Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Users of Particular SSID not able to get authenticated in WLC

Hi ALL,

We suddenly experiencing issue of getting authenticated for users in particular SSID. These users are setup to use Local LEAP database in the WLC to get authenticated .. The recent trap shows the below message for the users

"AAA Authentication Failure for UserName:test User Type: WLAN USER"

In the message log ,we see the below message

ay 28 19:28:33.552 dtl_arp.c:504 DTL-3-INVALID_ARP_TIMEOUT_ADDR: MAC entry (MAC address) received for timeout is INVALID. Dropping it.

We are not sure ,about the above message and couldn't find an explanation in the WLC meesage guide .....If you have any idea ..Kindly let us know .....

Thanks

Regards

Anantha Subramanian Natarajan

6 REPLIES
Silver

Re: Users of Particular SSID not able to get authenticated in WL

The way on addressing restriction of access per user, is quite different in WLC than in aironet based access points. Using AVP you can "assign" the vlan to the user, but the SSID will remain to what the user connected, which in practical terms, means we can force User A, to be in vlan 10, no matter which SSID he is using. This will require to either use IETF attributes 64,65,81, as described here:

http://www.cisco.com/en/US/docs/wireless/controller/3.2/configuration/guide/c32sol.html

New Member

Re: Users of Particular SSID not able to get authenticated in WL

Hi Smalkeric,

Thanks for the reply ......Actually ,My question is to find out a way for avoiding the Cisco LEAP configured SSID to use that as primary authentication method even though RADIUS is been configured on the WLC.

Thanks

Regards

Anantha Subramanian Natarajan

Hall of Fame Super Silver

Re: Users of Particular SSID not able to get authenticated in WL

There is no way to have local eap configured as your primary if you have any Radius configured. You will have to setup LEAP on the ACS if you are using that for a radius server.

-Scott
*** Please rate helpful posts ***
New Member

Re: Users of Particular SSID not able to get authenticated in WL

Hi Fella5,

Thanks once again for your inputs

Regards

Anantha Subramanian Natarajan

Hall of Fame Super Silver

Re: Users of Particular SSID not able to get authenticated in WL

I too wish that you can specify what radius server under a certain ssid. I also wish that if you dont specify a radius server on a n ssid that it wouldn't try to authenticate vai any configured radius server. At least now with the 5 code, you can have the wlc check to make sur the primary is back up in the case it went down.

-Scott
*** Please rate helpful posts ***
New Member

Re: Users of Particular SSID not able to get authenticated in WL

Thanks

164
Views
4
Helpful
6
Replies
CreatePlease to create content