Cisco Support Community
Community Member

AP340 and ACS Authentication

I’m trying to configure a Cisco AP340 ver.11.07 authenticating users using EAP protocol onto our ACS ver 3.0 to a W2K domain external database. I had checked all the points mention in the documentation that can be applied to my case.

I can ping the AP from the ACS, the shared secret is the same in both AP and ACS, I'm using the right port: 1645, and I select Radius Type: Ciaco Aironet in the AAA client definition on the ACS, but I still get the same error “Radius Extension DLL rejected”. I can use an account in the Local ACS’s DB or from the domain, the ACS recognises even the group the user is in, but still gives me this error.

From what I had read, the versions of AP and ACS should work. Any ideas or suggestions?

Community Member

Re: AP340 and ACS Authentication

"A common configuration problem in this circumstance is that the external user database is configured to check for

"Grant Dial-in Permission for user". If the user does not have this set (regardless of the fact

that this is not a dialin session), it will fail the authentication request."

Please check this on ACS. I don't have any other ideas.

Hope this helps

CreatePlease to create content