06-23-2012 07:41 AM - edited 03-10-2019 07:13 PM
Hello,
I have a new for use ACS 1120 with 5.0.0.21 software. The purpose of the ACS is to authenticate Wireless users based on an ACS defined external identity source, LDAP. The following configs are made:
- LDAP is configured as an external identity source on ACS.
- WLC is configured on ACS as AAA client.
- WLC is configured to use ACS RADIUS server (10.140.19.20) and WLANs are configured for [WPA2][Auth(802.1X)] AAA authentication.
But for some reason AAA requests from WLC can not reach the ACS. Both devices are connected to the same 6506 switch, there is no firewall inbetween. There is no fail/success RADIUS log on ACS. This is the log from the WLC. PLEASE HELP!!!
4 | Sat Jun 23 05:41:032012 | RADIUS server 10.140.19.20:1813 deactivated in global list |
5 | Sat Jun 23 05:41:03 2012 | RADIUS server 10.140.19.20:1813 failed to respond to request (ID 70) for client 00:22:fa:1d:3a:ae / user 'unknown' |
6 | Sat Jun 23 05:40:40 2012 | RADIUS server 10.140.19.20:1813 deactivated in global list |
7 | Sat Jun 23 05:40:40 2012 | RADIUS server 10.140.19.20:1813 failed to respond to request (ID 69) for client 00:16:ea:c9:2d:dc / user 'unknown' |
8 | Sat Jun 23 05:40:40 2012 | RADIUS server 10.140.19.20:1813 deactivated in global list |
9 | Sat Jun 23 05:40:40 2012 | RADIUS server 10.140.19.20:1813 failed to respond to request (ID 68) for client 00:16:ea:c9:2d:dc / user 'unknown' |
06-23-2012 08:53 AM
hello. what EAP type are you using on the wireless clients? see the following link for ldap/EAP compatability in ACS 5:
hth
andy
06-23-2012 10:26 AM
This is a known issue with ACS 5.0
You won't even see any request/packet on ACS for wireless/eap traffic.
Please upgrade it to 5.1 pr above. This issue will be resolved.
Regards,
Jatin
Do rate helpful posts-
06-23-2012 09:17 PM
Dear Jatin,
Do you mean I can not see any EAP logs or it does not support EAP? If I can not see any logs how am I supposed to work on it?
Another thing, is there any way I can upgrade it to v5.1 with out having a cisco contract number? I couldnt download the upgrade files.
06-24-2012 01:20 PM
Yes, you won't see any hits on ACS for PEAP authentication failure. Also, you should have a valid contract with Cisco before you download the latest images.
If you would like to test, you may download the evaluation vesrion of ACS 5.3 along with the trial license file.
Regards,
Jatin
Do rate helpful posts-
06-24-2012 10:14 PM
I couldnt even download the evaluation version unless I have a valid contract number, it is much easier to download an evaluation licese. How do I download the evaluation version of ACS5.3 ?
06-24-2012 11:42 PM
The best thing to do at this point is to reach out to your Sales team or contact the vendor you purchased your ACS 1121 from, so they can get the software to you. The intent of the forums is to help solve configuration issues. If the issue you are running into warrants a software upgrade then you have to seek other channels in order to get your problem solved.
I dont mean to offend but I recently was an employee of Cisco working in TAC and have been a member of the support community and I am trying to help point your efforts in the right direction.
thanks,
Tarik Admani
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide