Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
285
Views
0
Helpful
1
Replies

AP340 and ACS Authentication

japox
Level 1
Level 1

‎09-18-2003 12:18 AM - edited ‎07-04-2021 09:01 AM

I’m trying to configure a Cisco AP340 ver.11.07 authenticating users using EAP protocol onto our ACS ver 3.0 to a W2K domain external database. I had checked all the points mention in the documentation that can be applied to my case.

I can ping the AP from the ACS, the shared secret is the same in both AP and ACS, I'm using the right port: 1645, and I select Radius Type: Ciaco Aironet in the AAA client definition on the ACS, but I still get the same error “Radius Extension DLL rejected”. I can use an account in the Local ACS’s DB or from the domain, the ACS recognises even the group the user is in, but still gives me this error.

From what I had read, the versions of AP and ACS should work. Any ideas or suggestions?

Labels:
0 Helpful
1 Reply 1

vblavet
Level 1
Level 1

‎09-22-2003 03:04 AM

"A common configuration problem in this circumstance is that the external user database is configured to check for

"Grant Dial-in Permission for user". If the user does not have this set (regardless of the fact

that this is not a dialin session), it will fail the authentication request."

Please check this on ACS. I don't have any other ideas.

Hope this helps

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card