cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4156
Views
0
Helpful
12
Replies

Wireless connection fails

patel.nishit
Level 1
Level 1

Connection to wireless networks fails with the following error:

Tue Aug 5 11:15:54 2008 RADIUS server 10.57.10.4:1812 deactivated in global list

Tue Aug 5 11:15:54 2008 RADIUS server 10.57.10.4:1812 failed to respond to request (ID 111) for client 00:16:6f:74:e2:b9 / user 'unknown'

I am not sure why these just started happening after being stable for long time.

12 Replies 12

jsivulka
Level 5
Level 5

The reason for this is that a silent discard is a valid radius response for a client when a certificate does not match.

The following url will help you:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/user/guide/sba.html

Were in the link you provided show the solution to fix this problem.

Waht does the failed attemps on the ACS logs show?

-Scott
*** Please rate helpful posts ***

Its a cisco Wireless Controller LAN were we see the following error:

RADIUS server 10.57.10.247:1813 failed to respond to request (ID 250) for client 00:13:02:88:df:d8 / user 'unknown'

RADIUS server 10.57.10.247:1813 deactivated in global

Okay, but can you post what the ACS shows under failed attemps. You can have an issues with the wlc not being added to AAA, or bad shared key on either end, or the radius setup on the wlc and in the ssid. Not knowing how things are configured makes it tough to figure out.

-Scott
*** Please rate helpful posts ***

It is authenticated via Radius server, I will try to get the logs from the Radius server to review.

Hi there,

We also having the above issues.

I can confirm that the wlc is on our ACS (RADIUS), the shared key on both ends are the same. The certs have been added to ACS with EAP-TLS checked under Global Authentiaction. There are users and hardware certs on the devices trying to connect to.

Setup looks identical to our LAB environment which is not having issues.

The error on WLC:

RADIUS server 10.139.156.221:1812 failed to respond to request (ID 131) for client 00:13:ce:ed:2b:b0 / user 'unknown'

The error on ACS - Failed attempts:

Message Type: Bad request from NAS

Authen-Failure-Code: Invalid message authenticator in EAP

Any help/advice would be greatly appreciated

Hi there,

We are also facing the same issue, when trying to get authentication from Windows IAS.

WLC is showing the same logs as patel says.

If you ppl have got any solution do let me know as well!

arellangera
Level 1
Level 1

So did you find the solution to your problem I am having the same issue with a couple of controllers.

So I would really appreciate if you share the solution

Thanks.

LG

Hi All,

For our situation, it looked like the issue was that WLC GUI was not accepting the correct secret key of ACS.

As soon as we entered the secret key via the CLI, we were able to confirm connectivity between laptop and AP/WLC. Apparently the above issue is a known bug with the version we had.

Also confirm that the secret key on the ACS device and NDG is the same as that on the WLC.

Hope this helps

I have tried to change the shared secret from GUI, we are suspecting some integration issue between WLC and IAS, may be due to some certificate expiration, we are in touch with system to get this verified.

Meanwhile i would go for changing the shared secret key from CLI.

kindly, send me the link of that bug that you have come across.

Try:

CSCsc56684 - Entering RADIUS shared secret of 32-64 chars does not work from

GUI

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: