Cisco Support Community
Community Member

Unknown ACS 5.2 radius authentication failures

My production (OLD) ACS server authenticates radius successfully with all WAP clients. Upgrading to a NEW ACS (5.2) server to do the same.  The NEW ACS server has 4 test WAPs (besides IPs, they have identical configs) to test radius client authentication.  2 TEST WAPs are at VPN connected sites, and 2 TEST WAPs are at MPLS WAN sites. Wireless clients at the VPN connected sites successfully authenticate and connect to the network.  Wireless clients at the MPLS WAN connected sites fail to authenticate.  Packet captures and interface snooping show the NEW ACS server doesn't respond to the MPLS WAN client authentication requests.  The NEW ACS server is configured for LDAP, and as I stated.....does authenticate, but only to VPN only wireless clients.  The TEST WAPs at MPLS connected sites show connection to the radius server going up/down in the WAP log.  The monitoring reports for RADIUS pass/fails shows VPN wireless clients connecting, but MPLS WAN wireless client requests fails and don't give any details as to why (see pic).  Does anyone have any ideas? 

ACS Radius Authentication.JPG

Thanks in advance!

Brad Schmitt

CreatePlease to create content