WLC and Radius issue

Unanswered Question
Aug 28th, 2008
User Badges:

We keep get the following error. And everytime we got this, the clients have been force to re-authentication.


Any idea?


Thanks,


RADIUS server 10.108.32.33:1812 activated on WLAN 1


RADIUS server 10.140.4.9:1812 deactivated on WLAN 1


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Fri, 08/29/2008 - 15:57
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Did you have these radius servers configured on your wlc?

fabiogarcia Wed, 12/05/2012 - 11:37
User Badges:

Hello ,


I am facing the same error... did you ever got a solution ???

fabiogarcia Wed, 12/05/2012 - 11:38
User Badges:

Hello ,


I am facing the same error... did you ever got a solution ???

George Stefanick Wed, 12/05/2012 - 16:57
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Fird\st make sure these radius servers are online and are configured in your wlc properly. If they are tehn look at the server timeout in the WLC under the radius config. Its default is 2 seconds. In crease it to 10 seconds.


Monitor and see if you still get the alerts



__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

fabiogarcia Thu, 12/06/2012 - 03:35
User Badges:

George, tks for your reply!

I have changed the timeout to 10 secs as you suggested.


Look, the alarm message shows up only for "accounting servers" thru 1646 port

Do I really need that config ? I mean, can I use only the authentication servers (port 1645) ?


thanks in advance!!

Scott Fella Thu, 12/06/2012 - 06:24
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

If you are not doing accounting, you don't need that configured. Only if you are also doing accounting would you need that port open 1646.

Sent from Cisco Technical Support iPad App

fabiogarcia Thu, 12/06/2012 - 08:15
User Badges:

Hi Scott... tks again!


I disabled accounting servers, then I am not seeing anymore the error message "RADIUS server X.X.X.X:1813 deactivated in global list"... But I am still seeing 2 or 3 users (out of 40) with auth problems...


pls check below screen shot


*** user julio.quintao is associated but he has just "de-authentication".... (other association without users are mobile phones) ***


Did you ever see a problem like that ?

George Stefanick Thu, 12/06/2012 - 08:19
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Go to clients. Look up the client by mac address and look at the PEM state. It will tell you why the client is failing ..


DHCP_REQ is meaning there is a DHCP issue

8021x_REQ means it failed auth


You could also turn off exclude as a test, perhaps these clients are a little slow to auth.


__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

fabiogarcia Thu, 12/06/2012 - 10:52
User Badges:

Hi George, tks for your reply!


I got that DHCP error message... what that means ?

I confirmed no problem at DHCP server... I am using 50% of that range.....


George Stefanick Thu, 12/06/2012 - 10:56
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

On that WLAN do you have DHCP REQ check boxed ? If you do and you have a static ip it could reg that. You said you checked the DHCP server, but a problem with DHCP would also show that ..




__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

fabiogarcia Thu, 12/06/2012 - 12:06
User Badges:

this is the situation I have in that advanced tab



Also, this is my DHCP server (windows srv 2003)

George Stefanick Thu, 12/06/2012 - 12:34
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

the client having the issue. Check to make sure he DOESNT have a static address set ..



__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

Actions

This Discussion