Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3704
Views
0
Helpful
1
Replies

AAA Authentication Failure

mbofenkamp
Level 1
Level 1

‎08-04-2011 11:17 AM - edited ‎07-03-2021 08:31 PM

I've set up several local network users (Security > Local Net Users) on the WLC (5508 running 7.0.98.0). Whenever I try to connect with one of these user accounts (I'm testing this out for now), the attempt is unsuccessful and I see an "AAA Authentication Failure for UserName: xxxxxxx User Type: WLAN USER" in the Trap Log. I thought that after trying to authenticate through a RADIUS server, the local user database would be polled and then a user account in that database would be able to authenticate. Am I missing something here? Thanks in advance for any help/advice.

Mike

Labels:
0 Helpful
1 Reply 1

pcroak
Cisco Employee
Cisco Employee

‎08-05-2011 08:11 PM

Hello Michael,

I am assuming that you are talking about web-authentication, and under the WLAN configuration for Security > AAA servers, there is a section for "Authentication Priority for web-auth user".

I'm guessing you have it set to RADIUS and then LOCAL right now based on your description. In this situation, the only time that we will check the local database is if we don't receive a response from the RADIUS server at all. (a failure for an unkown user still counts as a response)

Now, the behavior is a bit different in the other direction. If you have it configured for LOCAL and then RADIUS, if the user does not exist in the local database, the RADIUS server will then be queried.

So if you want both databases to be checked, you likely would want to set it for local first, RADIUS second.

-Patrick Croak

Wireless TAC

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card