WPA2 Auth on WLC 5760 using ISE 1.2

fahadafzal · ‎01-05-2014

Hello there,

I am trying to configure WPA2 802.1x authentication on my WLC that should use ISE as radius server which is set to authenticate AD users.

The issue is that when I try to connect the SSID, it does not forward the authentication request to ISE. Therefore, I dont see any authentication request on ISE coming from the client.

I am using the following cli config for the SSID.

wlan TESTSTAFF 70 TESTSTAFF

aaa-override

client vlan Floor_WL

security dot1x authentication-list WPA-Auth

session-timeout 1800

no shutdown

aaa authentication dot1x WPA-Auth group ISE_Group

aaa group server radius ISE_Group

server name ISE

radius server ISE

address ipv4 <ise_ip> auth-port 1812 acct-port 1813

key <key>

On ISE, I have added the WLC as network device. CWA authentication is working fine it is just Layer2 WPA 802.1x authentication which is not forwarding requests to ISE.

Can you please suggest?

Thanks in advance.

Sandeep Choudhary · ‎01-05-2014

is ur wlc and iSE is connected???

is ur Radius Shared secret is correct or same on both side?

Please check these: http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bead09.shtml

Regards

fahadafzal · ‎01-05-2014

Hi,

As I said, my all other authentication types are working between WLC, ISE and AD. I am facing issue only in 802.1x.

Rasika Nayanajith · ‎01-05-2014

Pls check the following, that should help you

http://mrncciew.com/2013/12/16/configuring-radius-on-5760/

As Kasper said, I suspect you are missing dot1x system-auth control command

HTH

Rasika

**** Pls rate all useful responses ****

Kasper Roholt · ‎01-05-2014

Use the following global command on 5760:
dot1x system-auth-control

Rg
Kasper

Sent from Cisco Technical Support iPhone App