06-15-2007 07:39 AM - edited 07-03-2021 02:13 PM
Hi,
I was running ACS3.0 and I upgraded to 4.0 now The access points or clients cannot authenticate. Does anyone had similar problems?
Thanks in advance.
Biju
06-19-2007 09:19 AM
Hi,
Do you see any hits on acs failed attempts ?
Regards
06-19-2007 10:49 AM
Not at all but I could see authentication failed on the access point and sometimes it say ports not open.
06-19-2007 12:32 PM
Please make sure in ACS that AAA-Client key and NDG key are same or better keep AP in not-assigned group.
If issue is still there get debugs from AP,
debug radius
debug aaa authentication
Regards,
06-20-2007 06:31 AM
This is the output for debug
User Access Verification
WIRELESS_TEST#debug radius brief
Radius protocol debugging is on
Radius protocol brief debugging is on
Radius protocol verbose debugging is off
Radius packet hex dump debugging is off
Radius packet protocol debugging is off
Radius elog debugging debugging is off
Radius packet retransmission debugging is off
Radius server fail-over debugging is off
Radius elog debugging debugging is off
WIRELESS_TEST#
Jun 20 14:29:23.169: RADIUS/ENCODE(00000002):Orig. component type = DOT11
Jun 20 14:29:23.170: RADIUS(00000002): Storing nasport 257 in rad_db
Jun 20 14:29:23.170: RADIUS(00000002): Config NAS IP: 10.100.1.88
Jun 20 14:29:23.170: RADIUS(00000002): Config NAS IP: 10.100.1.88
Jun 20 14:29:23.170: RADIUS(00000002): Send Access-Request to 10.1.2.2:1812 id 1
645/1, len 134
Jun 20 14:29:28.776: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000
Jun 20 14:29:28.776: RADIUS: Retransmit to (10.1.2.2:1812,1813) for id 1645/1
Jun 20 14:29:33.800: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000
Jun 20 14:29:33.800: RADIUS: Retransmit to (10.1.2.2:1812,1813) for id 1645/1
Jun 20 14:29:39.240: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000
Jun 20 14:29:39.240: RADIUS: Retransmit to (10.1.2.2:1812,1813) for id 1645/1
Jun 20 14:29:44.680: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000
Jun 20 14:29:44.680: RADIUS: No response from (10.1.2.2:1812,1813) for id 1645/1
Jun 20 14:29:44.680: RADIUS/DECODE: parse response no app start; FAIL
Jun 20 14:29:44.680: RADIUS/DECODE: parse response; FAIL
Jun 20 10:29:44.681 R: %DOT11-7-AUTH_FAILED: Station 0013.021d.f404 Authenticati
on failed
Jun 20 14:29:45.229: RADIUS/ENCODE(00000003):Orig. component type = DOT11
Jun 20 14:29:45.230: RADIUS(00000003): Storing nasport 258 in rad_db
Jun 20 14:29:45.230: RADIUS(00000003): Config NAS IP: 10.100.1.88
Jun 20 14:29:45.230: RADIUS(00000003): Config NAS IP: 10.100.1.88
Jun 20 14:29:45.230: RADIUS(00000003): Send Access-Request to 10.1.2.2:1812 id 1
645/2, len 134
Jun 20 14:29:50.760: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000
Jun 20 14:29:50.760: RADIUS: Retransmit to (10.1.2.2:1812,1813) for id 1645/2
Jun 20 14:29:56.296: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000
Jun 20 14:29:56.296: RADIUS: Retransmit to (10.1.2.2:1812,1813) for id 1645/2
Jun 20 14:30:02.353: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000
Jun 20 14:30:02.353: RADIUS: Retransmit to (10.1.2.2:1812,1813) for id 1645/2
Jun 20 14:30:07.841: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000
Jun 20 14:30:07.841: RADIUS: No response from (10.1.2.2:1812,1813) for id 1645/2
Jun 20 14:30:07.841: RADIUS/DECODE: parse response no app start; FAIL
Jun 20 14:30:07.841: RADIUS/DECODE: parse response; FAIL
Jun 20 10:30:07.842 R: %DOT11-7-AUTH_FAILED: Station 0013.021d.f404 Authenticati
on failed
06-20-2007 07:11 AM
Thanks for the info.
Radius is not responding to the authen request. Can you please reissue secret key on ACS for this particular NAS ?
Is there any other device that works fine using same ACS ?
Incase this is ACS appliance then go to network configuration ---> Proxy Dis table----> Bring the name listed in AAA SERVERS to FORWARD TO box and name listed in FORWARD to box to AAA servers.
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: