Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
635
Views
5
Helpful
6
Replies

Problem on ACS Solutions Engine (4.0)

Go to solution
Dave Anthony David
Level 1
Level 1

‎08-10-2006 08:56 PM - edited ‎07-04-2021 12:50 PM

Hi. I'm currently using an ACS SE4.0, WLC 2006, 1130AG LWAPP APs.

My authentication in WLC is set on WPA2. No Layer 3 security.

I also added Radius server pointing to my ACS SE4.0 and uses port 1812.

I have user defined on ACS SE4.0, configured to support EAP-FAST, EAP-LEAP.

I added my WLC 2006 on ACS SE4.0 as NAS and uses 'Authenticate using' Cisco Aironet

Now, I have Cisco ABG card on my laptop and configured to run WPA/WPA2/CCKM, EAP-FAST.

Now my problem is, I can't authenticate because there's an error in WLC saying 'No Radius Servers Are Responding'

Is there are any solution on these?

P.S.

I installed ACS4.0 (running on Windows 2000 Server) the same configuration as what on my ACS SE4.0, and guess what, it works flawless.

I'm beginning to think if these would be a BUG on ACS Solution Engine 4.0?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.brazier
Level 4
Level 4
In response to Dave Anthony David

‎08-15-2006 11:48 PM

You need to:

Go to Interface Configuration, Advanced Options. Check the Distributed System Settings check box and submit.

Go to Network Interfaces, scroll down the view to the Proxy tables. Click the entry shown. You will see a list of ?available? and ?in use? proxy servers. Remove the server (probably shown as the hostname of the ACS) from the ?in use? column and add the server DELIVERANCE1 to the ?in use? column. In effect you are swapping them over. Submit and restart services if required.

Go to Network Interfaces, under AAA servers you will see two servers listed. One will have the correct IP address and one will (probably) have a 169.x.x.x address probably showing the correct hostname. Click the hostname of the entry with the 169.x.x.x address and on the next screen click the Delete and Submit button to remove it.

After you've done that it shoudl work. I had the same problem and ended up speaking to TAC to get it resolved (even they were struggling with it for a while). I was finding that the AP's were sending RADIUS requests to the ACS (sniffed them with Ethereal) but it wasn't replying. The way it configures itself in the Proxy Distribution table means that the "real" ACS server is passing all the auth requests to the spurious one which doesn't really exist so doesn't reply. Very helpfully, nothing is logged on the ACS to tell you what's going on.

Hope this helps.

View solution in original post

6 Replies 6

Go to solution
andrew.brazier
Level 4
Level 4

‎08-15-2006 04:18 AM

On the ACS SE, under Network Configuration check to see if the ACS is listed twice under AAA Servers. If it is, it's configured itself with an internal loop and will never authenticate. If you reply to this I will explain what to do to fix it.

0 Helpful

Go to solution
Dave Anthony David
Level 1
Level 1
In response to andrew.brazier

‎08-15-2006 03:58 PM

Hi Andrew, thanks for the reply.

You are right, it was configured twice under Network Configuration -> AAA Servers.

How to solve this issue?

Thanks in advanced

Regards,

Dave

0 Helpful

Go to solution
andrew.brazier
Level 4
Level 4
In response to Dave Anthony David

‎08-15-2006 11:48 PM

You need to:

Go to Interface Configuration, Advanced Options. Check the Distributed System Settings check box and submit.

Go to Network Interfaces, scroll down the view to the Proxy tables. Click the entry shown. You will see a list of ?available? and ?in use? proxy servers. Remove the server (probably shown as the hostname of the ACS) from the ?in use? column and add the server DELIVERANCE1 to the ?in use? column. In effect you are swapping them over. Submit and restart services if required.

Go to Network Interfaces, under AAA servers you will see two servers listed. One will have the correct IP address and one will (probably) have a 169.x.x.x address probably showing the correct hostname. Click the hostname of the entry with the 169.x.x.x address and on the next screen click the Delete and Submit button to remove it.

After you've done that it shoudl work. I had the same problem and ended up speaking to TAC to get it resolved (even they were struggling with it for a while). I was finding that the AP's were sending RADIUS requests to the ACS (sniffed them with Ethereal) but it wasn't replying. The way it configures itself in the Proxy Distribution table means that the "real" ACS server is passing all the auth requests to the spurious one which doesn't really exist so doesn't reply. Very helpfully, nothing is logged on the ACS to tell you what's going on.

Hope this helps.

Go to solution
Dave Anthony David
Level 1
Level 1
In response to andrew.brazier

‎08-16-2006 03:00 AM

Hi there Andrew!

Thank you sir.. It's now working..

0 Helpful

Go to solution
andrew.brazier
Level 4
Level 4
In response to Dave Anthony David

‎08-16-2006 06:06 AM

Great! I think the cause in my case was initially connecting the LAN cable to the wring interface but I'm not entirely sure because even after connecting it to the right interface and imaging the thing it still didn't work as it should. Having said that, I built another one last week which behaved perfectly from the word go. A wierd one!

0 Helpful

Go to solution
jraulinaitis
Level 1
Level 1
In response to andrew.brazier

‎08-17-2006 12:58 PM

I had this same issue, and I got lucky finding seeing the problem, because I think by default proxy servers aren't listed in the interfce.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card