Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WDS radius auth not working (IAS+AP1200)

Hey,

I am trying to get WDS configured and working, but for some reason it is not correctly authenticating to the IAS radius server. I followed the cisco document exactly (except configured IAS instead of ACS).

I get the following when debugging radius authentication

*Mar 15 17:49:24.119: RADIUS: no sg in radius-timers: ctx 0xD4F44C sg 0x0000

*Mar 15 17:49:24.119: RADIUS: No response from (10.186.1.20:1812,1813) for id 1645/142

*Mar 15 17:49:24.119: RADIUS/DECODE: parse response no app start; FAIL

*Mar 15 17:49:24.119: RADIUS/DECODE: parse response; FAIL

*Mar 15 17:49:29.124: RADIUS: AAA Unsupported [262] 0

*Mar 15 17:49:29.125: RADIUS: AAA Unsupported [156] 3

*Mar 15 17:49:29.125: RADIUS: 33 [3]

*Mar 15 17:49:29.125: RADIUS(00000193): Storing nasport 382 in rad_db

*Mar 15 17:49:29.126: RADIUS(00000193): Config NAS IP: 172.20.8.10

*Mar 15 17:49:29.126: RADIUS/ENCODE(00000193): acct_session_id: 390

*Mar 15 17:49:29.126: RADIUS(00000193): sending

*Mar 15 17:49:29.126: RADIUS(00000193): Send Access-Request to 10.186.1.20:1812 id 1645/143, len 119

*Mar 15 17:49:29.126: RADIUS: authenticator C8 C6 03 56 46 27 64 7D - 3C D4 FF FB 3D AD 1A FF

*Mar 15 17:49:29.126: RADIUS: User-Name [1] 7 "wdsap"

*Mar 15 17:49:29.127: RADIUS: Framed-MTU [12] 6 1400

*Mar 15 17:49:29.127: RADIUS: Called-Station-Id [30] 16 "0014.6ab1.73b2"

*Mar 15 17:49:29.127: RADIUS: Calling-Station-Id [31] 16 "0014.6ab1.73b2"

*Mar 15 17:49:29.127: RADIUS: Service-Type [6] 6 Login [1]

*Mar 15 17:49:29.128: RADIUS: Message-Authenticato[80] 18 *

*Mar 15 17:49:29.128: RADIUS: EAP-Message [79] 12

*Mar 15 17:49:29.128: RADIUS: 02 02 00 0A 01 77 64 73 61 70 [?????wdsap]

*Mar 15 17:49:29.128: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]

*Mar 15 17:49:29.128: RADIUS: NAS-Port [5] 6 382

*Mar 15 17:49:29.128: RADIUS: NAS-IP-Address [4] 6 172.20.8.10

*Mar 15 17:49:34.617: RADIUS: no sg in radius-timers: ctx 0xA121F8 sg 0x0000

*Mar 15 17:49:34.617: RADIUS: Retransmit to (10.186.1.20:1812,1813) for id 1645/143

any idea what could be going on?

Thanks,

Brian Clark

1 REPLY
New Member

Re: WDS radius auth not working (IAS+AP1200)

Hi Brian,

WDS authentication uses LEAP protocol only (Cisco's proprietary). I didn't find any information saying that IAS supports LEAP. So, if you don't have an ACS, an option would be using the Local Radius Server on AP to authenticate WDS only. Also, if you have WLSE Express (only this) you can use this one for WDS authentication once it has AAA Server function.

166
Views
0
Helpful
1
Replies
CreatePlease login to create content