Solved: ap 9115 log

heyjunsun · ‎01-30-2024

hello

I have a question about the ap log.

I'm trying to complete the ap set and connect, but this log has occurred and I can't connect.

log

"wncd:Authentication failed for client (f0f5.6444.93d8) with reason (AAA Server Down) on Interface capwap_90000003 AuditSessionID E70613AC00000016116C0DD1 *MAR 24 11:21:46.851 KST: %SESSION_MGR-5-FAIL: Chassis 1 R0/0: wncd: Authorization failed or unapplied for client (f0f5.6444.93d8) on interface capwap_90000003 AuditSessionID E76013AC00000016116C0DD1. Failure resaon: Authc fail. Authc Failure reasion:AAA Server Down."

What does this mean and what do I have to do to solve it?

jagan.chowdam · ‎01-31-2024

Failure resaon: Authc fail. Authc Failure reasion:AAA Server Down

Can you ping your AAA server from WLC?

This is a good blogpost to follow to configure 802.1x on 9800 WLC. https://lihaifeng.net/?p=699

You can also get "show tech wireless" output and get it analyzed by https://cway.cisco.com/tools/WirelessAnalyzer/ to check any configure errors.

Jagan Chowdam

/**Please rate helpful responses**/

View solution in original post

marce1000 · ‎01-30-2024

- What authorization schemes are you using for APs to be allowed on the controller ? Is the specific AP allowed in those ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

heyjunsun · ‎01-31-2024

Process authentication with the Redius server

example

"radius server 000.000.000.000

address ipv4 000.000.000.000 auth-port 1645 acct-prot 1646

key 7 00000000000000000000000000000 "

Is that the answer you wanted?

MHM Cisco World · ‎01-31-2024

This AP is autonomous not control via WLC ?

MHM

jagan.chowdam · ‎01-31-2024

Failure resaon: Authc fail. Authc Failure reasion:AAA Server Down

Can you ping your AAA server from WLC?

This is a good blogpost to follow to configure 802.1x on 9800 WLC. https://lihaifeng.net/?p=699

You can also get "show tech wireless" output and get it analyzed by https://cway.cisco.com/tools/WirelessAnalyzer/ to check any configure errors.

Jagan Chowdam

/**Please rate helpful responses**/

Rich R · ‎01-31-2024

Simply put that means the WLC could not contact your radius server. Possible reasons:
- Incorrect routing
- Wrong shared key
- Wrong ports - some radius run on 1812/1813 and some on 1645/1646
- Firewall/ACL blocking connection to radius
Check "show aaa servers" and use debug aaa to work out what the problem is. Use packet capture on the WLC and on the radius server to confirm that radius packets are getting sent and received in both directions.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Rich R · ‎02-01-2024

So what was the problem you found then @heyjunsun ?
If you share your solution here it may help other people with the same problem.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

heyjunsun · ‎02-01-2024

https://lihaifeng.net/?p=699

The items in this link are in order.