Connection to wireless networks fails with the following error:
Tue Aug 5 11:15:54 2008 RADIUS server 10.57.10.4:1812 deactivated in global list
Tue Aug 5 11:15:54 2008 RADIUS server 10.57.10.4:1812 failed to respond to request (ID 111) for client 00:16:6f:74:e2:b9 / user 'unknown'
I am not sure why these just started happening after being stable for long time.
The reason for this is that a silent discard is a valid radius response for a client when a certificate does not match.
The following url will help you:
Its a cisco Wireless Controller LAN were we see the following error:
RADIUS server 10.57.10.247:1813 failed to respond to request (ID 250) for client 00:13:02:88:df:d8 / user 'unknown'
RADIUS server 10.57.10.247:1813 deactivated in global
Okay, but can you post what the ACS shows under failed attemps. You can have an issues with the wlc not being added to AAA, or bad shared key on either end, or the radius setup on the wlc and in the ssid. Not knowing how things are configured makes it tough to figure out.
We also having the above issues.
I can confirm that the wlc is on our ACS (RADIUS), the shared key on both ends are the same. The certs have been added to ACS with EAP-TLS checked under Global Authentiaction. There are users and hardware certs on the devices trying to connect to.
Setup looks identical to our LAB environment which is not having issues.
The error on WLC:
RADIUS server 10.139.156.221:1812 failed to respond to request (ID 131) for client 00:13:ce:ed:2b:b0 / user 'unknown'
The error on ACS - Failed attempts:
Message Type: Bad request from NAS
Authen-Failure-Code: Invalid message authenticator in EAP
Any help/advice would be greatly appreciated
We are also facing the same issue, when trying to get authentication from Windows IAS.
WLC is showing the same logs as patel says.
If you ppl have got any solution do let me know as well!
So did you find the solution to your problem I am having the same issue with a couple of controllers.
So I would really appreciate if you share the solution
For our situation, it looked like the issue was that WLC GUI was not accepting the correct secret key of ACS.
As soon as we entered the secret key via the CLI, we were able to confirm connectivity between laptop and AP/WLC. Apparently the above issue is a known bug with the version we had.
Also confirm that the secret key on the ACS device and NDG is the same as that on the WLC.
Hope this helps
I have tried to change the shared secret from GUI, we are suspecting some integration issue between WLC and IAS, may be due to some certificate expiration, we are in touch with system to get this verified.
Meanwhile i would go for changing the shared secret key from CLI.
kindly, send me the link of that bug that you have come across.