05-07-2013 01:52 AM - edited 07-04-2021 12:02 AM
Hi,
I'm a trainee in Network and Telecommunication, and I have to do a "model" with a controller, an AP, and a RADIUS server.
Communication and configuration of the lightweight AP has been done.
I use an autonomous access point 1220 as the RADIUS server (no considering it as an AP), and I'm a beginner in RADIUS configuration. I get a "Processing AAA Error 'No Server' (-7) for mobile 00:24:d6:8f:2c:7e" when I launch a debug targetting my PC, connecting to the LAP.
Precursory :
10.137.125.71 is the IP address of the ap1220, working as the RADIUS server
10.137.125.15 is the IP address of the controller.
00:24:d6:8f:2c:7e is the MAC address of my PC, connecting to the Wi-Fi.
ping works to the RADIUS, to the controller. Each devices are connected by a layer 3 Switch, and ping each others.
The Wi-Fi works when I don't use 802.1X (or when I don't use RADIUS authentication at all)
What I did on the RADIUS server (ap1220 autonomous) :
aaa new-model
radius-server local
nas 10.137.125.15 key password
user test password
user user1 password
AP#show radius local-server statistics
Successes : 0 Unknown usernames : 0
Client blocks : 0 Invalid passwords : 0
Unknown NAS : 0 Invalid packet from NAS: 0
NAS : 10.137.125.71 (Pre-configured, it's not used actually)
Successes : 0 Unknown usernames : 0
Client blocks : 0 Invalid passwords : 0
Corrupted packet : 0 Unknown RADIUS message : 0
No username attribute : 0 Missing auth attribute : 0
Shared key mismatch : 0 Invalid state attribute: 0
Unknown EAP message : 0 Unknown EAP auth type : 0
NAS : 10.137.125.15
Successes : 0 Unknown usernames : 0
Client blocks : 0 Invalid passwords : 0
Corrupted packet : 0 Unknown RADIUS message : 0
No username attribute : 0 Missing auth attribute : 0
Shared key mismatch : 0 Invalid state attribute: 0
Unknown EAP message : 0 Unknown EAP auth type : 0
Username Successes Failures Blocks
test 0 0 0
user1 0 0 0
My WLAN2 configuration, on the controller : (I kept what I thought the more important)
Controller > show wlan 2
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
The debug on the controller : (I kept one more time what I thought the more important)
*May 02 23:02:20.394: 00:24:d6:8f:2c:7e Processing AAA Error 'No Server' (-7) for mobile 00:24:d6:8f:2c:7e
*May 02 23:02:20.395: 00:24:d6:8f:2c:7e Sent Deauthenticate to mobile on BSSID 00:1a:e3:5e:5e:a0 slot 1(caller 1x_auth_pae.c:1276)
I trimmed debug and show wlan, so my post is lighter. I let you the complete version in attached file.
I'm french and my english is not perfect. Thanks to correct me courteously, so I can progress.
Thanks for your support.
Solved! Go to Solution.
05-07-2013 05:27 AM
Well.... you can't use an autonomous AP as a radius for a WLC.... You would need to use a radius server or use local EAP on the WLC.
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
05-07-2013 04:59 AM
What equipment do you have? Here is a doc that shows how to setup a WLC to a Microsoft NPS radius server to authenticate using PEAP.
http://www.room641.com/2012/07/wpa-enterprise-peap-on-cisco-wlc-with-nps/
Sent from Cisco Technical Support iPhone App
05-07-2013 05:17 AM
Hi Scott, and thanks for your help.
Actually, I have to set up the local RADIUS server on the autonomous access point 1220. If you have some idea of anything I could have miss or something...
Maybe it would be easier if I use a Microsoft NPS RADIUS server. I will ask my master course.
05-07-2013 05:27 AM
Well.... you can't use an autonomous AP as a radius for a WLC.... You would need to use a radius server or use local EAP on the WLC.
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
05-07-2013 05:52 AM
Oh, I didn't know. So local RADIUS server on an AP is only for other APs ?
I will try with a Microsoft NPS.
Thanks.
05-07-2013 06:23 AM
Using a true radius server gives you sooooo much more flexability on who can and can't connect and even apply days and time policies.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide