cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Please be advised, the GuideMe Wizard is no longer available on the Small Business Support Community. For search capability please use the community search field to find content related to Cisco Small Business documents, videos, and discussions.
498
Views
0
Helpful
2
Replies
Highlighted
Beginner

WAP571 - Users are unable to authenticate on Radius

Hi Guys,

I am currently experiencing an issue with a brand new Cisco WAP571 access point. Below is the errors on the access point, when a users tries to authenticate with their AD credentials via radius:

Apr 4 2019 12:20:57debughostage[23954]station: 40:a3:cc:61:33:75 deauthenticated 
Apr 4 2019 12:20:57infohostapd[23954]STA 40:a3:cc:61:33:75 disassociated from BSSID 00:45:1d:e2:49:00 reason 8: Sending STA is leaving BSS 
Apr 4 2019 12:20:57debughostapd[23954]station: 40:a3:cc:61:33:75 deauthenticated 
Apr 4 2019 12:20:57infohostapd[23954]STA 40:a3:cc:61:33:75 deauthed from BSSID 00:45:1d:e2:49:00 reason 1: Unspecified Reason 
Apr 4 2019 12:20:57infohostapd[23954]Station 40:a3:cc:61:33:75 had an authentication failure, reason 15 
Apr 4 2019 12:20:46infohostapd[23954]STA 40:a3:cc:61:33:75 associated with BSSID 00:45:1d:e2:49:00 
Apr 4 2019 12:20:46infohostapd[23954]Assoc request from 40:a3:cc:61:33:75 BSSID 00:45:1d:e2:49:00 SSID WIFI-ENT 
Apr 4 2019 12:20:46debughostapd[23954]station: 40:a3:cc:61:33:75 deauthenticated 
Apr 4 2019 12:20:46infohostage[23954]STA 40:a3:cc:61:33:75 disassociated from SUBSIDY 00:45:1d:e2:49:00 reason 8: Sending STA is leaving BSS

 

A brief info on the setup of the network:

- the access point is configured at one of our remote sites.

- we have a cisco acs security appliance for tacacs and radius authentication at the head office and a secondary at the recovery site.

- all network devices (switches, routers & firewalls) are accessed via tacacs, therefore communication from the remote site to the acs appliance at the head office is not an issue.

- below is the error message on the acs appliance:

Description:
The Service Selection policy selected the DenyAccess Service

 

Any help would be very appreciated.

 

Everyone's tags (3)
2 REPLIES 2
Cisco Employee

Re: WAP571 - Users are unable to authenticate on Radius

Dear Customer,

 

Radius authentication is a complex process that requires a more in-depth research. I would therefore suggest you to open a service request with us. Please send me as a private message your Cisco ID and the serial number of your access point.

Thanks.

Borislav Atanassov
Cisco Small Business TAC
Beginner

Re: WAP571 - Users are unable to authenticate on Radius

Hi,

 

I will log a TAC call, as soon as we have migrated to ISE. 

 

Many Thanks

 

Duane