Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Cisco ACS 5.2 not authenticating wireless clients with Cisco AP1142

Hi

I have a Cisco ACS Engine running v5.2 and I am trying to get it to authentication wireless clients via a Cisco AP1142.

However i am getting the following message in the acs reporting tool :

Failure Reason: 11036 The Message-Authenticator RADIUS attribute is invalid.

The description states: The Message-Authenticator RADIUS attribute is invalid. This maybe because of mismatched Sharded Secrets.

I have check the sharded secret and they are both set correctly. Is there something extra that needs setting up on the ACS server or on the Access Point, as the Access Point works well with ACS v4.2

1 REPLY
Silver

Cisco ACS 5.2 not authenticating wireless clients with Cisco AP1

Hello Marco,

I have been checking and the error 11036 The Message-Authenticator RADIUS attribute is invalid is usually related to a key mismatch.

Can you enable "debug aaa authentication" and "debug radius" and perform the test command on the AP authenticating against the ACS 5.x? The command should be:

test aaa group radius legacy

Please share the outputs. If the debugs report "failed to decrypt" then it is indeed a key mismatch.

If this was helpful please rate.

Regards.

1371
Views
5
Helpful
1
Replies
CreatePlease to create content