Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

AP1242, WLSE & ACS

Unanswered Question
Jul 4th, 2006
User Badges:
  • Bronze, 100 points or more

I'm trying to configure a WLAN composed of AP1242's managed by a WLSE and authenticating via an ACS Appliance. At present I'm still testing so the ACS box is using it's internal user database and I've generated a self signed and installed cert on it. I've exported the cert and installed on the clients but my problem is that I'm not getting authenticated and I think the weak link is the AP's.

When I try and authenticate a client I get an authentication failed error on the AP and that's it, nothing on the ACS server at all. Using Ethereal I can't see any 1645 or 1812 UDP traffic between the AP and the ACS box (or any traffic at all for that matter) so it looks like the AP isn't even trying the ACS box. I've tried running debug aaa and radius commands on the AP but the only thing I see are AAA/BIND messages appearing every minute or so. I've even tried stopping the ACS services and trying again with the services stopped to try and raise an error.

Any ideas would be very welcome!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thomas.chen Mon, 07/10/2006 - 10:45
User Badges:
  • Silver, 250 points or more

Could you provide the error message which you are getting.

andrew.brazier@... Wed, 07/12/2006 - 01:43
User Badges:
  • Bronze, 100 points or more

Thanks for the reply, I've sorted the problem (with assistance from TAC). What follows is a warning if you're planning to use an ACS Solution Engine: After carrying out the basic console based setup what you end up with is a config that WILL NOT WORK, it self configures itself in such a way that it will never work. Neat trick eh? Drop me a line if you'd like full details.

scottmac Mon, 07/10/2006 - 12:46
User Badges:
  • Green, 3000 points or more

Which authentication / authorization scheme are you using?

Are you using the Microsoft Zero Wireless Config system, or the client software (in addition to the client drivers)?

Do you have a software firewall on the PC/Laptops? Try disabling it for diagnostics (make sure you shut down the service as well as the "front end" code).

Have you verified that the client has assocated?

With the PC/Laptop on, try disabling and re-enabling the NIC (versus re-booting) and see if you get the auth traffic (on your Ethereal capture).

Check it out & let us know.



This Discussion



Trending Topics - Security & Network