ACS 5.0 and Wireless controller

gseadmins · ‎06-04-2009

Hi all,

I'm having a problem when wireless controllers try to authenticate wireless clients by ACS 5.0.

I've added the ACS as a Radius server and configured in the Wlan that the clients try to associate.

Seem that the WC is unable contact the ACS, in the log of the controller i can see timeout error, but ACS and WC can ping each other and there is no firewall between them.

Can anyone help me to find the problem?

In the ACS log there is no trace of the request of authentication.

Thanks all.

wong34539 · ‎06-10-2009

For the Cisco Secure ACS to be able to authenticate Wireless clients, you need to complete these steps:

Configure the Wireless LAN Controller as a AAA client on the Cisco Secure ACS.

Configure the users and user profiles on the Cisco Secure ACS.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00808b041e.shtml#configure-acs

jerome · ‎07-09-2009

Hi, has anyone here found any solution on this issue. I'm in dire need to have a solution for this. any input would be appreciated.

Thanks.

jrabinow · ‎07-09-2009

ACS 5.0 has some issues working with the Cisco Wireless Services Module (WiSM) and maybe other wireless controllers are also presenting the same problem. These result in no rsponse being received to the request.

There are two bugs filed and they are addressed in cumulative patch 5.0.0.21.6 which is available at the following location: http://www.cisco.com/cgi-bin/tablebuild.pl/acs5_patches

jerome · ‎07-17-2009

Installed the latest cumulative patch ver 5.0.0.21.7 and now WLC and ACS 5.0 could work without issues and could authenticate RADIUS Authentication like a champ.

Thanks for the suggestion irabinow...

REgards.

c.yeo · ‎07-20-2009

We have the same issue not being able to use ACS and WCS.

I tried to d/l that patch: 5-0-0-21-7.tar.gpg, but the download comes as 5-0-0-21-7.tar.tar I tried renaming the file as a .gpg, but that does not work either.

Just locks up the Web console...the CLI attempts to apply the patch but complains about missing directory

any ideas?

Charles

jrabinow · ‎07-20-2009

Few comments and suggestions:

1) there is no issue in renaming the file extension as long as file size and checksum are in fact correct

2) it is recommended to create the repository used for the install from the CLI and also install the patch from the CLI

3) There are issues with TFTP repostories when file size exceeds 32M. It is recommended to use FTP instead instead

Jonny

dazza_johnson · ‎11-02-2009

Hi guys. Is anyone still experiencing issues with this? I have implemented the latest patch (5.0.0.21.8) but still no RADIUS response. I can ping etc and I have authenticated using PAP using a RADIUS client simulator. It seems to be an issue with PEAP/MSCHAP???? Please help :-) Show version of ACS shown below.

Coop-ACSv5/ansgroup# sh ver

Cisco Application Deployment Engine OS Release: 1.1

Build Version: 1.1.0.416

Hostname: Coop-ACSv5

Version information of installed applications

---------------------------------------------

Cisco ACS VERSION INFORMATION

-----------------------------

Version : 5.0.0.21

Internal Build ID : B.2757

Patches :

5.0.0.21.8

Coop-ACSv5/ansgroup#

jrabinow · ‎11-02-2009

A good way to troubleshoot the point at which the request is failing is to go to:

Monitoring & Reports: ... > Reports > Catalog > AAA Protocol

and the select "RADIUS_Authentication"

You will get a list of all passed/failed attempts together with failure reason. If you select the magnifiying glass icon under teh details column you should see the steps performed to process the request and see where processing stopped