cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
754
Views
0
Helpful
0
Replies

WLC integration and User authentication issue

Muhammad Azhar
Level 1
Level 1

Dear All,

 

In my current scenario, i have one controller ( vers 8.0) with couple of AP and is connected on network and user get authenticated by Microsoft Radius Server (NPS).

I am facing issue the domain user are not able to connected WLAN , after trying to connecte WLAN they go in status of limited connection.

While the user who are not part of domain ,can authenticated by domain username and can use network , without any problem.

I check the certificates on domain and non domain machines  , every machine have  valid Certificate from DC.

 

Can any body suggest the possible reason for this issue. Any body suggestion will be appreciated.

 

following are some debug output for AAA.

 

 

(Cisco Controller) >debug aaa events enable

(Cisco Controller) >
(Cisco Controller) >*Dot1x_NW_MsgTask_0: Aug 03 13:19:19.831: 74:e5:0b:af:14:48 Not sending Accounting request (0) for station 74:e5:0b:af:14:48. Accounting disabled for the WLAN
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.786: 2c:d0:5a:fc:c7:e9 Audit Session ID added to the mscb: c0a8c8320000079255bf5195
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.787: Creating audit session ID (dot1x_aaa_eapresp_supp) and Radius Request
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.787: Creating acct session ID (dot1x_aaa_eapresp_supp) and Radius Request
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.787:  dot1x_aaa_eapresp_supp: sending MDNS request to ISE
*aaaQueueReader: Aug 03 15:33:41.787: Found a server : 192.168.1.10 from the WLAN server list of radius server index 1
*aaaQueueReader: Aug 03 15:33:41.787: Putting the quth request in qid 1, srv=index 0


*aaaQueueReader: Aug 03 15:33:41.787: 2c:d0:5a:fc:c7:e9 Sending the packet to v4 host 192.168.1.10:1812
*aaaQueueReader: Aug 03 15:33:41.787: 2c:d0:5a:fc:c7:e9 Successful transmission of Authentication Packet (id 0) to 192.168.1.10:1812 from server queue 1, proxy state 2c:d0:5a:fc:c7:e9-03:00
*radiusTransportThread: Aug 03 15:33:41.790: 1.client sockfd 26 is set. process the msg
*radiusTransportThread: Aug 03 15:33:41.790: 2c:d0:5a:fc:c7:e9 Access-Challenge received from RADIUS server 192.168.1.10 for mobile 2c:d0:5a:fc:c7:e9 receiveId = 3
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.795:  dot1x_aaa_eapresp_supp: sending MDNS request to ISE
*aaaQueueReader: Aug 03 15:33:41.796: Found a server : 192.168.1.10 from the WLAN server list of radius server index 1
*aaaQueueReader: Aug 03 15:33:41.796: Putting the quth request in qid 1, srv=index 0


*aaaQueueReader: Aug 03 15:33:41.796: 2c:d0:5a:fc:c7:e9 Sending the packet to v4 host 192.168.1.10:1812
*aaaQueueReader: Aug 03 15:33:41.796: 2c:d0:5a:fc:c7:e9 Successful transmission of Authentication Packet (id 1) to 192.168.1.10:1812 from server queue 1, proxy state 2c:d0:5a:fc:c7:e9-03:01
*radiusTransportThread: Aug 03 15:33:41.797: 1.client sockfd 26 is set. process the msg
*radiusTransportThread: Aug 03 15:33:41.797: 2c:d0:5a:fc:c7:e9 Access-Challenge received from RADIUS server 192.168.1.10 for mobile 2c:d0:5a:fc:c7:e9 receiveId = 3
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.803:  dot1x_aaa_eapresp_supp: sending MDNS request to ISE
*aaaQueueReader: Aug 03 15:33:41.803: Found a server : 192.168.1.10 from the WLAN server list of radius server index 1
*aaaQueueReader: Aug 03 15:33:41.803: Putting the quth request in qid 1, srv=index 0


*aaaQueueReader: Aug 03 15:33:41.803: 2c:d0:5a:fc:c7:e9 Sending the packet to v4 host 192.168.1.10:1812
*aaaQueueReader: Aug 03 15:33:41.803: 2c:d0:5a:fc:c7:e9 Successful transmission of Authentication Packet (id 2) to 192.168.1.10:1812 from server queue 1, proxy state 2c:d0:5a:fc:c7:e9-03:02
*radiusTransportThread: Aug 03 15:33:41.808: 1.client sockfd 26 is set. process the msg
*radiusTransportThread: Aug 03 15:33:41.808: 2c:d0:5a:fc:c7:e9 Access-Challenge received from RADIUS server 192.168.1.10 for mobile 2c:d0:5a:fc:c7:e9 receiveId = 3
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.815:  dot1x_aaa_eapresp_supp: sending MDNS request to ISE
*aaaQueueReader: Aug 03 15:33:41.815: Found a server : 192.168.1.10 from the WLAN server list of radius server index 1
*aaaQueueReader: Aug 03 15:33:41.815: Putting the quth request in qid 1, srv=index 0


