Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Users of Particular SSID not able to get authenticated in WLC

Hi ALL,

We suddenly experiencing issue of getting authenticated for users in particular SSID. These users are setup to use Local LEAP database in the WLC to get authenticated .. The recent trap shows the below message for the users

"AAA Authentication Failure for UserName:test User Type: WLAN USER"

In the message log ,we see the below message

ay 28 19:28:33.552 dtl_arp.c:504 DTL-3-INVALID_ARP_TIMEOUT_ADDR: MAC entry (MAC address) received for timeout is INVALID. Dropping it.

We are not sure ,about the above message and couldn't find an explanation in the WLC meesage guide .....If you have any idea ..Kindly let us know .....

Thanks

Regards

Anantha Subramanian Natarajan

  • Other Wireless - Mobility Subjects
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Users of Particular SSID not able to get authenticated in WL

Hi Anasubra,

Unfortunately, for now controller is a backup solution. So it can't be configured as a primary. It will only be used if you have no AAA configured or if the configured AAA doesn't reply...

Jerome

9 REPLIES
Hall of Fame Super Silver

Re: Users of Particular SSID not able to get authenticated in WL

Did you happen to add a Radius server to the wlc?

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
New Member

Re: Users of Particular SSID not able to get authenticated in WL

Hi Fella5,

Yes ,some couple of days back and was associated with different SSID.

Do you think some issues with the same.?

Thanks for the reply.

Regards

Anantha Subramanian Natarajan

Re: Users of Particular SSID not able to get authenticated in WL

Yes, Fella is probably right here (5 for you Fella5!). Local EAP is designed as a backup authentication system. If any RADIUS servers are configured on the controller, the controller tries to authenticate the wireless clients with the RADIUS servers first. Local EAP is attempted only if no RADIUS servers are found, either because the RADIUS servers timed out or no RADIUS servers were configured...

So if you have a radius that works, local EAP won't work and authentication will fail...

hth

jerome

Hall of Fame Super Silver

Re: Users of Particular SSID not able to get authenticated in WL

I didn't want to jump the gun and that is why I asked. You should of seen some failed attempts on the radius server. Now what you have to do, if you have an ACS server is to configure LEAP authentication on that. If you have IAS or another type of radius server, you might not have the ability to support LEAP.

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
New Member

Re: Users of Particular SSID not able to get authenticated in WL

Thank you very much fella5

Regards

Anantha Subramanian Natarajan

New Member

Re: Users of Particular SSID not able to get authenticated in WL

Hi Jeromehenry,

Thank you very much .....Is there a way to configure the primary option as Local LEAP and then the backup option as radius for a particular SSID.....

Thank You

Regards

Anantha Subramanian Natarajan

Re: Users of Particular SSID not able to get authenticated in WL

Hi Anasubra,

Unfortunately, for now controller is a backup solution. So it can't be configured as a primary. It will only be used if you have no AAA configured or if the configured AAA doesn't reply...

Jerome

New Member

Re: Users of Particular SSID not able to get authenticated in WL

Hi Jerome,

Thank you very much for the answer .

Regards

Anantha Subramanian Natarajan

Hall of Fame Super Red

Re: Users of Particular SSID not able to get authenticated in WL

Hey guys,

Scott and Jerome, that is some pretty slick troubleshooting and also something I have never heard of. +5 points to both of you for your continued great work here!

Thanks again,

Rob

"May your heart always be joyful And may your song always be sung May you stay forever young " - Dylan
416
Views
37
Helpful
9
Replies