×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Connectivity issues between 4402 and w2k3 IAS

Unanswered Question
Dec 7th, 2006
User Badges:

Dear Support,

I?m not sure if I have a hardware issue, or doing something fundamentally wrong with the way in which I?m configuring my WLAN. I?ve asked the server administrator to reboot the server today just in case it is a windows issue.

I?m getting no IAS / RADIUS requests in the system event log on the server, and the following reported in the log on the WLAN controller;

Log System Time Trap

0 Thu Dec 7 18:18:30 2006 RADIUS server 10.115.12.20:1812 failed to respond to request (ID 152) for client 00:0e:35:f8:5d:13 / user 'unknown'

1 Thu Dec 7 18:18:18 2006 RADIUS server 10.115.12.20:1812 failed to respond to request (ID 151) for client 00:0e:35:f8:5d:13 / user 'unknown'


Equipment Summary

4 x 1030 AP?s

1 x 4402 WLAN controller

2 x 3560 PoE switches

1 x w2k3 with IAS installed.


Attempted Implementation.

1 x secure WLAN (using ms-chap-v2)

1 x guest WLAN (just web authentication)


Networks

Wired LAN (where wired users and w2k3 server is located)

10.115.12.0 /24 (VLAN 201)

Guest WLAN

192.168.252.x /24 (VLAN 99 ? layer 2)

Secure WLAN

10.115.12.0 /24 (VLAN 201)

AP management

172.16.31.x /24 (VLAN 60)


W2k3 / IAS server 10.115.12.20


I have setup routing on the 3560?s between the VLANs, and able to ping from the WLAN controller to the server and vice versa, but this is not always the case ? which makes me think it may be hardware or the server needing a reboot.


Please can someone help me as spent two days on this, updated the code on the WLAN controller to 3.2.171.6 is an attempt to resolve, but didn?t help.

I?m not sure if it is routing, but seems to be very strange. I can also ping from the wired LAN to the SVI on the 3560 (172.16.31.1, but not always to the management on 172.16.31.30).


I also have the Guest WLAN getting IP addresses from a local scope on the WLAN controller as these did not hit the w2k3 server either.


I will attach config extracts for a better explanation.


Thank you in advance for your assistance.


Best regards, Adrian






  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vmoopeung Wed, 12/13/2006 - 12:27
User Badges:
  • Bronze, 100 points or more

I think since the RADIUS server says the user is unknown, the username and password configuration or any other credentials of the user should be the problem. Ensure whether the username and password are the same on both the client and IAS Server.

Ensure that the problem is only with this particular client and the request successfully passes for the other clients.fi the RADIUS request is able to reach the server, then I dont thnik there is a routing issue. Try pinging the receive route from the server till the client for confirming the connectivity.

ceci.diazg Sat, 11/17/2007 - 15:47
User Badges:

Hi, i think i have a similar problem with the authentication, I hope you solved it and help me , I have these messages in the controller (attached txt). It seems that just the client cant receive the authentication but we've checked the server and everything there its ok so maybe the problem is with the controller.


Thanks



aoshea Sun, 11/18/2007 - 13:16
User Badges:

To resolve me issue, I created a separate subnet for both the wired and wireless users to resolve. (wouldn't work on the same ip subnet).

Suspect it would be good to check you are running and up to date version of code on the WLC as well. (at least version 4.1.x)

Other things to check is that if your using the intel chipset on laptops, ie the 2200BG or 3945ABG there is a setting for roaming agressiveness which could mean the client roams to another ap before completing the authentication. you can adjust this in the intel proset client software.

hope this helps and all the best.

regards adrian.

Actions

This Discussion

 

 

Trending Topics - Security & Network