Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cannot ping IAS RADIUS from WLC 2504

I'm having some weird issues where I cannot ping from the WLC to the IAS RADIUS server.  All of my clients cannot connect, but from the switch, router, RADIUS server, and hard wired clients, I can ping to the WLC and RADIUS server.  The only thing that cannot ping the RADIUS server is the WLC itself.  Nothing in the FW is blocking connectivity.  Any ideas?

(Cisco Controller) >show radius summ

Vendor Id Backward Compatibility................. Disabled

Call Station Id Case............................. lower

Call Station Id Type............................. IP Address

Aggressive Failover.............................. Disabled

Keywrap.......................................... Disabled

Fallback Test:

    Test Mode.................................... Off

    Probe User Name.............................. cisco-probe

    Interval (in seconds)........................ 300

MAC Delimiter for Authentication Messages........ none

MAC Delimiter for Accounting Messages............ hyphen

Authentication Servers

Idx  Type  Server Address    Port    State     Tout  RFC3576  IPSec - AuthMode/Phase1/Group/Lifetime/Auth/Encr

---  ----  ----------------  ------  --------  ----  -------  ------------------------------------------------

1    NM    10.10.50.63       1645    Enabled   5     Enabled   Disabled - none/unknown/group-0/0 none/none

2    NM    10.10.50.130      1645    Enabled   5     Enabled   Disabled - none/unknown/group-0/0 none/none

Accounting Servers

Idx  Type  Server Address    Port    State     Tout  RFC3576  IPSec - AuthMode/Phase1/Group/Lifetime/Auth/Encr

---  ----  ----------------  ------  --------  ----  -------  ------------------------------------------------

1      N     10.10.50.63       1646    Enabled   5     N/A       Disabled - none/unknown/group-0/0 none/none

2      N     10.10.50.130      1646    Enabled   5     N/A       Disabled - none/unknown/group-0/0 none/none

Everyone's tags (7)
11 REPLIES

Cannot ping IAS RADIUS from WLC 2504

do you have a dynamic inerface created on the WLC that is in the 10.10.50.x subnet?  if you do, that would be why it's not working.

Best practices state that you should not have a dynamic interface configured for any subnet you need to reach on the wire.

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Cannot ping IAS RADIUS from WLC 2504

I don't have a 10.10.50.x subnet on this network.  It's at a WAN site and authenticating through the WAN link back to HQ where the 10.10.50.x network lives.

(Cisco Controller) >show interface summary

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Gu                                                  est

-------------------------------- ---- -------- --------------- ------- ------ --                                                  ---

hp wireless                      1    4        10.31.72.5      Dynamic No     No                                                 

hpvoice                          1    5        10.36.72.15     Dynamic No     No                                                 

management                       1    untagged 10.30.72.250    Static  Yes    No                                                 

virtual                          N/A  N/A      1.1.1.1         Static  No     No    

Cannot ping IAS RADIUS from WLC 2504

can you tracert from the IAS and see where the packet dies out? 

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Cannot ping IAS RADIUS from WLC 2504

From the IAS, it traces fine.  I can ping from WAN switch and router and WAN hard wired clients to IAS and other addresses.  I can ping from IAS to the WLC, switches, routers etc. on the remote side.  The only place if fails is when pinging from the WLC to the IAS.

From the IAS:

Pinging 10.30.72.250 with 32 bytes of data:

Reply from 10.30.72.250: bytes=32 time=24ms TTL=125

Reply from 10.30.72.250: bytes=32 time=31ms TTL=125

Reply from 10.30.72.250: bytes=32 time=17ms TTL=125

Reply from 10.30.72.250: bytes=32 time=24ms TTL=125

Ping statistics for 10.30.72.250:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 17ms, Maximum = 31ms, Average = 24ms

From the WLC:

(Cisco Controller) >ping 10.10.50.63

Send count=3, Receive count=0 from 10.10.50.63

Cannot ping IAS RADIUS from WLC 2504

can you post a show interface detailed management and show arp switch?

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Cannot ping IAS RADIUS from WLC 2504

It's in the arp cache through the default router

(Cisco Controller) >show interface detailed management

Interface Name................................... management

MAC Address...................................... d0:c2:82:df:5b:c0

IP Address....................................... 10.30.72.250

IP Netmask....................................... 255.255.255.0

IP Gateway....................................... 10.30.72.1

External NAT IP State............................ Disabled

External NAT IP Address.......................... 0.0.0.0

VLAN............................................. untagged

Quarantine-vlan.................................. 0

Active Physical Port............................. 1

Primary Physical Port............................ 1

Backup Physical Port............................. Unconfigured

Primary DHCP Server.............................. 10.10.10.65

Secondary DHCP Server............................ Unconfigured

DHCP Option 82................................... Disabled

ACL.............................................. Unconfigured

AP Manager....................................... Yes

Guest Interface.................................. No

L2 Multicast..................................... Disabled

(Cisco Controller) >show arp switch

Number of arp entries................................ 19

    MAC Address        IP Address     Port   VLAN   Type

------------------- ---------------- ------ ------ ------

50:57:A8:D6:DE:C0   10.10.19.1       1      5      Host

50:57:A8:D6:DE:C0   10.10.20.138     1      5      Host

50:57:A8:D6:DE:C0   10.10.50.63      1      5      Host

64:00:F1:08:A0:D0   10.30.72.1       1      0      Host

50:57:A8:9E:B5:CD   10.30.72.40      1      0      Host

50:57:A8:A1:7B:C5   10.30.72.44      1      0      Host

50:57:A8:9E:99:78   10.30.72.48      1      0      Host

50:57:A8:3B:66:E3   10.30.72.49      1      0      Host

00:07:7D:43:23:DA   10.30.72.58      1      0      Host

50:57:A8:9E:B6:1D   10.30.72.59      1      0      Host

50:57:A8:9E:95:C5   10.30.72.60      1      0      Host

50:57:A8:A1:7C:0D   10.30.72.61      1      0      Host

00:07:7D:65:36:DD   10.30.72.62      1      0      Host

50:57:A8:44:57:0C   10.30.72.63      1      0      Host

50:57:A8:CA:CC:01   10.30.72.64      1      0      Host

Re: Cannot ping IAS RADIUS from WLC 2504

For some reason the ping is going out of your voice VLAN 5 and not the management interface.

Can you reboot and see if it clears up?

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Cannot ping IAS RADIUS from WLC 2504

Rebooted and cleared arp on the switch it's connected to and still uses the vlan 5

New Member

Cannot ping IAS RADIUS from WLC 2504

Can you add static entries on the WLC?

Re: Cannot ping IAS RADIUS from WLC 2504

Can you post a show interface detail for the VLAN 5 interface?

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Cisco Employee

Re: Cannot ping IAS RADIUS from WLC 2504

*cannot add static arp entry to wlc.

check the subnet mask of interface vlan 5 or disable vlan 5.

get, show route from wlc.

1673
Views
0
Helpful
11
Replies