Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WLC 4402 RADIUS Authentication with IAS


I configured a WLAN with PEAP (CHAP v2)and Radius authentication to a Win 2003 IAS Radius Server.

On the controller 4402 the layer 2 security is set to WPA1+WPA2 with 802.1x authentication.

The IAS server don't use the configured policy when a authentication reguest arrive.

I there an issue with special RADIUS attributes or configuration items on the IAS Server?

The following event appear in the windows logs:

User STANS\kaesmr was denied access.

Fully-Qualified-User-Name = STANS\kaesmr

NAS-IP-Address =

NAS-Identifier = keynet-01

Called-Station-Identifier = 00-18-74-FB-CA-20:keynet

Calling-Station-Identifier = 00-16-CE-52-C8-EB

Client-Friendly-Name = Wireless-Controller

Client-IP-Address =

NAS-Port-Type = Wireless - IEEE 802.11

NAS-Port = 1

Proxy-Policy-Name = Windows-Authentifizierung f?r alle Benutzer verwenden

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = <undetermined>

Authentication-Type = Extension

EAP-Type = <undetermined>

Reason-Code = 21

Reason = The request was rejected by a third-party extension DLL file.

  • Security and Network Management

Re: WLC 4402 RADIUS Authentication with IAS

What I understand from your post is that the authentication is not handled by your IAS server. IF I am correct, the problem might be with the "Allow AA override" option disabled in your WLAN. If it is enabled, then the AAA server or your IAS server will override the security parameters set locally on the controller.

So, first ensure whether "Allow AAA override" is enabled under Controller--->WLAN field.

Also, chek out the logs of the IAS server for obtaining more info on this.

This widget could not be displayed.