb 27 10:38:59 2007: AccountingMessage Accounting Interim: 0x12dd8208
Tue Feb 27 10:38:59 2007: Packet contains 16 AVPs:
Tue Feb 27 10:38:59 2007: AVP[01] User-Name...........................
.....00166f9d29bc (12 bytes)
Tue Feb 27 10:38:59 2007: AVP[02] Nas-Port............................
.....0x00000001 (1) (4 bytes)
Tue Feb 27 10:38:59 2007: AVP[03] Nas-Ip-Address......................
.....0x0a01100a (167841802) (4 bytes)
Tue Feb 27 10:38:59 2007: AVP[04] NAS-Identifier......................
.....Cisco_46:bf:23 (14 bytes)
Tue Feb 27 10:38:59 2007: AVP[05] Airespace / WLAN-Identifier.........
.....0x00000001 (1) (4 bytes)
Tue Feb 27 10:38:59 2007: AVP[06] Acct-Session-Id.....................
.....45e40174/00:16:6f:9d:29:bc/25 (29 bytes)
Tue Feb 27 10:38:59 2007: AVP[07] Acct-Authentic......................
02-27-2007 03:13 AM
hey ,
Check this link
this should help you
can you send me
show radius summary
have you configured radius server properly
let me kwn if need more info
Regards
Seema
02-27-2007 04:36 AM
man i really appreciate the help am getting from you.
i found the document that you sent very helpful but then the example uses LEAP between the APs and the clients.In my case i chose to use Peap because my wireless adapters only support EAP(PEAP)but ofcourse my APs are Aironets 1242AG,so i chose radius IETF instead of radius Aironet..is that right?
please see the show radius summary output
(Cisco Controller) >
(Cisco Controller) >show radius summary
Vendor Id Backward Compatibility................. Disabled
Credentials Caching.............................. Enabled
Call Station Id Type............................. IP Address
Administrative Authentication via RADIUS......... Enabled
Keywrap.......................................... Disabled
Authentication Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
--- ---- ---------------- ------ -------- ---- ------- ------------------
------------------------------
1 NM 10.1.21.3 1812 Enabled 2 Enabled Disabled - none/u
nknown/group-0/0 none/none
Accounting Servers
Index Type Server Address Port State Tout RFC-3576 IPSec - AuthMod
e/Phase1/Group/Lifetime/Auth/Encr
----- ---- ---------------- ------ -------- ---- -------- ---------------
---------------------------------
(Cisco Controller) >
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide