Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACS UPgrade Problem

Hi,

I was running ACS3.0 and I upgraded to 4.0 now The access points or clients cannot authenticate. Does anyone had similar problems?

Thanks in advance.

Biju

5 REPLIES

Re: ACS UPgrade Problem

Hi,

Do you see any hits on acs failed attempts ?

Regards

Community Member

Re: ACS UPgrade Problem

Not at all but I could see authentication failed on the access point and sometimes it say ports not open.

Re: ACS UPgrade Problem

Please make sure in ACS that AAA-Client key and NDG key are same or better keep AP in not-assigned group.

If issue is still there get debugs from AP,

debug radius

debug aaa authentication

Regards,

Community Member

Re: ACS UPgrade Problem

This is the output for debug

User Access Verification

WIRELESS_TEST#debug radius brief

Radius protocol debugging is on

Radius protocol brief debugging is on

Radius protocol verbose debugging is off

Radius packet hex dump debugging is off

Radius packet protocol debugging is off

Radius elog debugging debugging is off

Radius packet retransmission debugging is off

Radius server fail-over debugging is off

Radius elog debugging debugging is off

WIRELESS_TEST#

Jun 20 14:29:23.169: RADIUS/ENCODE(00000002):Orig. component type = DOT11

Jun 20 14:29:23.170: RADIUS(00000002): Storing nasport 257 in rad_db

Jun 20 14:29:23.170: RADIUS(00000002): Config NAS IP: 10.100.1.88

Jun 20 14:29:23.170: RADIUS(00000002): Config NAS IP: 10.100.1.88

Jun 20 14:29:23.170: RADIUS(00000002): Send Access-Request to 10.1.2.2:1812 id 1

645/1, len 134

Jun 20 14:29:28.776: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000

Jun 20 14:29:28.776: RADIUS: Retransmit to (10.1.2.2:1812,1813) for id 1645/1

Jun 20 14:29:33.800: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000

Jun 20 14:29:33.800: RADIUS: Retransmit to (10.1.2.2:1812,1813) for id 1645/1

Jun 20 14:29:39.240: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000

Jun 20 14:29:39.240: RADIUS: Retransmit to (10.1.2.2:1812,1813) for id 1645/1

Jun 20 14:29:44.680: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000

Jun 20 14:29:44.680: RADIUS: No response from (10.1.2.2:1812,1813) for id 1645/1

Jun 20 14:29:44.680: RADIUS/DECODE: parse response no app start; FAIL

Jun 20 14:29:44.680: RADIUS/DECODE: parse response; FAIL

Jun 20 10:29:44.681 R: %DOT11-7-AUTH_FAILED: Station 0013.021d.f404 Authenticati

on failed

Jun 20 14:29:45.229: RADIUS/ENCODE(00000003):Orig. component type = DOT11

Jun 20 14:29:45.230: RADIUS(00000003): Storing nasport 258 in rad_db

Jun 20 14:29:45.230: RADIUS(00000003): Config NAS IP: 10.100.1.88

Jun 20 14:29:45.230: RADIUS(00000003): Config NAS IP: 10.100.1.88

Jun 20 14:29:45.230: RADIUS(00000003): Send Access-Request to 10.1.2.2:1812 id 1

645/2, len 134

Jun 20 14:29:50.760: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000

Jun 20 14:29:50.760: RADIUS: Retransmit to (10.1.2.2:1812,1813) for id 1645/2

Jun 20 14:29:56.296: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000

Jun 20 14:29:56.296: RADIUS: Retransmit to (10.1.2.2:1812,1813) for id 1645/2

Jun 20 14:30:02.353: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000

Jun 20 14:30:02.353: RADIUS: Retransmit to (10.1.2.2:1812,1813) for id 1645/2

Jun 20 14:30:07.841: RADIUS: no sg in radius-timers: ctx 0xBBBA70 sg 0x0000

Jun 20 14:30:07.841: RADIUS: No response from (10.1.2.2:1812,1813) for id 1645/2

Jun 20 14:30:07.841: RADIUS/DECODE: parse response no app start; FAIL

Jun 20 14:30:07.841: RADIUS/DECODE: parse response; FAIL

Jun 20 10:30:07.842 R: %DOT11-7-AUTH_FAILED: Station 0013.021d.f404 Authenticati

on failed

Re: ACS UPgrade Problem

Thanks for the info.

Radius is not responding to the authen request. Can you please reissue secret key on ACS for this particular NAS ?

Is there any other device that works fine using same ACS ?

Incase this is ACS appliance then go to network configuration ---> Proxy Dis table----> Bring the name listed in AAA SERVERS to FORWARD TO box and name listed in FORWARD to box to AAA servers.

Regards

169
Views
0
Helpful
5
Replies
CreatePlease to create content