Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
3
Replies

Access Point to ACS Authentication

dopenfield
Level 1
Level 1

‎03-24-2003 01:28 PM - edited ‎07-04-2021 08:35 AM

Attempting to setup wireless users to authenticate through new ACS 3.1 server. With our test user we are getting an error message in the 'Failed Attempts Log' that we can't find and explanation for to see what it means.

In the Authentication Failure code field...

Radius Extension DLL rejected user

Any pointer towards an explanation for this message would be appreciated!

We do see the MAC of the 350 card in the Username and Caller-ID fields.

Labels:
0 Helpful
3 Replies 3

ndoshi
Cisco Employee
Cisco Employee

‎03-24-2003 05:53 PM

Radius Extention DLL rejected means radius is not able to authenticate the

users

a) Turn on debugging on ACS and generate package.cab file for more troubleshooting .

b) Make sure there is ip connectivity between ACS and AP . Can you ping AP from the ACS ?

c) Make sure you have defined AP as NAS client on the ACS and also make

sure SHARED SECRET is correct on AP and on ACS .

d) Make sure you are using right ports , 1645 or 1812 .....

e) Make sure user is created and entering the right passowrd .

f) If you are not using local database and using some external database

check the connectivity with external database and try local user first

g) On Ap you can turn on the command like

eap_diag1_on:

eap_diag2_on:

to make it off use

eap_diag1_off and eap_diag2_off

this is only in case of AP350 and Ap1200 .

h) when you put AP as nas client on ACS select correct radius type - Cisco Aironet

Nilesh

0 Helpful

dopenfield
Level 1
Level 1
In response to ndoshi

‎03-25-2003 06:03 AM

Thanks, we'll give those a try....

A followup, We don't find the Add Access Server under ACS Network Configuration as the doco says we should. We've got Add a Client, Add an AAA server, and Proxy Distribution Table.

0 Helpful

japox
Level 1
Level 1
In response to ndoshi

‎09-17-2003 06:54 AM

Dear Noshi,

I’m trying to configure a Cisco AP340 11.07 authenticating users using EAP protocol onto our ACS 3.0 to a W2K domain external database. I had checked all the points that you mention that can be applied to my case, but I still get the same error “Radius Extension DLL rejected”. I can use an account in the Local ACS’s DB or from the domain, the ACS recognises even the group the user is in, but still gives me this error.

From what I had read, the versions of AP and ACS should work. Any ideas or suggestions?

Many Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card