- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2019 02:34 PM - edited 07-05-2021 10:43 AM
Hi All,
currently iam working on a migration of Cisco wlc 2504 to 3504.
we are using radius authentication with windows NPS to authenticate clients. when i am trying to connect the SSID, computer prompt me to enter the user name and password. once i enter credential it show the certificate in which the thumb print is same as my server certificate used for NPS. once i connect, getting ip address through dhcp and client shows connected. NPS server log shows authentication granted access logs and.i can see the connected client in the wlc.
the issue is wlc generated SNMP trap as, AAA Authentication Failure for Client MAC: 00:24:d7:96:8c:38 UserName:test User Type: WLAN USER Reason: Authentication failed in the controller.
authentication succeeded and client got the ip address through dhcp and shows connected, still WLC showing authentication failure traps.
wlc model: cisco wlc 3504
software version: 8.5.131.0
access point model: cisco 1532e outdoor
what could be the possible issues?
attached screen shots
Solved! Go to Solution.
- Labels:
-
Wireless LAN Controller
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2019 07:34 AM
Or do you mean the last line of the screenshot?
Have you added the new WLC IP (assuming it's not using the same addresses as the old one) as a Radius Client on NPS?
What is written in the Event Viewer under Security when you try to authenticate?
Which software version is running on the new WLC?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2019 09:10 PM
I don't have any 3504 right now but can you share your ssid please or can you validate you have the exact same config between old and new wlc?
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2019 09:54 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2019 08:34 AM
While authenticating, can you a run a debug on your WLC?
Thanks
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2019 07:34 AM
Or do you mean the last line of the screenshot?
Have you added the new WLC IP (assuming it's not using the same addresses as the old one) as a Radius Client on NPS?
What is written in the Event Viewer under Security when you try to authenticate?
Which software version is running on the new WLC?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2019 11:46 AM
Hi All,
contacted cisco TAC and they concluded that when iam trying from my pc which is under my company domain, the first time NPS denied access to the client the first time it is using my own username to authenticate, after 9 seconds the event viewer shows NPS granted access to the client by using the provided username and password.
Tried with mobile and another workstation which is under workgroup no errors were there in WLC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2019 11:47 AM
Hi All,
Contacted Cisco TAC and they concluded that when iam trying from my pc which is under my company domain, the first time NPS denied access to the client the first time it is using my own username to authenticate, after 9 seconds the event viewer shows NPS granted access to the client by using the provided username and password.
Tried with mobile and another workstation which is under work group no errors were there in WLC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2019 12:32 PM
