Help me on this, please. I use Radius server 172.20.104.253 and .254 port 1812 to authenticate some wireless clients. However, the .254 keep failling, deactivate on port 1813 (this is from the log); resulting some clients can't authenticate. How do I approach this? Why port 1813 fail effect the authentication which is on port 1812 ?
What RADIUS sever are you using? Generally I would make sure that your RADIUS server isn't becomming unavailable either due to network problems or service problems on the RADIUS server itself. When you see these errors on your Wireless Controllers can you confirm whether or not the RADIUS server is available at that time? Also the RADIUS timeout on the WLCs are by default 2 seconds, is it possible the requests are taking longer then 2 seconds to be responded to by that server?
I use Cisco ACS as my radius. For laptops, instead using pre-shared key, I use radius to authenticated the laptop. I create user/password on AD (username is laptop name). On laptop under Intel Proset/Wireless utility, I create a profile with this username. Upon startup, the Proset/Wireless utility authenticates this user this radius server; then gives the laptop wireless connectivity; no pre-shared key needed.
On the WCS event view; radius server is timeout (activated and deactivated) every 2 seconds (like you said; it is default). But is on port 1813 and I config radius server on WCS on port 1812.
My questions are what is ideal timeout on each radius server? and why radius server report timeout on port 1813 instead of 1812?
FYI, I ping -t both of my radius servers. And radius servers are available all the time.
Port 1813 is the RADIUS Accounting port, the accounting servers and authentications servers on the WCS/WLC are configured seperately with a place to put RADIUS shared secrets in both locations. Check your RADIUS Accounting servers and ensure that the correct IP and shared secret are used in that configuration.