I have setup my mobile devices to authentication by MAC address on to ACS. I'm using CISCO 1200 APs all over the building.
I've followed ALL the guide docs and set everything up including creating the MAC usernames in ACS and placing them in a group in ACS etc. and also defined the VLANs on the core and referencing them in ACS.
Its seems though once the device authenticates in ACS it stops there and does not return the packed and allow the device to get an IP. I've attached the debug error log. I keep the getting the following erros which I am not sure about:
Mar 6 14:37:16.936: dot11_dot1x_verify_ptk_handshake: verifying PTK msg 2 from 0009.2dff.0510
Mar 6 14:37:16.936: dot11_dot1x_verify_eapol_header: Warning: Invalid key len (exp=0x20, act=0x0)
Mar 6 14:37:16.936: dot11_dot1x_verify_ptk_handshake:
Mar 6 14:37:16.936: dot11_dot1x_ssn_generate_ptk failed
Mar 6 14:37:16.936: dot11_mgr_sm_recv_ptk_msg2:
Mar 6 14:37:16.936: dot11_mgr_sm_recv_ptk_msg2: dot11_dot1x_verify_ptk_handshake failed
ar 6 14:37:16.063: dot11_mgr_sm_handshake_fail: Handshake failure for 0009.2dff.0510
Mar 6 14:37:16.063: %DOT11-7-AUTH_FAILED: Station 0009.2dff.0510 Authentication failed