cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1147
Views
0
Helpful
7
Replies
Highlighted
Beginner

Radius authentication problem on 5508 controller

Dear,

We've just configured a Cisco 5508 wireless controller on our network.

OS version is 8.0.120.0 and it's not possible to upgrade in order to support 1131AG access points.

We encounter an RADIUS authentication problem on Windows clients.

It's important to say that these clients work with an other controller... Unfortunatelly i didn't see any differences between them.

So, i've checked some parameters :

First, the controller can ping RADIUS server IP.

- After, I've verified the interface routing with an other SSID created on the same interface and a WPA pre-shared key.

- Checked WPA settings and changed "timers" like i've seen on others subjects...

but no results !

I hope you will help me to find a solution. In addition, I put my logs on attached file.

Wainting your answers,

Julien.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi,

Are you sure your polices are configured properly on the radius server. Looks like its not, because it shows as a REJECT."Processing Access-Reject"

Regards

Dont forget to rate helpful posts

View solution in original post

7 REPLIES 7
Highlighted
Contributor

OS version is 8.0.120.0 and it's not possible to upgrade in order to support 1131AG access points.

Anything in the 8.0 code train will support the 1130s. 

8.0.140.0 supports them.

Highlighted

That's right... but this controller and this OS version worked on an other site... with same parameters. That's the reason why I'm searching an other cause

Highlighted

 - As stated earlier, check your radius server logs (too) and analyze the particular requests coming from the wl-controller

M.

Highlighted
Beginner

Furthermore, the authentication process failed after this step :

*Dot1x_NW_MsgTask_5: May 24 14:15:30.450: b0:10:41:b8:15:d5 Sending EAP-Request/Identity to mobile b0:10:41:b8:15:d5 (EAP Id 1)
*Dot1x_NW_MsgTask_5: May 24 14:15:30.470: b0:10:41:b8:15:d5 Reset the reauth counter since EAPOL START has been received!!!
*Dot1x_NW_MsgTask_5: May 24 14:15:30.470: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:53
*Dot1x_NW_MsgTask_5: May 24 14:15:30.470: b0:10:41:b8:15:d5 Received EAPOL START from mobile b0:10:41:b8:15:d5
*Dot1x_NW_MsgTask_5: May 24 14:15:30.470: b0:10:41:b8:15:d5 dot1x - moving mobile b0:10:41:b8:15:d5 into Connecting state
*Dot1x_NW_MsgTask_5: May 24 14:15:30.470: b0:10:41:b8:15:d5 Sending EAP-Request/Identity to mobile b0:10:41:b8:15:d5 (EAP Id 2)
*Dot1x_NW_MsgTask_5: May 24 14:15:30.470: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 Received EAPOL EAPPKT from mobile b0:10:41:b8:15:d5
*Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 Received Identity Response (count=1) from mobile b0:10:41:b8:15:d5
*Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 Resetting reauth count 1 to 0 for mobile b0:10:41:b8:15:d5
*Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 EAP State update from Connecting to Authenticating for mobile b0:10:41:b8:15:d5
*Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 dot1x - moving mobile b0:10:41:b8:15:d5 into Authenticating state
*Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 Entering Backend Auth Response state for mobile b0:10:41:b8:15:d5
*Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: May 24 14:15:30.679: b0:10:41:b8:15:d5 Processing Access-Reject for mobile b0:10:41:b8:15:d5
*Dot1x_NW_MsgTask_5: May 24 14:15:30.679: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: May 24 14:15:30.679: b0:10:41:b8:15:d5 Sending EAP-Failure to mobile b0:10:41:b8:15:d5 (EAP Id -1)

Highlighted

Hi,

Are you sure your polices are configured properly on the radius server. Looks like its not, because it shows as a REJECT."Processing Access-Reject"

Regards

Dont forget to rate helpful posts

View solution in original post

Highlighted

i have the same probelm can any one help in that
Access-Reject received from RADIUS server
Highlighted

Please open a new thread and add as much information as possible.
-Scott
*** Please rate helpful posts ***
Content for Community-Ad