05-28-2008 11:48 AM - edited 07-03-2021 03:56 PM
Hi ALL,
We suddenly experiencing issue of getting authenticated for users in particular SSID. These users are setup to use Local LEAP database in the WLC to get authenticated .. The recent trap shows the below message for the users
"AAA Authentication Failure for UserName:test User Type: WLAN USER"
In the message log ,we see the below message
ay 28 19:28:33.552 dtl_arp.c:504 DTL-3-INVALID_ARP_TIMEOUT_ADDR: MAC entry (MAC address) received for timeout is INVALID. Dropping it.
We are not sure ,about the above message and couldn't find an explanation in the WLC meesage guide .....If you have any idea ..Kindly let us know .....
Thanks
Regards
Anantha Subramanian Natarajan
06-03-2008 12:34 PM
The way on addressing restriction of access per user, is quite different in WLC than in aironet based access points. Using AVP you can "assign" the vlan to the user, but the SSID will remain to what the user connected, which in practical terms, means we can force User A, to be in vlan 10, no matter which SSID he is using. This will require to either use IETF attributes 64,65,81, as described here:
http://www.cisco.com/en/US/docs/wireless/controller/3.2/configuration/guide/c32sol.html
06-03-2008 12:56 PM
Hi Smalkeric,
Thanks for the reply ......Actually ,My question is to find out a way for avoiding the Cisco LEAP configured SSID to use that as primary authentication method even though RADIUS is been configured on the WLC.
Thanks
Regards
Anantha Subramanian Natarajan
06-03-2008 01:24 PM
There is no way to have local eap configured as your primary if you have any Radius configured. You will have to setup LEAP on the ACS if you are using that for a radius server.
06-03-2008 03:35 PM
Hi Fella5,
Thanks once again for your inputs
Regards
Anantha Subramanian Natarajan
06-03-2008 03:56 PM
I too wish that you can specify what radius server under a certain ssid. I also wish that if you dont specify a radius server on a n ssid that it wouldn't try to authenticate vai any configured radius server. At least now with the 5 code, you can have the wlc check to make sur the primary is back up in the case it went down.
06-03-2008 03:58 PM
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide