Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
595
Views
3
Helpful
8
Replies

Users are unable to authenticate from Radius server - cisco 9800 WLC

Go to solution
Rajesh Kumar Reddy
Level 1
Level 1

‎08-04-2024 11:23 PM

Hello team,

I have a 9800 WLC in my setup where one of the SSID is configured for .1x authentication, Since yesterday users are unable to authenticate via Radius for this SSID.

There was ("No config changes was done on Radius, Switch or WLC), No Firmware upgrades and no power outages happened and this happened suddenly.

Could someone suggest what are all the things to be checked to find out the root cause like troubleshooting ways connectivity, logs, which logs will state the issue althose.

Thanks.

Rajesh.

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Rasika Nayanajith
VIP
VIP
In response to Rajesh Kumar Reddy

‎08-05-2024 02:59 AM

Could you let me know if you refer to any EAP certificate ?

Yes, if all 802.1X client not able to connect out of sudden, always check the EAP certificate expiry.

If so should the new one generated on WLC or radius or suggest if something else.
It is typically on your RADIUS server (not on the WLC)

HTH
Rasika

View solution in original post

8 Replies 8

Go to solution
Rasika Nayanajith
VIP
VIP

‎08-04-2024 11:50 PM

Please check on RADIUS server logs that will tell the reason for failure. Could be some certificate expiry

HTH
Rasika
*** Pls rate all useful responses ***

0 Helpful

Go to solution
Rajesh Kumar Reddy
Level 1
Level 1
In response to Rasika Nayanajith

‎08-04-2024 11:55 PM

Hello Rasika Nayanajith,

Thanks alot for reply.

Could you let me know if you refer to any EAP certificate ?

If so should the new one generated on WLC or radius or suggest if something else.

Thanks

Rajesh

0 Helpful

Go to solution
Rasika Nayanajith
VIP
VIP
In response to Rajesh Kumar Reddy

‎08-05-2024 02:59 AM

Could you let me know if you refer to any EAP certificate ?

Yes, if all 802.1X client not able to connect out of sudden, always check the EAP certificate expiry.

If so should the new one generated on WLC or radius or suggest if something else.
It is typically on your RADIUS server (not on the WLC)

HTH
Rasika

Go to solution
Rajesh Kumar Reddy
Level 1
Level 1
In response to Rasika Nayanajith

‎08-05-2024 11:52 PM

Thanks alot for the support Rasika.

This worked for me post remapping the EAP certificate on the Radius server.

0 Helpful

Go to solution
marce1000
VIP
VIP

‎08-04-2024 11:56 PM

 

 - Have a look at https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/217738-monitor-catalyst-9800-kpis-key-performa.html#anc5

  + You may also want to engage in full client debugging according to https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity
    client debugs can be processed with Wireless Debug Analyzer

  + Common advisory : have a checkup of the 9800 WLC's configuration with the CLI command show tech wireless
     and feed the output from that into Wireless Config Analyzer   do not use a simple show  tech as input for this procedure

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎08-05-2024 12:31 AM

Share this 

-Monitoring >wireless>clients 

Check what is client status ?

-troubleshouting >packet capture 

Check if wlc send receive any packet to/from radius server

MHM

0 Helpful

Go to solution
JPavonM
VIP
VIP

‎08-05-2024 08:20 AM

Check the expiration date of your RADIUS server certificate been presented to the clients.

If it's a MS NPS one, the certificate is selected per-policy in the Constraints Tab, under PEAP or Smarcard selection.

If it's Cisco ISE, then look into Administration > Certificates and check the one selected for EAP in the PSNs.

Go to solution
Rajesh Kumar Reddy
Level 1
Level 1
In response to JPavonM

‎08-05-2024 11:53 PM

Thank you JPavonM,

It was issue with EAP certificate.

We have remapped the certificate on the radius server and users started authenticating.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card