Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
243
Views
0
Helpful
4
Replies

Dot1.X Authentication Failed on Cisco 3504 WLC.

dinesh-sekar2
Level 1
Level 1

‎06-06-2024 08:07 PM

HI All,

  Dot1.X Authentication Failed on Cisco 3504 WLC. User are authenticated by certificate base. There is firewall between Cisco WLC and Radius server. when we try to do packed capture on the firewall getting below error.

"Access-Request

Access-Challenge

Fragmented IP protocol". 

please find the WLC logs in the below.

*radiusTransportThread: Jun 06 17:20:52.493: %AAA-3-INVALID_REQUEST: [PA]radius_db.c:3923 Invalid AAA request. unknown
*radiusTransportThread: Jun 06 17:20:52.493: %AAA-4-RADIUS_RESPONSE_FAILED: [PA]radius_db.c:658 RADIUS server XXXXXX:1812 failed to respond to request(ID 214) for STA XXXX / user 'XXXX'
*sisfSwitcherTask: Jun 06 17:20:50.917: %SISF-6-ENTRY_CREATED: [PA]sisf_shim_utils.c:485 Entry created A=fe80::c6b:2f5a:f576:d548 V=70 I=wired:1 P=0000 M=
*Dot1x_NW_MsgTask_4: Jun 06 17:20:39.118: %DOT1X-3-ABORT_AUTH: [PA]1x_bauth_sm.c:487 Authentication Aborted for client XXXX Abort Reason:DOT1X RESTARTED DUE TO EAPOL-START/CLIENT ROAM
*radiusTransportThread: Jun 06 17:20:28.517: %AAA-3-INVALID_REQUEST: [PA]radius_db.c:3923 Invalid AAA request. unknown
*radiusTransportThread: Jun 06 17:20:28.517: %AAA-4-RADIUS_RESPONSE_FAILED: [PA]radius_db.c:658 RADIUS server 10.245.64.196:1812 failed to respond to request(ID 208) for STA XXXX / user 'XXXXX'
*dot1xMsgTask: Jun 06 17:20:23.204: %DOT1X-3-WPA_SEND_STATE_ERR: [PA]1x_kxsm.c:1736 Unable to send EAPOL-key msg - invalid WPA state (0) - client [XXXXX]
 

 

Labels:
0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎06-06-2024 11:23 PM

 

      >...RADIUS server XXXXXX:1812 failed to respond to request(ID 214) for STA XXXX / user 'XXXX'
               -                                          Check logs on the radius server , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎06-07-2024 12:02 AM - edited ‎06-07-2024 12:02 AM

what Radius Server you using , what code WLC running, what AP models ?

check verification between WLC and Radius you have access :

https://mrncciew.com/2013/04/21/configuring-radius-on-wlc/

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/212473-verify-radius-server-connectivity-with-t.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

dinesh-sekar2
Level 1
Level 1
In response to balaji.bandi

‎06-07-2024 12:15 AM

Radius Server : Windows server

WLC Code: 8.10.142

AP Models : C9120AXI, AIR-AP2802I

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to dinesh-sekar2

‎06-07-2024 09:01 AM

check verification between WLC and Radius you have access

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card