ACS | WLC compatibility
We would like to know if ACS 5.7.0.15 is compatible for WLC 8.2.110.0
Hello
Yes it is compatible. Also take a look at this web page:
http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_contro...
Thank you
PS: Please do not forget to rate and score as good response if this solves your problem
Tags: Cisco Security
Similar Questions
-
My installation has cisco WLC 5508 and ACS 1120 ver 5.0. How to authenticate users who access to the WLC via the ACS 1120 users GANYMEDE +. I am able to authenticate users for routers and cisco switches, but when I try the same for the CMT, it fails.
Can someone explain please the config/basic steps that must be configured on both services ACS & WLC.
You use plain vanilla 5.0 or have installed patches?
the ACS 5.1 has new GANYMEDE related functionaity, including support for custom services and attributes. If they are necessary for the WLC yo need support it would improve.
He could also relevant corrective patch from calendar 5.0 but I can't find any relevant specific at this stage CDETS
-
WLC 4402 impossible to authenticate correctly with ACS 5.2
For some reason, I can't WLC to authenticate correctly with ACS 5.2. It's very strange in the sense that when I checked the log. ACS authenticates and authorizes the WLC 4402, but I can't log on the WLC. login screen appears, if I typed the username that he jumped
Controller of >
user:
password:
No matter what I typed (internal or external users), nothing seems to work.
It comes to my frustration, I have no problem with authentication of routers and switches except WLC 4402.
Hello
Please delete privilege on the ACS level settings.
Elements of strategy > authorization and permissions > peripheral Administration > Shell profiles > common tasks
By default the privilege - do not use.
Maximum privilege - not in use
I hope this helps.
Kind regards
Anisha
P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages
-
ACS secondary server does not authenticate users through 3850 WLC
HI - I have a question that my secondary ACS server does not authenticate users when the primary is taken offline. My configuration is:
3850 WLC by using the code version 03.07.00E
ACS Version 5.6 (primary/secondary)
The two ACS servers added to WLC (ACS-NLBP-01 (primary) / HEN-ACS-01 (secondary)), defined in the Group server (ACS_AUTH) and also the method list (ACS_AUTH). List of the ACS_AUTH method is then applied to the SSID.
A 'test of ACS_AUTH aaa server group' command for the two outcomes of ACS server as a result of access. Communication IP/Radius is operational between WLC and two ACS servers.
configuration of 3850 also attached for reference.
Any help would be appreciated.
Thank you
Scott
Please add the below listed orders and test again when you can.
Server radius # deadtime $min$
retransmission of radius-# 1 Server
# Server radius-dead-criteria times 5 tent 1Configuring settings for all RADIUS servers
HTH
~ Jousset
-
WLC / ACS / AD - domain and laptops no - domain (802. 1 X / PEAP)
Hi all
I implement a solution based on 4404 WLC, 1113 ACS and Microsoft AD. What I want to achieve is to have two WIFI (SSID), that can be used by users on laptops of the domain, the other can be used by the users in the domain on personal laptops. Field portable computers will have full connectivity, but personal laptops will be restricted.
I created the two SSID using 802. 1 X by ACS / Remote Agent and can authenticate and connection OK.
I thought I should have user auth and auth machine for laptops of area but just user auth for personal laptops.
I have unauthenticated machines go to one group ACS or blocked, but I need to enable them in if they are on the SSID restricted. I can't quite understand how to have two SSID is authenticating with the same ACS / AD - one green and the other.
I'm on the right track?
Anyone done this before or have any bright ideas?
See you soon,.
John
With the use of WLAN access based on the SSID, users can be authenticated based on the SSID they use to connect to the WLAN. The Cisco Secure ACS server is used to authenticate users. Authentication happens in two stages on the Cisco Secure ACS:
1 authentication EAP
2 resulting SSID authentication of network (NARS) on Cisco Secure ACS Access Restrictions
For the new designation and configuraiton following URL can help you:
http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml
-
WCS &; WLC version compatibility
Are there compatibility issues between the 7.0.164.0 of the WCS and WLC version 7.0.116.0 version?