*aaaQueueReader: Aug 03 15:33:41.815: 2c:d0:5a:fc:c7:e9 Sending the packet to v4 host 192.168.1.10:1812
*aaaQueueReader: Aug 03 15:33:41.815: 2c:d0:5a:fc:c7:e9 Successful transmission of Authentication Packet (id 3) to 192.168.1.10:1812 from server queue 1, proxy state 2c:d0:5a:fc:c7:e9-03:03
*radiusTransportThread: Aug 03 15:33:41.816: 1.client sockfd 26 is set. process the msg
*radiusTransportThread: Aug 03 15:33:41.816: 2c:d0:5a:fc:c7:e9 Access-Challenge received from RADIUS server 192.168.1.10 for mobile 2c:d0:5a:fc:c7:e9 receiveId = 3
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.821:  dot1x_aaa_eapresp_supp: sending MDNS request to ISE
*aaaQueueReader: Aug 03 15:33:41.821: Found a server : 192.168.1.10 from the WLAN server list of radius server index 1
*aaaQueueReader: Aug 03 15:33:41.821: Putting the quth request in qid 1, srv=index 0


*aaaQueueReader: Aug 03 15:33:41.821: 2c:d0:5a:fc:c7:e9 Sending the packet to v4 host 192.168.1.10:1812
*aaaQueueReader: Aug 03 15:33:41.821: 2c:d0:5a:fc:c7:e9 Successful transmission of Authentication Packet (id 4) to 192.168.1.10:1812 from server queue 1, proxy state 2c:d0:5a:fc:c7:e9-03:04
*radiusTransportThread: Aug 03 15:33:41.822: 1.client sockfd 26 is set. process the msg
*radiusTransportThread: Aug 03 15:33:41.822: 2c:d0:5a:fc:c7:e9 Access-Challenge received from RADIUS server 192.168.1.10 for mobile 2c:d0:5a:fc:c7:e9 receiveId = 3
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.826:  dot1x_aaa_eapresp_supp: sending MDNS request to ISE
*aaaQueueReader: Aug 03 15:33:41.826: Found a server : 192.168.1.10 from the WLAN server list of radius server index 1
*aaaQueueReader: Aug 03 15:33:41.827: Putting the quth request in qid 1, srv=index 0


*aaaQueueReader: Aug 03 15:33:41.827: 2c:d0:5a:fc:c7:e9 Sending the packet to v4 host 192.168.1.10:1812
*aaaQueueReader: Aug 03 15:33:41.827: 2c:d0:5a:fc:c7:e9 Successful transmission of Authentication Packet (id 5) to 192.168.1.10:1812 from server queue 1, proxy state 2c:d0:5a:fc:c7:e9-03:05
*radiusTransportThread: Aug 03 15:33:41.830: 1.client sockfd 26 is set. process the msg
*radiusTransportThread: Aug 03 15:33:41.830: 2c:d0:5a:fc:c7:e9 Access-Challenge received from RADIUS server 192.168.1.10 for mobile 2c:d0:5a:fc:c7:e9 receiveId = 3
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.834:  dot1x_aaa_eapresp_supp: sending MDNS request to ISE
*aaaQueueReader: Aug 03 15:33:41.834: Found a server : 192.168.1.10 from the WLAN server list of radius server index 1
*aaaQueueReader: Aug 03 15:33:41.834: Putting the quth request in qid 1, srv=index 0


*aaaQueueReader: Aug 03 15:33:41.834: 2c:d0:5a:fc:c7:e9 Sending the packet to v4 host 192.168.1.10:1812
*aaaQueueReader: Aug 03 15:33:41.834: 2c:d0:5a:fc:c7:e9 Successful transmission of Authentication Packet (id 6) to 192.168.1.10:1812 from server queue 1, proxy state 2c:d0:5a:fc:c7:e9-03:06
*radiusTransportThread: Aug 03 15:33:41.835: 1.client sockfd 26 is set. process the msg
*radiusTransportThread: Aug 03 15:33:41.835: 2c:d0:5a:fc:c7:e9 Access-Challenge received from RADIUS server 192.168.1.10 for mobile 2c:d0:5a:fc:c7:e9 receiveId = 3
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.892:  dot1x_aaa_eapresp_supp: sending MDNS request to ISE
*aaaQueueReader: Aug 03 15:33:41.892: Found a server : 192.168.1.10 from the WLAN server list of radius server index 1
*aaaQueueReader: Aug 03 15:33:41.892: Putting the quth request in qid 1, srv=index 0


