This network has a working WLC that authenticates wireless users against an ACS by MAC address. It works fine.
I need to add a new WLC.
I added the WLC, the APs connect to the WLC fine, but the users get limited connectivity and we've found out that is because the new WLC is getting authentication errors against the ACS.
The configuration of the new WLC is exactly the same as the current working WLC and both controllers show as AAA clients on the ACS.
I want to know if somebody can point me out in the right direction to solve this.
There's connectivity fine between all devices (as far as PING goes), and there's no Firewall or filters in between.
The difference I see on both WLCs is that on the working one (WLC1), under Security - AP Policies, we see the AP Authorization List with the MAC addresses/cert type/hash. We don't get this information on the non-working WLC (attached document shows both)
Also in the attached document, I'm sending the errors I get no the WLC2 controller.
The "user access filtered" message is likely caused by either the userid or group having Network Access Restrictions enabled for a the original AAA client, but not the new one. Check out the NAR settings in the user settings and group settings to see if that’s it.
I didn't get you when you say that you see only One WLC under groupsetup/Mac address. Could you please elaborate this?
Also, if you don't know see any NAR configured under shared profile component then check inside the group/user setup there must be either ip based or CLI/DNIS based NAR configured for WLC's and looking at failed attempts it seem that action is denied.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...