Hi Jason,
Table 1-WCS Versions
WCS versionController supported versionsRental Server Versions supportedVersions supported for MSERelease dateUpgrade took in charge ofOperating system requirement7.0.172.0
7.0.116.0
7.0.98.218
7.0.98.0
6.0.202.0
6.0.199.4
6.0.196.0
6.0.188.0
6.0.182.0
6.0.108.0
5.2.193.0
5.2.178.0
5.2.157.0
4.2.209.0
4.2.207.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.06.0.202.0
7.0.201.0
April 2011
7.0.164.3
7.0.164.0
6.0.202.0
6.0.196.0
6.0.181.0
6.0.170.0
6.0.132.0
5.2.148.0
5.2.130.0
5.2.125.0
5.2.110.0Windows 2003 SP2 32-bit
RHEL 5.x
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
7.0.164.3
7.0.98.0
6.0.202.0
6.0.199.4
6.0.196.0
6.0.188.0
6.0.182.0
6.0.108.0
5.2.193.0
5.2.178.0
5.2.157.0
4.2.209.0
4.2.207.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.06.0.103.0
7.0.105.0
December 2010
7.0.164.0
6.0.196.0
6.0.181.0
6.0.170.0
6.0.132.0
5.2.148.0
5.2.130.0
5.2.125.0
5.2.110.0Windows 2003 SP2 32-bit
RHEL 5.x
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
7.0.164.0
7.0.98.0
6.0.202.0
6.0.199.4
6.0.196.0
6.0.188.0
6.0.182.0
6.0.108.0
5.2.193.0
5.2.178.0
5.2.157.0
4.2.209.0
4.2.207.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.06.0.103.0
7.0.105.0
June 2010
6.0.181.0
6.0.170.0
6.0.132.0
5.2.148.0
5.2.130.0
5.2.125.0
5.2.110.0Windows 2003 SP2 32-bit
RHEL 5.x
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
6.0.202.0
6.0.202.0
6.0.199.4
6.0.199.0 (taken from EAC)
6.0.196.0
6.0.188.0
6.0.182.0
6.0.108.0
5.2.193.0
5.2.178.0
5.2.157.0
5.1.163.0
5.1.151.0
4.2.209.0
4.2.207.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.06.0.202.0
6.0.202.0
April 2011
6.0.196.0
6.0.181.0
6.0.170.0
6.0.132.0
5.2.148.0
5.2.130.0
5.2.125.0
5.2.110.0
5.1.65.4
5.1.64.0
4.2.128.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0Windows 2003 SP2 32-bit
RHEL 5.x
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
6.0.196.0
6.0.199.4
6.0.199.0 (taken from EAC)
6.0.196.0
6.0.188.0
6.0.182.0
6.0.108.0
5.2.193.0
5.2.178.0
5.2.157.0
5.1.163.0
5.1.151.0
4.2.209.0
4.2.207.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.06.0.102.0
6.0.105.0
July 15, 2010
6.0.181.0
6.0.170.0
6.0.132.0
5.2.148.0
5.2.130.0
5.2.125.0
5.2.110.0
5.1.65.4
5.1.64.0
4.2.128.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0Windows 2003 SP2 32-bit
RHEL 5.x
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
6.0.181.0
6.0.196.0
6.0.188.0
6.0.182.0
6.0.108.0
5.2.193.0
5.2.178.0
5.2.157.0
5.1.163.0
5.1.151.0
4.2.207.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.06.0.101.0
6.0.103.0
February 17, 2010
6.0.170.0
6.0.132.0
5.2.148.0
5.2.130.0
5.2.125.0
5.2.110.0
5.1.65.4
5.1.64.0
4.2.128.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0Windows 2003 SP2 32-bit
RHEL 5.x
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
6.0.170.0
6.0.188.0
6.0.182.0
6.0.108.0
5.2.193.0
5.2.178.0
5.2.157.0
5.1.163.0
5.1.151.0
4.2.207.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.06.0.97.0
6.0.97.0
November 8, 2009
6.0.132.0
5.2.148.0
5.2.130.0
5.2.125.0
5.2.110.0
5.1.65.4
5.1.64.0
4.2.128.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0Windows 2003 SP2 32-bit
RHEL 5.x
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
6.0.132.0
6.0.182.0
6.0.108.0
5.2.178.0
5.2.157.0
5.1.163.0
5.1.151.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.06.0.85.0
6.0.85.0
June 11, 2009
5.2.130.0
5.2.125.0
5.2.110.0
5.1.65.4
5.1.64.0
4.2.128.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0Windows 2003 SP2 32-bit
RHEL 5.x
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
5.2.148.0
5.2.193.0
5.2.178.0
5.2.157.0
5.1.151.0
5.0.148.2
5.0.148.0
4.2.207.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.05.2.100.0
5.2.100.0
June 25, 2009
5.2.130.0
5.2.125.0
5.2.110.0
5.1.65.4
5.1.64.0
5.0.72.0
5.0.56.2
5.0.56.0
4.2.128.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0Windows 2003 SP2 32-bit
RHEL 5.x
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
5.2.130.0
5.2.178.0
5.2.157.0
5.1.151.0
5.0.148.2
5.0.148.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.05.2.91.0
5.2.91.0
February 21, 2009
5.2.125.0
5.2.110.0
5.1.65.4
5.1.64.0
5.0.72.0
5.0.56.2
5.0.56.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0Windows 2003 SP2 32-bit
RHEL 5.x
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
5.2.125.0
5.2.178.0
5.2.157.0
5.1.151.0
5.0.148.2
5.0.148.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.05.2.91.0
5.2.91.0
February 10, 2009
5.2.110.0
5.1.65.4
5.1.64.0
5.0.72.0
5.0.56.2
5.0.56.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0Windows 2003 SP2 32-bit
RHEL 5.x
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
5.2.110.0
5.2.157.0
5.1.151.0
5.0.148.2
5.0.148.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.05.2.91.0
5.2.91.0
November 24, 2008
5.1.64.0
5.0.72.0
5.0.56.2
5.0.56.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0Windows 2003 SP2 32-bit
RHEL 5.1
RHEL 5.0
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
5.1.65.4
5.1.163.0
5.1.151.0
5.0.148.2
5.0.148.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.05.1.35.0
5.1.35.0
January 9, 2009
5.1.64.0
5.0.72.0
5.0.56.2
5.0.56.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0Windows 2003 SP2 32-bit
RHEL 5.x
RHEL 5.x
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
5.1.64.0
5.1.151.0
5.0.148.2
5.0.148.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.05.1.30.0
5.1.30.0
July 21, 2008
5.0.56.2
5.0.56.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0Windows 2003 SP2 32-bit
RHEL 5.1
RHEL 5.0
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
5.0.72.0
5.0.148.2
5.0.148.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0
4.1.185.0
4.1.171.04.0.38.0
Does not apply
August 5, 2008
5.0.56.2
5.0.56.0
4.2.62.11
4.2.62.0
4.1.91.0
4.1.83.0Windows 2003 SP2 32-bit
RHEL 5.1
RHEL 5.0
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
5.0.56.2
5.0.148.0
4.2.61.0
4.1.x.x4.0.33.0
Does not apply
April 14, 2008
5.0.56.0
4.2.62.11
4.2.62.0
4.1.91.0
4.1.83.0Windows 2003 SP2 32-bit
RHEL 5.0
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
5.0.56.0
5.0.148.0
4.2.61.0
4.1.x.x4.0.32.0
Does not apply
February 16, 2008
4.2.62.11
4.2.62.0
4.1.91.0
4.1.83.0Windows 2003 SP2 32-bit
RHEL 5.0
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
4.2.128.0
4.2.207.0
4.2.205.0
4.2.176.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0
4.1.185.0
4.1.171.0
4.0.216.0
4.0.206.0
4.0.179.11
4.0.179.8
4.0.155.03.1.43.0
Does not apply
May 13, 2009
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0
4.1.91.0
4.1.83.0
4.0.100.0
4.0.97.0
4.0.96.0
4.0.87.0
4.0.81.0
4.0.66.0Windows 2003 SP2 32-bit
RHEL 4.0
RHEL 5.0 (No. 5.1 and later supported)
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
4.2.110.0
4.2.176.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0
4.1.185.0
4.1.171.0
4.0.216.0
4.0.206.0
4.0.179.11
4.0.179.8
4.0.155.03.1.42.0
Does not apply
29 sep 2008
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0
4.1.91.0
4.1.83.0
4.0.100.0
4.0.97.0
4.0.96.0
4.0.87.0
4.0.81.0
4.0.66.0Windows 2003 SP2 32-bit
RHEL 4.0
RHEL 5.0
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
4.2.97.0
4.2.176.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0
4.1.185.0
4.1.171.0
4.0.216.0
4.0.206.0
4.0.179.11
4.0.179.8
4.0.155.03.1.38.0
Does not apply
June 3, 2008
4.2.81.0
4.2.62.11
4.2.62.0
4.1.91.0
4.1.83.0
4.0.100.0
4.0.97.0
4.0.96.0
4.0.87.0
4.0.81.0
4.0.66.0Windows 2003 SP2 32-bit
RHEL 4.0
RHEL 5.0
Windows/RHEL on ESX 3.0.1 and above
No support for 64-bit
4.2.81.0
4.2.99.0
4.2.61.0
4.1.185.0
4.1.171.0
4.0.216.0
4.0.206.0
4.0.179.11
4.0.179.8
4.0.155.03.1.36.0
Does not apply
March 17, 2008
4.2.62.11
4.2.62.0
4.1.91.0
4.1.83.0
4.0.100.0
4.0.97.0
4.0.96.0
4.0.87.0
4.0.81.0
4.0.66.0Windows 2003 SP2 32-bit
RHEL 4.0
RHEL 5.0
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
