WLC 7.4 with ACS 4.1

Roger Alderman · ‎04-02-2013

Hi All

Has anyone any experience of using a Cisco 5508 controller (code version 7.4.100.0) with an ACS appliance running version 4.1 or 4.2?

I've found that the ACS constantly reports a 'Bad request from NAS' (Invalid message authenticator in EAP request). message. This usually indicates a mismatched shared secret but this isn't the case.

The controller works fine opposite a Microsoft NPS Radius Server.

Regards

Roger

Scott Fella · ‎04-02-2013

Make sure you don't have Radius Server Overwrite interface under the WLAN > Security > AAA. Also make sure the NAD ID is the hostname of the WLC under the WLAN > General tab.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Roger Alderman · ‎04-02-2013

Hi Scott

I've already checked these elements and they are fine.

I am sceptical about the NAS ID that's now in the WLC configuration.

However, I can't verify that for certain.

Scott Fella · ‎04-02-2013

By default the NAS-ID on the WLAN is the hostname of the WLC. If that is changed and the WLC was rebooted, then the NAS-ID that will be seen by the radius is that under the WLAN. The Radius server Overwrite interface will change the NAS-ID to the dynamic interface and not the management interface.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Roger Alderman · ‎04-02-2013

I know all that and everything is fine.

The NAS-ID is the hostname of the WLC and has not been changed.

The NAS-ID shown in the ACS logs is also correct.

As I also pointed out - the controller works fine with a different Radius server.

Scott Fella · ‎04-02-2013

I had 4.2 running with no issues but on the early 7.3 for testing. The only thing I had issues with was what I had mentioned. Maybe it is an issue with 7.4 and ACS 4.2, but radius is radius so its hard to say that its a compatibility issue.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Roger Alderman · ‎04-02-2013

I'll have to try and do some more tests. I can't see any bugs relating to this issue.

Its an odd one for sure.

Thanks anyway Scott.

kasun.haputhanthri · ‎06-30-2013

Hi Gents,

I have the same issue with our ACS server logs filling up like crazy. All entries from WLCs and I have tried what yo guys have talked on this thred but with no luck. Just wanted to ask if you were able to resolve or rectify this issue by any chance.

Cheers.

Roger Alderman · ‎07-08-2013

Hi Kasun

I didn't resolve it. However, there are allegedly a large number of bugs with the 7.4.100.0 code so possibly this is the issue. There should now be a later version of code on CCO so I'd try that first.

kasun.haputhanthri · ‎07-08-2013

Hi Roger,

We have updated the 5508s to software version 7.2.111.3 and our ACS is 4.2(0) Build 124 Patch 7. However I have tried almost everything I can find as appropriate suggestions from forums. Anyway thanks you for the reply, please update if you get to know any further.

Cheers

Abhishek Abhishek · ‎07-10-2013

Hello,

As per your query i can suggest you the following solution-

Please refer to the link-

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED.pdf

Hope this will help you.

Roger Alderman · ‎07-11-2013

So you have directed us to the manual for version 7.4 - what exactly are you trying to highlight?