Cisco WLC 3504

dimi.kard · ‎12-12-2024

Hello,

I'd like to ask if anyone knows how to enable message-authenticator attribute on Cisco WLC 3503 with 8.5 firmware version.

Thanks

dimi.kard · ‎12-12-2024

Sorry for the typo, is 3504

MHM Cisco World · ‎12-12-2024

I think you can't' so better from that is disable message-auth check in ISE

MHM

dimi.kard · ‎12-12-2024

Hello,

Thanks for the reply, this has to do with the firmware version ? Have you found on Cisco official doc this ?

MHM Cisco World · ‎12-13-2024

But this WLC is old and I dont think Cisco update it ver. Anymore.

So as I mention try disable option in ISE.

MHM

dimi.kard · ‎12-13-2024

Hello,

I've enabled on Cisco ISE cause in one of our sites we have fortinet equipment (fortiswitches,FortiAP) and after upgrading fortinet firewall to 7.2.10 it requires from ISE to have this option enabled otherwise the connection between cisco ISE and Fortinet Firewall breaks. I've enabled it for eap-tls dot1x and everything works fine. Yesterday i've enabled it for mab also and i keep see logs on ISE rejecting MAB only from that specific wlc.

MHM Cisco World · ‎12-13-2024

The solution in ISE'

Make forti use defualt network access

And you config device called it WLC-3000 and edit it allow protocol and disable message-auth

MHM

dimi.kard · ‎12-13-2024

Hello,

Sorry i do not get what you mean above, could you please elaborate more ?

MHM Cisco World · ‎12-13-2024

dimi.kard · ‎12-13-2024

Hello,

Forti is already using default device, i don't get the meaning of your print screen you just show a custom name with all protocols allowed. How is this related to wlc ?

MHM Cisco World · ‎12-13-2024

any device need message-auth will use default network access -> allow protocol with message-auth enable
WLC will use custom network access -> allow protocol with message-auth disable

MHM