Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Wired guest lan authentication through NGS

Hello Guys,

We have 5508 controller running ver 7.2.110.0.We have configured wireless guest and wired guest WLAN profiles and assosicated necessary dynamic interfaces to it. The authentication for both wireless and wired guest is through Cisco NGS[NAC]. I have configured Webauth and added the server in the security tab for authentication. I have guest user accounts created in NGS, if I use wirless guest the auth works perfect. But the same credentials is not working with wired guest. Any advice on this issue would be really helpful

Regards

Krishna

Everyone's tags (3)
4 REPLIES
Hall of Fame Super Silver

Re: Wired guest lan authentication through NGS

Your using NGS as a radius server only correct? If so, you should see errors generated on the NGS or the WLC to why the login failed. Does a different username work?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: Wired guest lan authentication through NGS

Hey Scott,

Yes NGS is working as Radius. However I haven't checked on WLC neither NGS log to see if there is any but let me look into that. No other names also doesn't work. I did run a debug on WLC while the user was authenticating below is the output

Output of debug for wireless user where I am getting Accept message for auth at the end

User IP ADDR - 172.22.207.157

*aaaQueueReader: Aug 20 09:44:29.940: 00:23:14:ec:3d:38 Successful transmission of Authentication Packet (id 190) to 194.156.169.111:1812, proxy state 00:23:14:ec:3d:38-00:01

*aaaQueueReader: Aug 20 09:44:29.940: 00000000: 01 be 00 a2 cd 8f 91 44  a2 4f 85 f1 04 f7 14 9a  .......D.O......

*aaaQueueReader: Aug 20 09:44:29.940: 00000010: d0 3e 42 94 01 1b 6d 61  68 65 62 6f 6f 62 2e 6b  .>B...maheboob.k

*aaaQueueReader: Aug 20 09:44:29.940: 00000020: 68 61 6e 40 61 6d 61 64  65 75 73 2e 63 6f 6d 02  han@amadeus.com.

*aaaQueueReader: Aug 20 09:44:29.940: 00000030: 12 34 fc 96 01 47 ed 5e  d3 8d 08 4e 72 ce 1d b5  .4...G.^...Nr...

*aaaQueueReader: Aug 20 09:44:29.940: 00000040: da 06 06 00 00 00 01 04  06 ac 16 cf 83 05 06 00  ................

*aaaQueueReader: Aug 20 09:44:29.940: 00000050: 00 00 0d 20 0b 42 4c 52  57 4c 43 4f 30 31 3d 06  .....BLRWLCO01=.

*aaaQueueReader: Aug 20 09:44:29.940: 00000060: 00 00 00 13 1a 0c 00 00  37 63 01 06 00 00 00 01  ........7c......

*aaaQueueReader: Aug 20 09:44:29.940: 00000070: 1f 10 31 37 32 2e 32 32  2e 32 30 37 2e 31 35 37  ..172.22.207.157

*aaaQueueReader: Aug 20 09:44:29.940: 00000080: 1e 10 31 37 32 2e 32 32  2e 32 30 37 2e 31 33 31  ..172.22.207.131

*aaaQueueReader: Aug 20 09:44:29.940: 00000090: 50 12 ef 00 53 8b 39 31  14 93 b3 82 1c f5 b5 51  P...S.91.......Q

*aaaQueueReader: Aug 20 09:44:29.940: 000000a0: 82 45                                             .E

*radiusTransportThread: Aug 20 09:44:30.516: 00000000: 02 be 00 1a 0c 8e d4 54  91 55 d6 ae b2 91 05 6e  .......T.U.....n

*radiusTransportThread: Aug 20 09:44:30.516: 00000010: 93 f9 4b 7e 1b 06 00 21  70 70                    ..K~...!pp

*radiusTransportThread: Aug 20 09:44:30.517: ****Enter processIncomingMessages: response code=2

*radiusTransportThread: Aug 20 09:44:30.517: ****Enter processRadiusResponse: response code=2

*radiusTransportThread: Aug 20 09:44:30.517: 00:23:14:ec:3d:38 Access-Accept received from RADIUS server 194.156.169.111 for mobile 00:23:14:ec:3d:38 receiveId = 0

But for wired user below is the output

User IP ADDR - 172.22.207.151

5.338: 00:26:b9:e0:36:a6 Successful transmission of Authentication Packet (id 188) to 194.156.169.111:1812, proxy state 00:26:b9:e0:36:a6-00:01

*aaaQueueReader: Aug 20 09:35:15.338: 00000000: 01 bc 00 a2 2c fe c1 97  a7 d1 25 a0 59 34 89 38  ....,.....%.Y4.8

*aaaQueueReader: Aug 20 09:35:15.338: 00000010: c1 be 59 f3 01 1b 6d 61  68 65 62 6f 6f 62 2e 6b  ..Y...maheboob.k

*aaaQueueReader: Aug 20 09:35:15.338: 00000020: 68 61 6e 40 61 6d 61 64  65 75 73 2e 63 6f 6d 02  han@amadeus.com.

*aaaQueueReader: Aug 20 09:35:15.338: 00000030: 12 37 c7 5c 52 27 41 5b  0d 60 98 70 76 3b b3 ba  .7.\R'A[.`.pv;..

*aaaQueueReader: Aug 20 09:35:15.338: 00000040: f5 06 06 00 00 00 01 04  06 ac 16 cd 74 05 06 00  ............t...

*aaaQueueReader: Aug 20 09:35:15.338: 00000050: 00 00 0d 20 0b 42 4c 52  57 4c 43 4f 30 31 3d 06  .....BLRWLCO01=.

*aaaQueueReader: Aug 20 09:35:15.338: 00000060: 00 00 00 0f 1a 0c 00 00  37 63 01 06 00 00 02 02  ........7c......

*aaaQueueReader: Aug 20 09:35:15.338: 00000070: 1f 10 31 37 32 2e 32 32  2e 32 30 37 2e 31 35 31  ..172.22.207.151

*aaaQueueReader: Aug 20 09:35:15.338: 00000080: 1e 10 31 37 32 2e 32 32  2e 32 30 35 2e 31 31 36  ..172.22.205.116

*aaaQueueReader: Aug 20 09:35:15.338: 00000090: 50 12 36 60 54 47 0b 84  02 5c 0b da 19 a1 05 eb  P.6`TG...\......

*aaaQueueReader: Aug 20 09:35:15.338: 000000a0: af 2b                                             .+

*aaaQueueReader: Aug 20 09:35:17.053: AuthenticationRequest: 0x2ab12b50

Hall of Fame Super Silver

Wired guest lan authentication through NGS

You need to look at the logs.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
New Member

Re: Wired guest lan authentication through NGS

Hey Scott,

I did look into the logs in WLC it says that the Radius was not able to authenticate the user and mentioned the laptop's ethernet mac addr and the reason it shows as unknown

Regards

Krishna

355
Views
0
Helpful
4
Replies