Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

802.1x Broken after upgrade to 7.6.100.0

Hi,

We are using an OEAP600 AP and reciently moved to version 7.6.100.0 (5508 WLC)to support split tunnel printing. 802.1x is being performed on an NPS server for wireles policy.
Everything appears to be ok on the WLC configuration side - when debugging aaa all i see the following.

*aaaQueueReader: Mar 12 17:38:54.814: a4:67:06:93:f6:cd Sending the packet to v4 host X.X.X.X:1645
*aaaQueueReader: Mar 12 17:38:54.814: a4:67:06:93:f6:cd Successful transmission of Authentication Packet (id 135) to X.X.X.X:1645, proxy state a4:67:06:93:f6:cd-00:01
*aaaQueueReader: Mar 12 17:38:54.814: 00000000: 01 87 00 f4 be 99 b9 3a  e4 31 d3 d4 0a bf e2 cb  .......:.1......
*aaaQueueReader: Mar 12 17:38:54.814: 00000010: 5b d9 f9 04 01 14 6d 79  69 6e 74 72 61 6e 65 74  [.....domain
*aaaQueueReader: Mar 12 17:38:54.814: 00000020: 5c 63 72 6f 6e 69 6e 70  59 03 00 83 06 00 00 00  \usernameY.......
*aaaQueueReader: Mar 12 17:38:54.814: 00000030: 01 1f 13 61 34 2d 36 37  2d 30 36 2d 39 33 2d 66  ...a4-67-06-93-f
*aaaQueueReader: Mar 12 17:38:54.814: 00000040: 36 2d 63 64 1e 0d 31 30  2e 33 2e 32 34 30 2e 31  6-cd..WLCIPADDRESS
*aaaQueueReader: Mar 12 17:38:54.814: 00000050: 30 05 06 00 00 00 0d 1a  31 00 00 00 09 01 2b 61  .......1.....+a
*aaaQueueReader: Mar 12 17:38:54.814: 00000060: 75 64 69 74 2d 73 65 73  73 69 6f 6e 2d 69 64 3d  udit-session-id=
*aaaQueueReader: Mar 12 17:38:54.814: 00000070: 30 61 30 33 66 30 30 61  30 30 30 30 31 33 62 32  0a03f00a000013b2
*aaaQueueReader: Mar 12 17:38:54.814: 00000080: 35 33 32 30 30 30 66 65  04 06 0a 03 f0 0a 20 0c  532000fe........
*aaaQueueReader: Mar 12 17:38:54.814: 00000090: 41 55 47 44 53 57 43 45  30 31 1a 0c 00 00 37 63  WLCHOSTNAME....7c
*aaaQueueReader: Mar 12 17:38:54.814: 000000a0: 01 06 00 00 00 03 06 06  00 00 00 02 0c 06 00 00  ................
*aaaQueueReader: Mar 12 17:38:54.815: 000000b0: 05 14 3d 06 00 00 00 13  40 06 00 00 00 0d 41 06  ..=.....@.....A.
*aaaQueueReader: Mar 12 17:38:54.815: 000000c0: 00 00 00 06 51 05 32 30  39 4f 19 02 01 00 17 01  ....Q.209O......
*aaaQueueReader: Mar 12 17:38:54.815: 000000d0: 6d 79 69 6e 74 72 61 6e  65 74 5c 63 72 6f 6e 69  domain\username
*aaaQueueReader: Mar 12 17:38:54.815: 000000e0: 6e 70 50 12 c0 fa 26 2e  de f9 81 2b 16 a6 bb 9b  P...&....+....
*aaaQueueReader: Mar 12 17:38:54.815: 000000f0: fd 3b 9b 6f                                       .;.o
*radiusTransportThread: Mar 12 17:38:54.816: 00000000: 03 87 00 2c 44 91 99 63  c9 29 8c 10 c4 88 0a b1  ...,D..c.)......
*radiusTransportThread: Mar 12 17:38:54.816: 00000010: 32 3a 13 4a 4f 06 04 01  00 04 50 12 f5 bb a5 67  2:.JO.....P....g
*radiusTransportThread: Mar 12 17:38:54.816: 00000020: 38 93 f0 0e ad db b9 a5  26 d4 79 26              8.......&.y&
*radiusTransportThread: Mar 12 17:38:54.816: ****Enter processIncomingMessages: response code=3

*radiusTransportThread: Mar 12 17:38:54.816: ****Enter processRadiusResponse: response code=3

*radiusTransportThread: Mar 12 17:38:54.816: a4:67:06:93:f6:cd Access-Reject received from RADIUS server X.X.X.X for mobile a4:67:06:93:f6:cd receiveId = 2
*radiusTransportThread: Mar 12 17:38:54.816: a4:67:06:93:f6:cd [Error] Client requested no retries for mobile A4:67:06:93:F6:CD 
*radiusTransportThread: Mar 12 17:38:54.817: a4:67:06:93:f6:cd Returning AAA Error 'Authentication Failed' (-4) for mobile a4:67:06:93:f6:cd
*radiusTransportThread: Mar 12 17:38:54.817: AuthorizationResponse: 0x4259b944

 

On the NPS server we are seeing the username being sent but does not appear to be getting the FQDN ie domain\username even when the "domain\usersname" is used from the user.  We are also seeing that the calling ID is the IP address of the managmenet interface of the WLC (acct and auth calling ID are set to IP address on the WLC for RADIUS). Normally we would see the client MAC address followd with the WLAN ie ab:cc:aa:11:23:12:WLAN

Has anyone had a simmilar problem / seen something like this before ?
Any assistance recommendations will be much appreciated.

 

Thank you in advance.

Everyone's tags (1)
3 REPLIES
New Member

Hi mjgosling1did you ever

Hi mjgosling1

did you ever solve your problem? I think we are hitting the same problem with a FreeRadius server, we have a lot of RADIUS requests with ID 135 hitting the radius server, which says "duplicate request".

We are running 7.6.120.0.

Thanks in advance and best regards

Dominic

Cisco Employee

Refer the link https:/

New Member

Hi mjgosling1just as an

Hi mjgosling1

just as an information, we were hitting this bug here: https://tools.cisco.com/bugsearch/bug/CSCuo96366

See discussion here: https://supportforums.cisco.com/discussion/12378951/wlc-761200-radius-problems-freeradius-server

Best regards

Dominic

101
Views
0
Helpful
3
Replies
CreatePlease to create content