Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Wireless Access Point ACS Authentication failure

Need assistance in understanding debug output. Wireless AP are failing authentication through ACS. Difficulty is a separate group manages ACS and I do not have access to see corresponding error log. ACS group indicates it is a LEAP error and possibly a bug, requiring ACS upgrade to 4.0 from 3.3.

My question is not if this is true or not, but how to interpret the debug output to show the problem maybe 1 of the following;

1)invalid leap session key pair

2)misconfigured \ mismatched configuratitons

3) bug

4) something else

Thanks in advance


Re: Wireless Access Point ACS Authentication failure

It may be the issue, uncheck the fast reconnect option on ACS server and click on "submit+restart". Alternatively, enable fast reconnect on the supplicant and disable it on ACS.


Troubleshooting Procedure

This section provides troubleshooting information relevant to this configuration.

In order to eliminate the possibility of RF issues preventing successful authentication, temporarily disable authentication by setting the method on the SSID to Open.

From the GUI: On the SSID Manager page, uncheck Network-EAP and check Open.

From the command line: Use the commands authentication open and no authentication network-eap eap_methods.

If the client successfully associates, RF does not contribute to the association problem.

Verify that all shared secret passwords are synchronized. The lines radius-server host x.x.x.x auth-port x acct-port x key and nas x.x.x.x key must contain the same shared secret password.

Remove any user groups and configuration about user groups. Sometimes conflicts can occur between user groups defined by the AP, and user groups on the domain.

CreatePlease to create content