This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have a new for use ACS 1120 with 220.127.116.11 software. The purpose of the ACS is to authenticate Wireless users based on an ACS defined external identity source, LDAP. The following configs are made:
- LDAP is configured as an external identity source on ACS.
- WLC is configured on ACS as AAA client.
- WLC is configured to use ACS RADIUS server (10.140.19.20) and WLANs are configured for [WPA2][Auth(802.1X)] AAA authentication.
But for some reason AAA requests from WLC can not reach the ACS. Both devices are connected to the same 6506 switch, there is no firewall inbetween. There is no fail/success RADIUS log on ACS. This is the log from the WLC. PLEASE HELP!!!
|4||Sat Jun 23 05:41:032012||RADIUS server 10.140.19.20:1813 deactivated in global list|
|5||Sat Jun 23 05:41:03 2012||RADIUS server 10.140.19.20:1813 failed to respond to request (ID 70) for client 00:22:fa:1d:3a:ae / user 'unknown'|
|6||Sat Jun 23 05:40:40 2012||RADIUS server 10.140.19.20:1813 deactivated in global list|
|7||Sat Jun 23 05:40:40 2012||RADIUS server 10.140.19.20:1813 failed to respond to request (ID 69) for client 00:16:ea:c9:2d:dc / user 'unknown'|
|8||Sat Jun 23 05:40:40 2012||RADIUS server 10.140.19.20:1813 deactivated in global list|
|9||Sat Jun 23 05:40:40 2012||RADIUS server 10.140.19.20:1813 failed to respond to request (ID 68) for client 00:16:ea:c9:2d:dc / user 'unknown'|
hello. what EAP type are you using on the wireless clients? see the following link for ldap/EAP compatability in ACS 5:
This is a known issue with ACS 5.0
You won't even see any request/packet on ACS for wireless/eap traffic.
Please upgrade it to 5.1 pr above. This issue will be resolved.
Do rate helpful posts-
Do you mean I can not see any EAP logs or it does not support EAP? If I can not see any logs how am I supposed to work on it?
Another thing, is there any way I can upgrade it to v5.1 with out having a cisco contract number? I couldnt download the upgrade files.
Yes, you won't see any hits on ACS for PEAP authentication failure. Also, you should have a valid contract with Cisco before you download the latest images.
If you would like to test, you may download the evaluation vesrion of ACS 5.3 along with the trial license file.
Do rate helpful posts-
I couldnt even download the evaluation version unless I have a valid contract number, it is much easier to download an evaluation licese. How do I download the evaluation version of ACS5.3 ?
The best thing to do at this point is to reach out to your Sales team or contact the vendor you purchased your ACS 1121 from, so they can get the software to you. The intent of the forums is to help solve configuration issues. If the issue you are running into warrants a software upgrade then you have to seek other channels in order to get your problem solved.
I dont mean to offend but I recently was an employee of Cisco working in TAC and have been a member of the support community and I am trying to help point your efforts in the right direction.