I have setup my mobile devices to authentication by MAC address on to ACS. I'm using CISCO 1200 APs all over the building.
I've followed ALL the guide docs and set everything up including creating the MAC usernames in ACS and placing them in a group in ACS etc. and also defined the VLANs on the core and referencing them in ACS.
Its seems though once the device authenticates in ACS it stops there and does not return the packed and allow the device to get an IP. I've attached the debug error log. I keep the getting the following erros which I am not sure about:
Mar 6 14:37:16.936: dot11_dot1x_verify_ptk_handshake: verifying PTK msg 2 from 0009.2dff.0510
Mar 6 14:37:16.936: dot11_dot1x_verify_eapol_header: Warning: Invalid key len (exp=0x20, act=0x0)
Mar 6 14:37:16.936: dot11_dot1x_verify_ptk_handshake:
Mar 6 14:37:16.936: dot11_dot1x_ssn_generate_ptk failed
Mar 6 14:37:16.936: dot11_mgr_sm_recv_ptk_msg2:
Mar 6 14:37:16.936: dot11_mgr_sm_recv_ptk_msg2: dot11_dot1x_verify_ptk_handshake failed
ar 6 14:37:16.063: dot11_mgr_sm_handshake_fail: Handshake failure for 0009.2dff.0510
Mar 6 14:37:16.063: %DOT11-7-AUTH_FAILED: Station 0009.2dff.0510 Authentication failed
What to the ACS activity logs show. Did they show up as authenticated? Also, you did not mention if you are using encryption. I set up mac authentication recently. It works OK, but you have to make sure the passwords are the mac address and they are lower case. Also you have to make sure the format is unformatted (no spaces). That configuration screen on the AP is on the global tab in the server manager. It kind of looks like a mismatch between the EAP client and the AP. Are you using EAP+MAC. Need more info to help. Hopefully you got it fixed by now. The first ones are frequently a pain to get working.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...