cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2738
Views
9
Helpful
19
Replies

WLC domain user authentication

jong_r0602
Level 1
Level 1

Hi Guru's

Im having a problem in configuring my WLC domain users. I have ACS v3.3 and WLC 4112.

I followed this instruction but still i keep on authenticating whenever i tried to connect my Laptop to certain SSID. And also, the windows login prompt me only once. Please help me

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml#manual

thanks.

1 Accepted Solution

Accepted Solutions
19 Replies 19

andrew.prince
Level 10
Level 10

Emmanuel,

What kind of 802.1x authentication are you trying, LEAP, PEAP, EAP-FAST ???? Theses are all depnedant on specific factors in the WLC, ACS & remote device?

Hi Andrew,

Thanks for the response,

Im currently using PEAP. im able to connect but it keep saying "attempting to authenticate"

I dont know what is the point of failure here. Appreciate your help

Thanks,

Jong

What is the error message if any in the ACS logs?

it says, user access filtered

Here's also the log's on my WLC

Its saying "00:0e:35:c0:78:d3 /user 'unknown'" but my login works fine in other device AAA client using external DB also.

Log System Time Trap

0 Wed May 14 23:47:03 2008 RADIUS server 202.162.160.253:1812 failed to respond to request (ID 138) for client 00:0e:35:c0:78:d3 / user 'unknown'

Thanks,

Jong

Do i need to enable the IPsec?

Verify the shared secret key between the ACS and the WLC.

-Scott
*** Please rate helpful posts ***

Have you configured the ACS server to accept authentication requests from the WLC?

yes i have configured my ACS server to authenticate the user's request via AD.

Sometimes the ACS said that my login is authenticated but sometimes failed. And it takes a long time (10-15 min) to reauthenticate again. And WLC saying "Radius not responding. But sometimes its good.

Have you configured the ACS server to use PEAP? Do you have a certificate on the ACS server (not the self signed cert, but one from a CA?)

yes i have configured PEAP and LEAP on my ACS. Our systems admin configured a certicate and that's what im using on my ACS. But when im get connected, its suddenly disconnected. Im using 8

Get your config working with LEAP first. Since LEAP doesn't require Certs it eliminates any cert issues. Test with local accounts on the ACS as that removes any issue between the ACS and AD. Also make sure you have the appropriate drivers on the clients.

run a debug on the controller. debug client and then debug aaa events enable. this should lead you in the direction to see what and where it is failing.

I think my authentication is now been resolved. But i still have a problem, whenever the user logout on the workstation the session will disconnect to the network. Is there a way to make the connection still connected?

Thanks

Jong

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: