Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
422
Views
4
Helpful
6
Replies

Users of Particular SSID not able to get authenticated in WLC

anasubra_2
Level 1
Level 1

‎05-28-2008 11:48 AM - edited ‎07-03-2021 03:56 PM

Hi ALL,

We suddenly experiencing issue of getting authenticated for users in particular SSID. These users are setup to use Local LEAP database in the WLC to get authenticated .. The recent trap shows the below message for the users

"AAA Authentication Failure for UserName:test User Type: WLAN USER"

In the message log ,we see the below message

ay 28 19:28:33.552 dtl_arp.c:504 DTL-3-INVALID_ARP_TIMEOUT_ADDR: MAC entry (MAC address) received for timeout is INVALID. Dropping it.

We are not sure ,about the above message and couldn't find an explanation in the WLC meesage guide .....If you have any idea ..Kindly let us know .....

Thanks

Regards

Anantha Subramanian Natarajan

Labels:
0 Helpful
6 Replies 6

smalkeric
Level 6
Level 6

‎06-03-2008 12:34 PM

The way on addressing restriction of access per user, is quite different in WLC than in aironet based access points. Using AVP you can "assign" the vlan to the user, but the SSID will remain to what the user connected, which in practical terms, means we can force User A, to be in vlan 10, no matter which SSID he is using. This will require to either use IETF attributes 64,65,81, as described here:

http://www.cisco.com/en/US/docs/wireless/controller/3.2/configuration/guide/c32sol.html

0 Helpful

anasubra_2
Level 1
Level 1
In response to smalkeric

‎06-03-2008 12:56 PM

Hi Smalkeric,

Thanks for the reply ......Actually ,My question is to find out a way for avoiding the Cisco LEAP configured SSID to use that as primary authentication method even though RADIUS is been configured on the WLC.

Thanks

Regards

Anantha Subramanian Natarajan

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to anasubra_2

‎06-03-2008 01:24 PM

There is no way to have local eap configured as your primary if you have any Radius configured. You will have to setup LEAP on the ACS if you are using that for a radius server.

-Scott
*** Please rate helpful posts ***

anasubra_2
Level 1
Level 1
In response to Scott Fella

‎06-03-2008 03:35 PM

Hi Fella5,

Thanks once again for your inputs

Regards

Anantha Subramanian Natarajan

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to anasubra_2

‎06-03-2008 03:56 PM

I too wish that you can specify what radius server under a certain ssid. I also wish that if you dont specify a radius server on a n ssid that it wouldn't try to authenticate vai any configured radius server. At least now with the 5 code, you can have the wlc check to make sur the primary is back up in the case it went down.

-Scott
*** Please rate helpful posts ***
0 Helpful

anasubra_2
Level 1
Level 1
In response to Scott Fella

‎06-03-2008 03:58 PM

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card