Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1266
Views
0
Helpful
3
Replies

Access point is not trying to authenticate via dot1x credentials.

Go to solution
joeharb
Level 5
Level 5

‎06-03-2022 08:39 AM

Once our AP's authenticate with ISE the interface inherits a template that allows for multiple clients and the proper vlans to be trunked to the AP.  We have one AP that after a power outage is not even attempting to authenticate.  I have factory reset it and added it back to the WLC and it is now in the same AP group as others in the location, but nothing.  I have enabled ssh but can't haven't been able to see if the dot1x credentials are even present on the device.  Can someone possibly point me in verifying that the config on the AP is correct?  Cisco 3802 running 17.6.1.13, credentials are put in via the AP Join group and authenticated via ISE.

 

Any suggestions would be appreciated,

 

Joe

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
joeharb
Level 5
Level 5

‎06-06-2022 07:35 AM

The only thing I saw after putting in the debugging commands were the following:

 

Jun 6 13:46:44.627: %SESSION_MGR-5-FAIL:Switch 1 R0/0: smd: Authorization failed or unapplied for client (F4DB.E62F.1360) on Interface GigabitEthernet1/0/4 AuditSessionID 0A2300080000010339445E78

 

I thought at one time I did see authentication requests in ISE but didn't see anything this morning but I did see other entries from the same switch.  I defaulted the interface config and applied it back to the interface, shut no shut the port and now it is working.

 

I see good authentication in ISE and the template is applied to the interface.

 

Thanks all,

 

Joe

View solution in original post

0 Helpful
3 Replies 3

Go to solution
MHM Cisco World
VIP
VIP

‎06-03-2022 09:14 AM

You use radius for auth ap, 

Are you sure that ap certificate is allow by wlc ?

0 Helpful

Go to solution
ammahend
VIP Alumni
VIP Alumni

‎06-03-2022 03:06 PM - edited ‎06-03-2022 03:07 PM

We have one AP that after a power outage is not even attempting to authenticate.

 

How do you know this, are you not seeing anything in live logs on ISE ?
You can start with debug on the switch were AP is connected, provided AP is registered on controller and is in right AP group. Bounce the port to trigger dot1x

 

debug dot1x all
debug authentication all
debug radius 
debug aaa authentication

-hope this helps-
0 Helpful

Go to solution
joeharb
Level 5
Level 5

‎06-06-2022 07:35 AM

The only thing I saw after putting in the debugging commands were the following:

 

Jun 6 13:46:44.627: %SESSION_MGR-5-FAIL:Switch 1 R0/0: smd: Authorization failed or unapplied for client (F4DB.E62F.1360) on Interface GigabitEthernet1/0/4 AuditSessionID 0A2300080000010339445E78

 

I thought at one time I did see authentication requests in ISE but didn't see anything this morning but I did see other entries from the same switch.  I defaulted the interface config and applied it back to the interface, shut no shut the port and now it is working.

 

I see good authentication in ISE and the template is applied to the interface.

 

Thanks all,

 

Joe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card