cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1189
Views
10
Helpful
8
Replies

3504 wireless controller Invalid AAA request

Hi.

We have 3504 Cisco controller configured with a 1832 AP.

Authentication/connection to the configured WLAN fails and we can see the following messages in the 3504 controller.

*radiusTransportThread: Apr 07 09:00:51.379: %AAA-3-INVALID_REQUEST: radius_db.c:3256 Invalid AAA request. unknown

 

As I understand it this points to the following information.

Explanation    The system has received an AAA request with a null or invalid payload.

 

How can I further troubleshoot this issue?

 

Regards

Gabriel

2 Accepted Solutions

Accepted Solutions

Result Code: No response received from server

 

This is something that need to be investigated.

 

Another interesting place to look is at the  WLC main dashboard, Monitor tab, Statistics, RADIUS Statistics. A list of Radius server will be shown.

 There, clicking in Statistics on the left hand side, you can see :

Authentication Server Statistics
Msg Round Trip Time (milliSeconds)  0
First Requests  0
Retry Requests  0
Accept Responses  0
Reject Responses   0
Challenge Responses  0
Malformed Messages 0
Bad Authenticator Msgs 0
Pending Requests 0
Timeout Requests 0
Unknown Type Msgs 0
Other Drops 0

 

 

View solution in original post

Thanks for your help Flavio.
Your questions and guidance helped med narrow down where the issue was.

I double checked the Network Policy Server service on the NPS RADIUS server and it was not running for some reason even though it is set for Automatic(Delayed) start.
Once I started in manually it all worked flawlessly.

 

Have a great weekend!

View solution in original post

8 Replies 8

Flavio Miranda
VIP Advisor VIP Advisor
VIP Advisor

Hi

 If you run the following command:

test aaa radius username <user name> password <password> wlan-id <wlan-id> ap-group <apgroup-name> server-index <server-index>

 

test aaa show radius

 

 

Do you see the same error message? Do you see any log on the Radius itself?  Which radius are you using?

Which version has your WLC?

 

Thanks for your reply Flavio.

Below is the output that you requested.

Is the output good or bad?

 


(Cisco Controller) test>aaa radius username xxxxxxxx password xxxxxxx wlan-id 1 apgroup default-group server-index 2

Radius Test Request
Wlan-id........................................ 1
ApGroup Name................................... default-group

Attributes Values
---------- ------
User-Name gabriel_admin
Called-Station-Id 00-00-00-00-00-00:Blue
Calling-Station-Id 00-11-22-33-44-55
Nas-Port 0x00000001 (1)
Nas-Ip-Address 10.226.170.44
NAS-Identifier MEU-SWE-3504
Airespace / WLAN-Identifier 0x00000001 (1)
User-Password xxxxxxxxxx
Service-Type 0x00000008 (8)
Framed-MTU 0x00000514 (1300)
Nas-Port-Type 0x00000013 (19)
Cisco / Audit-Session-Id 0ae2aa2c0000000b624eb08e
Acct-Session-Id 624eb08e/00:11:22:33:44:55/17

3504 Controller version is 8.5.140.0.
There are no logs on the radius server which is a Windows server 2012 R2 running as a Network Policy Server.

 


(Cisco Controller) >test aaa show radius

Radius Test Request
Wlan-id........................................ 1
ApGroup Name................................... default-group
Server Index................................... 2
Radius Test Response

Radius Server Retry Status
------------- ----- ------
10.226.168.104 6 No response received from server

Authentication Response:
Result Code: No response received from server
No AVPs in Response

Result Code: No response received from server

 

This is something that need to be investigated.

 

Another interesting place to look is at the  WLC main dashboard, Monitor tab, Statistics, RADIUS Statistics. A list of Radius server will be shown.

 There, clicking in Statistics on the left hand side, you can see :

Authentication Server Statistics
Msg Round Trip Time (milliSeconds)  0
First Requests  0
Retry Requests  0
Accept Responses  0
Reject Responses   0
Challenge Responses  0
Malformed Messages 0
Bad Authenticator Msgs 0
Pending Requests 0
Timeout Requests 0
Unknown Type Msgs 0
Other Drops 0

 

 

Thanks for your feedback Flavio.

I am confused as how to interpet the info in this menu.
Does this info mean that the communication to the RADIUS server does not work since there is no "Accept repsonse"?

RADIUS Servers > Authentication Stats

Server Index
2
Server Address
10.226.168.104
Admin Status
Enabled
Authentication Server Statistics
Msg Round Trip Time (milliSeconds)
0
First Requests
231
Retry Requests
1100
Accept Responses
0
Reject Responses
0
Challenge Responses
0
Malformed Messages
0
Bad Authenticator Msgs
0
Pending Requests
0
Timeout Requests
1320
Unknown Type Msgs
0
Other Drops
0

Thanks for your help Flavio.
Your questions and guidance helped med narrow down where the issue was.

I double checked the Network Policy Server service on the NPS RADIUS server and it was not running for some reason even though it is set for Automatic(Delayed) start.
Once I started in manually it all worked flawlessly.

 

Have a great weekend!

MHM Cisco World
VIP Mentor VIP Mentor
VIP Mentor

are you config the WLAN and client with same Security L3 and are AAA support it?
this must be match all.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers