cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

997
Views
13
Helpful
6
Replies
Highlighted
Beginner

WLC can't communicate with ACS.

Hello,

I have a new for use ACS 1120 with 5.0.0.21 software. The purpose of the ACS is to authenticate Wireless users based on an ACS defined external identity source, LDAP. The following configs are made:

- LDAP is configured as an external identity source on ACS.

- WLC is configured on ACS as AAA client.

- WLC is configured to use ACS RADIUS server (10.140.19.20) and WLANs are configured for [WPA2][Auth(802.1X)] AAA authentication.

But for some reason AAA requests from WLC can not reach the ACS. Both devices are connected to the same 6506 switch, there is no firewall inbetween. There is no fail/success RADIUS log on ACS.  This is the log from the WLC. PLEASE HELP!!!

4Sat Jun 23 05:41:032012    RADIUS server 10.140.19.20:1813 deactivated in global list
5Sat Jun 23 05:41:03 2012    RADIUS server 10.140.19.20:1813 failed to respond to request (ID 70) for client 00:22:fa:1d:3a:ae / user 'unknown'
6Sat Jun 23 05:40:40 2012     RADIUS server 10.140.19.20:1813 deactivated in global list
7Sat Jun 23 05:40:40 2012     RADIUS server 10.140.19.20:1813 failed to respond to request (ID 69) for client 00:16:ea:c9:2d:dc / user 'unknown'
8Sat Jun 23 05:40:40 2012     RADIUS server 10.140.19.20:1813 deactivated in global list
9Sat Jun 23 05:40:40 2012     RADIUS server 10.140.19.20:1813 failed to respond to request (ID 68) for client 00:16:ea:c9:2d:dc / user 'unknown'
Everyone's tags (3)
6 REPLIES 6
Highlighted
Contributor

WLC can't communicate with ACS.

hello. what EAP type are you using on the wireless clients? see the following link for ldap/EAP compatability in ACS 5:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.0/user/guide/EAP_PAP_Phase.html#wp1014938

hth

andy

Highlighted
Cisco Employee

WLC can't communicate with ACS.

This is a known issue with ACS 5.0

You won't even see any request/packet on ACS for wireless/eap traffic.

Please upgrade it to 5.1 pr above. This issue will be resolved.

Regards,

Jatin

Do rate helpful posts-

~Jatin Katyal
Highlighted
Beginner

WLC can't communicate with ACS.

Dear Jatin,

Do you mean I can not see any EAP logs or it does not support EAP? If I can not see any logs how am I supposed to work on it?

Another thing, is there any way I can upgrade it to v5.1 with out having a cisco contract number? I couldnt download the upgrade files.

Highlighted
Cisco Employee

WLC can't communicate with ACS.

Yes, you won't see any hits on ACS for PEAP authentication failure. Also, you should have a valid contract with Cisco before you download the latest images.

If you would like to test, you may download the evaluation vesrion of ACS 5.3 along with the trial license file.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/installation/guide/csacs_vmware.html#wp1069919

Regards,

Jatin

Do rate helpful posts-

~Jatin Katyal
Beginner

WLC can't communicate with ACS.

I couldnt even download the evaluation version unless I have a valid contract number, it is much easier to download an evaluation licese. How do I download the evaluation version of ACS5.3 ?

Highlighted
Advocate

WLC can't communicate with ACS.

The best thing to do at this point is to reach out to your Sales team or contact the vendor you purchased your ACS 1121 from, so they can get the software to you. The intent of the forums is to help solve configuration issues. If the issue you are running into warrants a software upgrade then you have to seek other channels in order to get your problem solved.

I dont mean to offend but I recently was an employee of Cisco working in TAC and have been a member of the support community and I am trying to help point your efforts in the right direction.

thanks,

Tarik Admani

Tarik Admani
*Please rate helpful posts*