Solved: Re: Radius requenst from AP to ISE wrong

3d3d4ul3r · ‎08-29-2019

Hello,

my network

Cisco ISE 2.2 with base license

Cisco 4948 Switch

Cisco WLC 2504

1 AP 2600

2 AP 3500

2 AP 1850

i have change the accesspoint authorization from local authorization on the wlc to authorization on ise.

4 from 5 accesspoint works fine, but one 3500 ap i can´t see in ISE Endpoints and it´s dont send a requenst to ise for authorize.

But this ap works, user can connect to the ap and can browse th network.

All aps and the ise and the wlc on the same switch.

All ports for the aps have the same portconfig.

Restart the wlc or reset the failing ap, no change.

In a second network with vwlc and another 3500 ap with the same ise and switch works fine.

Its only this one ap i dont can see on ise and its dont send a radius request to ise

whats wrong ?

Norbert

3d3d4ul3r · ‎09-01-2019

Hello,

yes the configuration for the 3500 aps all the same.

power off and power on with the factory reset bring the solution.

Norbert

View solution in original post

Arne Bier · ‎09-01-2019

Hi @3d3d4ul3r

Is that 3500 configured identically to the other APs? e.g. is it perhaps in the wrong AP Group? Or does it perhaps have some left over FlexConnect config buried somewhere?

I would try factory defaulting that AP and then starting again. There is nothing in ISE that requires AP-level configuration for a lightweight AP setup like yours.

Have you perhaps inadvertently added the AP as a RADIUS client in ISE? Only the WLC should be a RADIUS client in ISE.

3d3d4ul3r · ‎09-01-2019

Hello,

yes the configuration for the 3500 aps all the same.

power off and power on with the factory reset bring the solution.

Norbert