12-11-2023 07:29 AM
Hi Team,
We are trying to create new SSID on WLC 2504- name Test WLAN over new WLAN interface using VLAN 2. It is having [WPA2][AUTH (802.1X)] using Radius server as NPS. When user are trying to connect this new SSID, Authentication getting failed.
thanks
Mak
12-11-2023 07:33 AM
From the screenshot you provided , the SSID is not enabled , so enable it and it will work.
12-11-2023 01:58 PM
No, it is temporarily disabled
12-11-2023 07:33 AM
I see that SSId not enabled as per the screenshot
what is the Error user getting, what Logs you see on NPS Wifi ?
is there any other SSID working same NPS Server ?
Do you debug on WLC with MAC address see what is wrong ( also post the logs here ?)
12-11-2023 02:03 PM
Yes, we do have other SSID working same NPS Server, it is vlan 1 on swich and as untagged vlan on WLC.
We running out of DHCP scope for that existing vlan 1 hence we are creating new SSID with new VLAN 2
12-11-2023 02:16 PM - edited 12-11-2023 02:18 PM
Running out of DHCP, you can implement interface groups so that your one SSID can utilize the existing and a new interface.
Take a look at this link for reference:
https://mrncciew.com/2013/02/27/configuring-dynamic-interfaces-on-wlc/
12-11-2023 02:31 PM
debugs log
*radiusTransportThread: Nov 16 13:00:13.826: d4:3b:04:31:d3:f5 Max servers (tried 1) retransmission of Access-Request (id 237) to 192.168.52.23 (port 1812, qid 5) reached for mobile d4:3b:04:31:d3:f5. message retransmit cnt 6, server
*radiusTransportThread: Nov 16 13:00:13.826: d4:3b:04:31:d3:f5 [Error] Client requested no retries for mobile D4:3B:04:31:D3:F5
*radiusTransportThread: Nov 16 13:00:13.826: d4:3b:04:31:d3:f5 Returning AAA Error 'Timeout' (-5) for mobile d4:3b:04:31:d3:f5
*osapiBsnTimer: Nov 16 13:00:32.769: d4:3b:04:31:d3:f5 802.1x 'txWhen' Timer expired for station d4:3b:04:31:d3:f5 and for message = M0
12-11-2023 02:51 PM
What does the NPS log show? I'm assuming that the existing SSID that is working with NPS is identical to the new SSID you are testing with? Is there something in the policy on NPS that is failing, maybe you are using called-station-id? Try to provide some screen shots or else its just very hard to figure out what is wrong.
12-11-2023 07:33 AM
You need to provide more information. 802.1x has many varieties along with how you configure radius. You need to provide how the clients are configured and how your radio policies are defined. Also make sure that the clients trust the certificate of the NPS server to start with. The logs from NPS should help you understand where to begin your troubleshooting.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide