WLC 4400 web auth issues

Unanswered Question
Nov 20th, 2009


I am experiencing an issue with my model 4404 Wireless controllers that has plagued me for some time now. I have two controllers with 106 AP's split evenly between the two controllers. One of my SSID's is setup with web authentication.  I have one Radius server (Cisco ACS v 4.1). The problem only exists for the SSID that uses web authentication. Reports begin to come in that students cannot login to the wireless using the student SSID that uses web authentication. The student can get to the web authentication page, but when they put in their username and password both fields go blank. You can do this over and over with no errors, and the logs in the controller show nothing to indicate any issues (you don't even see the attempted login). I obtain one of the student logins for testing and here is what I have found. I attempt to login to the student wireless with this account and recieve the same results as the student. I have an AP in my office that I use for testing so I force it on to the other controller. At that point the account in question works. I can login without any issues. I force the AP back to the initial controller and experience the same issue, I cannot login. No error of bad username and password, just login fields that go blank. More reports come in that students cannot login and I find that all issues are related to this controller. The next morning I reboot the controller and everything works for a week or more and then it all starts over again. The next time it may be the other controller that is experienceing this issue. A reboot of the controller always fixes the issue for the short term. The issue appears to be controller related but I cannot pin it down.  I recently upgraded my controller code from to at Cisco's recommendation. Unfortunately the issue still exists. Scouring the forums produces a few other people encountering the same issue but none seem to have found a fix. Does anyone know if this is a known issue with this model controller?

Thanks much for any help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dennischolmes Wed, 11/25/2009 - 19:34

I would suspect a flash memory corruption on the controller. To verify this, check the

crash logs and look for a failure to mount hdv0 or 1 error.

agivens02 Mon, 11/30/2009 - 06:09

Thank you for your response Dennis, it is greatly appreciated. I do not find any mount errors in the crash log. However I did finally find something in the message logs that I was unable to find before. I did not copy this message so it is not verbatim. The error message states that the user cannot be logged in possibly due to being logged in somewhere else. At that point I pour over every client on the controller even filtering by mac address. I see no evidence of the client being associated or authenticated. On a side note I can see the client as associated if the wireless card is enabled. Checking the ACS does not show a failed authentication. Again, rebooting the controller seems to clear some sort of radius accounting on the controller that I am unable to clear manually without a reboot. Thanks again for your response.

dennischolmes Mon, 11/30/2009 - 06:59

What method of webauth RADIUS authentication are you using and is it supported on your ACS at this time? That is found under the contrroller tab on the controller gui.

agivens02 Mon, 11/30/2009 - 08:38

Web authentication on the controller is PAP. My Cisco ACS 4.1 does support this option.

dennischolmes Mon, 11/30/2009 - 08:43

Have you tried to do webauth local on the controller with no guest account setup? This will force the clients to forward to the RADIUS after three failed attempts on the local database. I know it's a workaround but it kind of helps to determine if it is a controller problem or ACS problem.

agivens02 Mon, 11/30/2009 - 11:43

Thanks Dennis,

I haven't tried that but I may in the future. After rebooting both controllers things seem smoothe for the moment. Not if but when the issue surfaces again I will see how that works out.  Greatly appreciate your time.


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode