Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
968
Views
0
Helpful
2
Replies

WLC 5508 fails 802.1x authentication when upgrading from version 7.4 to any version 8 OS

grettel.aviles
Level 1
Level 1

‎05-31-2017 09:05 AM - edited ‎07-05-2021 07:08 AM

I have two WLCs paired in an HA running versión 7.4.121. Several SSIDs with 802.1x authenticate against a RADIUS server in a Windows 2008 server. Users authenticate normally on WLC running version 7, but once I upgrade to version 8 (I tried 8.0.140 and 8.2.151) all users fail to authenticate on 802.1x SSIDs. We already checked both sides (RADIUS and WLC) and nothing seems to change, except the logs from the WLC indicate AAA authentication failure from user xxxxx, while the RADIUS keeps sending the reason code 66, but no policies have changed and neither have the passwords for users.

I'll appreciate any feedback you could give on this matter as we've tried 3 times to upgrade this and Cisco TAC says it's not a WLC issue. Any tests you might've made (whether on the WLC or if it could be a Windows issue) will surely help.

I'm attaching the NPS version.

Regards.

Labels:
Preview file
19 KB
0 Helpful
2 Replies 2

Rasika Nayanajith
VIP
VIP

‎06-02-2017 02:14 PM

As per the below status code 66 indicate policy matching issue. Make sure appropriate EAP types are allowed.

https://technet.microsoft.com/en-us/library/dd197521(v=ws.10).aspx

66: Authentication failed. Either the client computer attempted to use an authentication method that is not enabled on the matching network policy or the client computer attempted to authenticate as Guest, but guest authentication is not enabled. To resolve this issue, ensure that all client computers are configured to use one or more authentication methods that are allowed by matching network policies.

If you have test setup I would use it to test it before upgrade production WLCs again.

HTH

Rasika

*** Pls rate all useful responses ***

0 Helpful

grettel.aviles
Level 1
Level 1
In response to Rasika Nayanajith

‎06-02-2017 02:33 PM

Hi Rasika,

I verified that appropriate EAP types were enabled on a recent maintenance window attempting to make this upgrade work. As I mentioned before, there were no changes made on the RADIUS once I upgraded the WLC to version 8. We even used some test commands on the WLC's console to check if connectivity and compatibility to the RADIUS was established and it was successful.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card