Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISE 1.2 rejects RADIUS messages from vWLC

Hello,

I have an ISE appliance with the Wireless license. The Cisco vWLC is configured to send Radius traffic to the device, but is getting the error message:


11054 Request from a non-wireless device was  dropped due to installed Wireless license

The vWLC is showing up under endpoints as a VMWARE workstation, and not a WLC, and so under the licensing requirements will not allow RADIUS to be received from anything other than a WLC. I tried hard-coding the policy to match a Cisco WLC with a condition of matching its MAC address, and even disabled the VMWARE profile policy, but the endpoint then only matches the "Unknown" policy. Any ideas?

2 REPLIES
New Member

ISE 1.2 rejects RADIUS messages from vWLC

Check the Cisco ISE dashboard (

Operations > Authentications

) for any indication

regarding the nature of RADIUS communication loss. (Look for instances of your

specified RADIUS usernames and scan the sy

stem messages that are associated with

any error message entries.)

Log into the Cisco ISE CLI

2

and enter the following command to produce RADIUS

attribute output that may aid in debugging connection issues:

test aaa group radius

new-code

If this test command is successful, you should see the following attributes:

Connect port

Connect NAD IP address

Connect Policy Service ISE node IP address

Correct server key

Recognized username or password

Connectivity between the NAD and Policy Service ISE node

You can also use this command to help narrow the focus of the potential problem

with RADIUS communication by deliberatel

y specifying incorrect parameter values

in the command line and then returning to the administrator dashboard (

Operations

> Authentications

) to view the type and frequency

of error message entries that

result from the incorrect command line. For example, to test whether or not user

credentials may be the source

of the problem, enter a username and or password that

you

know

is incorrect, and then go look for error message entries that are pertinent

to that username in the

Operations > Authentications

page to see what Cisco ISE

is reporting.)

Note

This command does not validate whether or not the NAD is configured to use

RADIUS, nor does it verify whether th

e NAD is configured to use the new

AAA model.

New Member

Were you able to resolve this

Were you able to resolve this?

 

I have come across this problem with a 5508 WLC (HA pair) where I have setup active RADIUS fallback and ISE (which is just licensed for wireless) is giving the same message.

 

Which is a bit ironic as the WLAN users can authenticate fine, but the WLC cant test the RADIUS!

282
Views
0
Helpful
2
Replies
CreatePlease login to create content