cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr

Ask Me Anything – How to Enable Network Connectivity to Remote Workers
527
Views
0
Helpful
4
Replies
Highlighted

Wired guest lan authentication through NGS

Hello Guys,

We have 5508 controller running ver 7.2.110.0.We have configured wireless guest and wired guest WLAN profiles and assosicated necessary dynamic interfaces to it. The authentication for both wireless and wired guest is through Cisco NGS[NAC]. I have configured Webauth and added the server in the security tab for authentication. I have guest user accounts created in NGS, if I use wirless guest the auth works perfect. But the same credentials is not working with wired guest. Any advice on this issue would be really helpful

Regards

Krishna

Everyone's tags (3)
4 REPLIES 4
Highlighted
Hall of Fame Master

Re: Wired guest lan authentication through NGS

Your using NGS as a radius server only correct? If so, you should see errors generated on the NGS or the WLC to why the login failed. Does a different username work?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Highlighted

Re: Wired guest lan authentication through NGS

Hey Scott,

Yes NGS is working as Radius. However I haven't checked on WLC neither NGS log to see if there is any but let me look into that. No other names also doesn't work. I did run a debug on WLC while the user was authenticating below is the output

Output of debug for wireless user where I am getting Accept message for auth at the end

User IP ADDR - 172.22.207.157

*aaaQueueReader: Aug 20 09:44:29.940: 00:23:14:ec:3d:38 Successful transmission of Authentication Packet (id 190) to 194.156.169.111:1812, proxy state 00:23:14:ec:3d:38-00:01

*aaaQueueReader: Aug 20 09:44:29.940: 00000000: 01 be 00 a2 cd 8f 91 44  a2 4f 85 f1 04 f7 14 9a  .......D.O......

*aaaQueueReader: Aug 20 09:44:29.940: 00000010: d0 3e 42 94 01 1b 6d 61  68 65 62 6f 6f 62 2e 6b  .>B...maheboob.k

*aaaQueueReader: Aug 20 09:44:29.940: 00000020: 68 61 6e 40 61 6d 61 64  65 75 73 2e 63 6f 6d 02  han@amadeus.com.

*aaaQueueReader: Aug 20 09:44:29.940: 00000030: 12 34 fc 96 01 47 ed 5e  d3 8d 08 4e 72 ce 1d b5  .4...G.^...Nr...

*aaaQueueReader: Aug 20 09:44:29.940: 00000040: da 06 06 00 00 00 01 04  06 ac 16 cf 83 05 06 00  ................

*aaaQueueReader: Aug 20 09:44:29.940: 00000050: 00 00 0d 20 0b 42 4c 52  57 4c 43 4f 30 31 3d 06  .....BLRWLCO01=.

*aaaQueueReader: Aug 20 09:44:29.940: 00000060: 00 00 00 13 1a 0c 00 00  37 63 01 06 00 00 00 01  ........7c......

*aaaQueueReader: Aug 20 09:44:29.940: 00000070: 1f 10 31 37 32 2e 32 32  2e 32 30 37 2e 31 35 37  ..172.22.207.157

*aaaQueueReader: Aug 20 09:44:29.940: 00000080: 1e 10 31 37 32 2e 32 32  2e 32 30 37 2e 31 33 31  ..172.22.207.131

*aaaQueueReader: Aug 20 09:44:29.940: 00000090: 50 12 ef 00 53 8b 39 31  14 93 b3 82 1c f5 b5 51  P...S.91.......Q

*aaaQueueReader: Aug 20 09:44:29.940: 000000a0: 82 45                                             .E

*radiusTransportThread: Aug 20 09:44:30.516: 00000000: 02 be 00 1a 0c 8e d4 54  91 55 d6 ae b2 91 05 6e  .......T.U.....n

*radiusTransportThread: Aug 20 09:44:30.516: 00000010: 93 f9 4b 7e 1b 06 00 21  70 70                    ..K~...!pp

*radiusTransportThread: Aug 20 09:44:30.517: ****Enter processIncomingMessages: response code=2

*radiusTransportThread: Aug 20 09:44:30.517: ****Enter processRadiusResponse: response code=2

*radiusTransportThread: Aug 20 09:44:30.517: 00:23:14:ec:3d:38 Access-Accept received from RADIUS server 194.156.169.111 for mobile 00:23:14:ec:3d:38 receiveId = 0

But for wired user below is the output

User IP ADDR - 172.22.207.151

5.338: 00:26:b9:e0:36:a6 Successful transmission of Authentication Packet (id 188) to 194.156.169.111:1812, proxy state 00:26:b9:e0:36:a6-00:01

*aaaQueueReader: Aug 20 09:35:15.338: 00000000: 01 bc 00 a2 2c fe c1 97  a7 d1 25 a0 59 34 89 38  ....,.....%.Y4.8

*aaaQueueReader: Aug 20 09:35:15.338: 00000010: c1 be 59 f3 01 1b 6d 61  68 65 62 6f 6f 62 2e 6b  ..Y...maheboob.k

*aaaQueueReader: Aug 20 09:35:15.338: 00000020: 68 61 6e 40 61 6d 61 64  65 75 73 2e 63 6f 6d 02  han@amadeus.com.

*aaaQueueReader: Aug 20 09:35:15.338: 00000030: 12 37 c7 5c 52 27 41 5b  0d 60 98 70 76 3b b3 ba  .7.\R'A[.`.pv;..

*aaaQueueReader: Aug 20 09:35:15.338: 00000040: f5 06 06 00 00 00 01 04  06 ac 16 cd 74 05 06 00  ............t...

*aaaQueueReader: Aug 20 09:35:15.338: 00000050: 00 00 0d 20 0b 42 4c 52  57 4c 43 4f 30 31 3d 06  .....BLRWLCO01=.

*aaaQueueReader: Aug 20 09:35:15.338: 00000060: 00 00 00 0f 1a 0c 00 00  37 63 01 06 00 00 02 02  ........7c......

*aaaQueueReader: Aug 20 09:35:15.338: 00000070: 1f 10 31 37 32 2e 32 32  2e 32 30 37 2e 31 35 31  ..172.22.207.151

*aaaQueueReader: Aug 20 09:35:15.338: 00000080: 1e 10 31 37 32 2e 32 32  2e 32 30 35 2e 31 31 36  ..172.22.205.116

*aaaQueueReader: Aug 20 09:35:15.338: 00000090: 50 12 36 60 54 47 0b 84  02 5c 0b da 19 a1 05 eb  P.6`TG...\......

*aaaQueueReader: Aug 20 09:35:15.338: 000000a0: af 2b                                             .+

*aaaQueueReader: Aug 20 09:35:17.053: AuthenticationRequest: 0x2ab12b50

Highlighted
Hall of Fame Master

Wired guest lan authentication through NGS

You need to look at the logs.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
Highlighted

Re: Wired guest lan authentication through NGS

Hey Scott,

I did look into the logs in WLC it says that the Radius was not able to authenticate the user and mentioned the laptop's ethernet mac addr and the reason it shows as unknown

Regards

Krishna

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey