Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
593
Views
5
Helpful
4
Replies
fahadafzal
Beginner
Beginner
‎01-05-2014 12:32 AM
‎01-05-2014 12:32 AM

WPA2 Auth on WLC 5760 using ISE 1.2

Hello there,

I am trying to configure WPA2 802.1x authentication on my WLC that should use ISE as radius server which is set to authenticate AD users.

The issue is that when I try to connect the SSID, it does not forward the authentication request to ISE. Therefore, I dont see any authentication request on ISE coming from the client.

I am using the following cli config for the SSID.

wlan TESTSTAFF 70 TESTSTAFF

aaa-override

client vlan Floor_WL

security dot1x authentication-list WPA-Auth

session-timeout 1800

no shutdown      

aaa authentication dot1x WPA-Auth group ISE_Group

aaa group server radius ISE_Group

server name ISE

radius server ISE

address ipv4 <ise_ip> auth-port 1812 acct-port 1813

key <key>

On ISE, I have added the WLC as network device. CWA authentication is working fine it is just Layer2 WPA 802.1x authentication which is not forwarding requests to ISE.

Can you please suggest?

Thanks in advance.

0 Helpful
4 REPLIES 4
Sandeep Choudhary
VIP Mentor VIP Mentor
VIP Mentor
‎01-05-2014 01:03 AM
‎01-05-2014 01:03 AM

is ur wlc and iSE is connected???

is ur Radius Shared secret is correct or same on both side?

Please check these: http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bead09.shtml

Regards

0 Helpful
fahadafzal
Beginner
Beginner
In response to Sandeep Choudhary
‎01-05-2014 03:26 AM
‎01-05-2014 03:26 AM

Hi,

As I said, my all other authentication types are working between WLC, ISE and AD. I am facing issue only in 802.1x.

0 Helpful
Rasika Nayanajith
VIP Mentor VIP Mentor
VIP Mentor
In response to fahadafzal
‎01-05-2014 10:53 AM
‎01-05-2014 10:53 AM

Pls check the following, that should help you

http://mrncciew.com/2013/12/16/configuring-radius-on-5760/

As Kasper said, I suspect you are missing dot1x system-auth control command

HTH

Rasika

**** Pls rate all useful responses ****

Kasper Roholt
Beginner
Beginner
‎01-05-2014 07:32 AM
‎01-05-2014 07:32 AM

Use the following global command on 5760:
dot1x system-auth-control

Rg
Kasper

Sent from Cisco Technical Support iPhone App

0 Helpful
Latest Contents
Cisco IOS-XE 17.5.1 for the Catalyst 9800 Wireless Controlle...
Created by anandg on 04-02-2021 11:02 AM
5
15
5
15
  It’s been about two and half years, since the launch of next generation Cisco Catalyst 9800 Wireless LAN Controllers that has the most deployment flexibility and runs the modular, scalable, highly reliable, open and programmable operating system, I... view more
Wi-Fi 6 and Embeded Wireless Controller (EWC) Demo
Created by eugenelee28 on 03-21-2021 01:48 AM
3
5
3
5
Hi All, I have made this video for Cisco Pitch the Future Contest in Malaysia which talks about Wi-Fi 6 and EWC Demo. Please feel free to view the video below and please support me for this contest by giving the video a like as the Contest will end o... view more
Cisco Wants your Feedback on the Cat9800-80!
Created by caiharve on 03-09-2021 03:43 PM
0
5
0
5
Review the Cisco Catalyst 9800-80 Wireless Controller on TrustRadius and receive a $25 gift card!   
EEM Scripts to Enable/Disable the RLAN Ports on APs Connecte...
Created by justloo on 03-07-2021 10:43 AM
0
10
0
10
Overview On the Cisco Catalyst 9800 Series WLC, enabling/disabling the remote LAN (RLAN) ports on APs requires going into the configuration for each AP and manually enabling/disabling the ports. However, as the number of APs that need to have their RLAN... view more
An End of an Era for Cisco AireOS Controllers
Created by byronm19 on 03-05-2021 12:30 PM
2
5
2
5
It’s been a long road for our AireOS wireless controllers. In fact these products have been around Cisco in some form since 2005. As you may have heard, Cisco made the decision to End-of-Sale (EOS) these products last month. That means that these AireOS ... view more
Content for Community-Ad