*aaaQueueReader: Aug 03 15:33:41.892: 2c:d0:5a:fc:c7:e9 Sending the packet to v4 host 192.168.1.10:1812
*aaaQueueReader: Aug 03 15:33:41.892: 2c:d0:5a:fc:c7:e9 Successful transmission of Authentication Packet (id 7) to 192.168.1.10:1812 from server queue 1, proxy state 2c:d0:5a:fc:c7:e9-03:07
*radiusTransportThread: Aug 03 15:33:41.894: 1.client sockfd 26 is set. process the msg
*radiusTransportThread: Aug 03 15:33:41.894: 2c:d0:5a:fc:c7:e9 Access-Challenge received from RADIUS server 192.168.1.10 for mobile 2c:d0:5a:fc:c7:e9 receiveId = 3
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.900:  dot1x_aaa_eapresp_supp: sending MDNS request to ISE
*aaaQueueReader: Aug 03 15:33:41.900: Found a server : 192.168.1.10 from the WLAN server list of radius server index 1
*aaaQueueReader: Aug 03 15:33:41.900: Putting the quth request in qid 1, srv=index 0


*aaaQueueReader: Aug 03 15:33:41.900: 2c:d0:5a:fc:c7:e9 Sending the packet to v4 host 192.168.1.10:1812
*aaaQueueReader: Aug 03 15:33:41.900: 2c:d0:5a:fc:c7:e9 Successful transmission of Authentication Packet (id to 192.168.1.10:1812 from server queue 1, proxy state 2c:d0:5a:fc:c7:e9-03:08
*radiusTransportThread: Aug 03 15:33:41.902: 1.client sockfd 26 is set. process the msg
*radiusTransportThread: Aug 03 15:33:41.902: 2c:d0:5a:fc:c7:e9 Access-Challenge received from RADIUS server 192.168.1.10 for mobile 2c:d0:5a:fc:c7:e9 receiveId = 3
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.912:  dot1x_aaa_eapresp_supp: sending MDNS request to ISE
*aaaQueueReader: Aug 03 15:33:41.913: Found a server : 192.168.1.10 from the WLAN server list of radius server index 1
*aaaQueueReader: Aug 03 15:33:41.913: Putting the quth request in qid 1, srv=index 0


*aaaQueueReader: Aug 03 15:33:41.913: 2c:d0:5a:fc:c7:e9 Sending the packet to v4 host 192.168.1.10:1812
*aaaQueueReader: Aug 03 15:33:41.913: 2c:d0:5a:fc:c7:e9 Successful transmission of Authentication Packet (id 9) to 192.168.1.10:1812 from server queue 1, proxy state 2c:d0:5a:fc:c7:e9-03:09
*radiusTransportThread: Aug 03 15:33:41.915: 1.client sockfd 26 is set. process the msg
*radiusTransportThread: Aug 03 15:33:41.915: 2c:d0:5a:fc:c7:e9 Access-Accept received from RADIUS server 192.168.1.10 for mobile 2c:d0:5a:fc:c7:e9 receiveId = 3
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.915: 2c:d0:5a:fc:c7:e9 Applying new AAA override for station 2c:d0:5a:fc:c7:e9
*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.915: 2c:d0:5a:fc:c7:e9 Override values for station 2c:d0:5a:fc:c7:e9
                                                                                                                source: 4, valid bits: 0x0
        qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1

*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.915: 2c:d0:5a:fc:c7:e9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
                                                                                                                                                vlanIfName: '', vlanId:0, aclName: ', ipv6AclName: , avcProfileName: '

*Dot1x_NW_MsgTask_1: Aug 03 15:33:41.916: 2c:d0:5a:fc:c7:e9 Unable to apply override policy for station 2c:d0:5a:fc:c7:e9 - VapAllowRadiusOverride is FALSE.
*dtlArpTask: Aug 03 15:33:41.978: 2c:d0:5a:fc:c7:e9 Not sending Accounting request (0) for station 2c:d0:5a:fc:c7:e9. Accounting disabled for the WLAN
*DHCP Proxy Task: Aug 03 15:33:42.161: 2c:d0:5a:fc:c7:e9 Not sending Accounting request (0) for station 2c:d0:5a:fc:c7:e9. Accounting disabled for the WLAN

 

 

 

 

 

 

 

 

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: