Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to login to WLC even after the successful authentication message is received from the RADIUS Server

Resolution

For the Remote Access Dial-In User Service (RADIUS) user to login to the controller, the login user entry in the RADIUS server has to be associated with an attribute, Service-Type.If this attribute is not sent back to the controller from the ACS, the authentication finishes successfully (access-accept) and you do not see any authorization error on the controller, even with debug aaa all enable.  But, you are prompted again for authentication. The only thing missing in the RADIUS return packet is the service type 6 attribute.

Refer to the Before Using RADIUS Attributes section of RADIUS Attributes for more information on how to configure the service-type attribute.

Problem Type

Cannot console or telnet or GUI into a device

Products

Wireless LAN Controllers

Security Options

LEAP / RADIUS

Authentication

Device Access Method

GUI Interface

Telnet

Terminal Server / Console

1209
Views
0
Helpful
0
Comments