In this Document we will some quick Tips for Troubleshooting Wireless Authentication with ACS.
Go to ACS > Monitoring and Reports, and click Launch Monitoring & Report Viewer.
A separate ACS window will open. Click Dashboard.
In the My Favorite Reports section, click Authentications – RADIUS – Today.
A log will show all RADIUS authentications as either Pass or Fail. Within a logged entry, click on the magnifying glass icon in the Details column.
The RADIUS Authentication Detail will provide much information about the logged attempts.
ACS Service Hit Count can provide an overview of attempts matching the rule(s) created in ACS. Go to ACS > Access Policies > Access Services, and click Service Selection Rules.
Quick TIPS for Troubleshooting PEAP Authentication Fails with ACS Server
When your client fails PEAP authentication with an ACS server, check if you find the NAS duplicated authentication attempterror message in the Failed attempts option under the Report and Activity menu of the ACS.
You might receive this error message when Microsoft Windows XP SP2 is installed on the client machine and Windows XP SP2 authenticates against a third party server other than a Microsoft IAS server. In particular, Cisco RADIUS server (ACS) uses a different method to calculate the Extensible Authentication Protocol Type:Length:Value format (EAP-TLV) ID than the method Windows XP uses. Microsoft has identified this as a defect in the XP SP2 supplicant.
For a Hotfix, contact Microsoft and refer to the article PEAP authentication is not successful when you connect to a third-party RADIUS server. The underlying issue is that on the client side, with windows utility, the Fast Reconnect option is disabled for PEAP by default. However, this option is enabled by default on the server side (ACS). In order to resolve this issue, uncheck the Fast Reconnect option on the ACS server (under Global System Options). Alternatively, you can enable the Fast Reconnect option on the client side to resolve the issue.
Perorm these steps in order to enable Fast Reconnect on the client that runs Windows XP using Windows Utility:-
Go to Start > Settings > Control Panel.
Double-click the Network Connections icon.
Right-click the Wireless Network Connection icon, and then click Properties.
Click the Wireless Networks tab.
Choose the Use Windows to configure my wireless network settings option in order to enable windows to configure the client adapter.
If you have already configured an SSID, choose the SSID and click Properties. If not, click New in order to add a new WLAN.
Enter the SSID under the Association tab. Make sure that Network Authentication is Open and Data Encryption is set toWEP.
Choose the Enable IEEE 802.1x authentication for this network option.
Choose PEAP as the EAP Type, and click Properties.
Choose the Enable Fast Reconnect option at the bottom of the page.
HiWe have a dna Space installation, and the get the data previously from CMX, and now through SPace connector, so a part of our maps, is in a sub folder Companylocation1location2from CMX location ...
It seems that a new feature called 'Easy PSK' is supported as of WLC version 17.5. Looking at the description in the documentation, this is something that could potentially be interesting for our environment. The documentation about the specifics on the w...
I have a 5508 WLC which is in HA. The current show boot gives below output(anhv4-01sr-wlc-02) >show bootPrimary Boot Image............................... 18.104.22.168Backup Boot Image................................ 22.214.171.124 (default) (active)My question...
Hello, I have been able to add a MAC address to the disabled client list in my WLC. I was able to do this under Configuration -> Security -> AAA -> Disabled Client. I have tested this and it does provide the desired results however, now...
This post is only to remind you all that Cisco has unsupported TDWR channels (120, 124 and 128) from ETSI domain for newest Catalyst 9100 series access points (https://www.cisco.com/c/dam/en/us/products/collateral/wireless/access-points/sales-tool-c96-744...