Re: RADIUS MAC Authentication problem

Rutger Blom · ‎04-03-2007

Hello,

Since we are using a wlc 4402 we have problems with MAC authentication via RADIUS. Our MAC addresses are in an external LDAP database and this worked fine with IOS AP's. Now we receive an "Internal Error" in the "Failed Attempts" log. We use Cisco ACS 4.1 as our RADIUS server.

Any ideas?

Kind regards,

Rutger

darpotter · ‎04-03-2007

Is you're seing these errors it means something in ACS is broken.

This could be because of a protocol error or because its plain broke. You'll need to get the services logs (csradius, csauth etc) and look for errors.

Errors can be found easily by searching for the string " E ", ie E

If youre lucky the error message might mean something, otherwise you'll have to contact the TAC.

Rutger Blom · ‎04-03-2007

Thanks for your quick reply!

Why is MAC authentication still working for our IOS AP's? Must be something about the way the wlc 4402 sends RADIUS packets to the ACS 4.1 that causes the error?

Kind regards,

Rutger

itseriab · ‎11-14-2007

I am experiencing the same problem.

Works great when the AP's request MAC verification, however when Cisco Wireless Controller (4402) requests verification i get the same error.

"14-11-2007 20:16:25 Auth.Info kestrel CisACS_02_FailedAuth 16joeo7dn 1 0 Message-Type=Authen failed,User-Name=xx4096xxxxxx,NAS-IP-Address=10.113.1.200,Authen-Failure-Code=Internal error,Caller-ID=xx-40-96-xx-xx-xx,NAS-Port=2"

I replaced some digits on MAC address with x.

itseriab · ‎11-14-2007

UPDATE!

After posting I decided to look at the ACS patch notes to see if any of the bugs refered the "Internal Error"

Found patch Acs-4.1.1.23.3-SW and installed it and its working now.

Just FYI