cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
836
Views
0
Helpful
2
Replies
Highlighted
Beginner

WAP571 - Users are unable to authenticate on Radius

Hi Guys,

I am currently experiencing an issue with a brand new Cisco WAP571 access point. Below is the errors on the access point, when a users tries to authenticate with their AD credentials via radius:

Apr 4 2019 12:20:57debughostage[23954]station: 40:a3:cc:61:33:75 deauthenticated 
Apr 4 2019 12:20:57infohostapd[23954]STA 40:a3:cc:61:33:75 disassociated from BSSID 00:45:1d:e2:49:00 reason 8: Sending STA is leaving BSS 
Apr 4 2019 12:20:57debughostapd[23954]station: 40:a3:cc:61:33:75 deauthenticated 
Apr 4 2019 12:20:57infohostapd[23954]STA 40:a3:cc:61:33:75 deauthed from BSSID 00:45:1d:e2:49:00 reason 1: Unspecified Reason 
Apr 4 2019 12:20:57infohostapd[23954]Station 40:a3:cc:61:33:75 had an authentication failure, reason 15 
Apr 4 2019 12:20:46infohostapd[23954]STA 40:a3:cc:61:33:75 associated with BSSID 00:45:1d:e2:49:00 
Apr 4 2019 12:20:46infohostapd[23954]Assoc request from 40:a3:cc:61:33:75 BSSID 00:45:1d:e2:49:00 SSID WIFI-ENT 
Apr 4 2019 12:20:46debughostapd[23954]station: 40:a3:cc:61:33:75 deauthenticated 
Apr 4 2019 12:20:46infohostage[23954]STA 40:a3:cc:61:33:75 disassociated from SUBSIDY 00:45:1d:e2:49:00 reason 8: Sending STA is leaving BSS

 

A brief info on the setup of the network:

- the access point is configured at one of our remote sites.

- we have a cisco acs security appliance for tacacs and radius authentication at the head office and a secondary at the recovery site.

- all network devices (switches, routers & firewalls) are accessed via tacacs, therefore communication from the remote site to the acs appliance at the head office is not an issue.

- below is the error message on the acs appliance:

Description:
The Service Selection policy selected the DenyAccess Service

 

Any help would be very appreciated.

 

2 REPLIES 2
Highlighted
Cisco Employee

Dear Customer,

 

Radius authentication is a complex process that requires a more in-depth research. I would therefore suggest you to open a service request with us. Please send me as a private message your Cisco ID and the serial number of your access point.

Thanks.

Borislav Atanassov
Cisco Small Business TAC
Highlighted

Hi,

 

I will log a TAC call, as soon as we have migrated to ISE. 

 

Many Thanks

 

Duane