4.2.62.11
4.2.61.0
4.1.185.0
4.1.171.0
4.0.216.0
4.0.206.0
4.0.179.11
4.0.179.8
4.0.155.03.1.35.0
Does not apply
January 25, 2008
4.2.62.0
4.1.91.0
4.1.83.0
4.0.100.0
4.0.97.0
4.0.96.0
4.0.87.0
4.0.81.0
4.0.66.0Windows 2003 SP2 32-bit
RHEL 4.0 update 5
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
4.2.62.0
4.2.61.0
4.1.185.0
4.1.171.0
4.0.216.0
4.0.206.0
4.0.179.11
4.0.179.8
4.0.155.03.1.35.0
Does not apply
November 9, 2007
4.1.91.0
4.1.83.0
4.0.100.0
4.0.97.0
4.0.96.0
4.0.87.0
4.0.81.0
4.0.66.0Windows 2003 SP2 32-bit
RHEL 4.0 update 5
Windows / RHEL on ESX 3.0.1 and above
No support for 64-bit
http://www.Cisco.com/en/us/docs/wireless/WCS/release/notes/WCS_RN7_0_172.html
See you soon!
Rob
PS: + 5 to my friend Leo with the invisible stars
-
ACS 4.1 compatible with WLC 6.0.196.0
Hello
I have to upgrade our WLC4404s from version 4.2.207.0 to 6.0.196.0 so that our new 1142N APs are supported. Is someone can you please tell me if I am required to upgrade to Cisco Secure ACS version 4.1 and 4.2 to stay compatible (Windows) Please?
The WLC 6.0.196.0 notes publication to State "this product has been tested with CiscoSecure ACS 4.2 and later and works with any RFC-compliant RADIUS server."
Thank you
Brodie
An upgrade is not required for the current features continue to work. You only need to upgrade to 4.2 improvements. 4.1 conforms to the RFC.
-
Authentication Radius ACS with WLC 5508 and AD 2012 5.5 failure
Hello
I need help on these errors.
Here is my configuration: WLC 5508 7.6.130.0-> ACS 5.5.0.46-> AD 2012
I have (2) errors in ACS 5.5
12514 EAP - TLS failed SSL/TLS handshake because of unknown CA in the client certificate chain
Already installed the CA cert and cert local in ACS as well as in the client PC.
Please see screenshots
OK, in this case:
1. you will need to properly configure the Windows pleading before that this can work. You need to set the type of authentication and the trusted certification authority. If the certification authority is not available in the list of certificates, you need to import
2. If you do PEAP then your identity store should be Active Directory and no profile authentication certificate. The certificate authentication profile is used for the basis of certificates (EAP - TLS) authentication.
Thank you for evaluating useful messages!
-
ACS 4.2 Remote agent compatibility issues.
I did a little reading on the compatibility of remote ACS 4.2 with Windows 2008 R2 agent, and it seems that the only way out is to upgrade the ACS to 5.2. We have Cisco ACS 4.2 SE and I would like someone to confirm that I have installed what happens if the remote agent on a Windows 2003 server of Member rather than the 2008 R2 domain controller. Such a scenario will work?
Comments are appreciated.
Concerning
Yes, here's what a bug documented with this CSCtg37183 information:
Excerpt from the previous link:
ACS 4.x does not support the Server 2008 R2 to AD. Symptom:
ACS 4.x does not support authentication to a back-end Server 2008 R2 Active Directory.
Conditions:
ACS 4.x
Windows Server 2008 R2 installed on the domain controller
ACS or remote agent installed on a member server in the environment (even if the Server 2003/2008)Workaround solution:
Install the ACS or the Remote Agent on a domain controller 2003/2008
Cisco does not support this scenario because sometimes work well other doesn't work at all, so nobody wants an unstable network right, unfortunately workaround doesn't help much. Although there is an ACS 5.2 trial version that you can test, let me know if I can get you the links.
-
WLC with ACS 5.1 (RADIUS) for management * AND * Network users
Hello
I have authentication RADIUS of installation for the users of the network AND management on my NM - WLC (5.2 ongoing execution) against ACS 5.1
My Question is:-
For users to log in to Admin, I need to come back "Service-Type = Administrative - User" in order to make it work.
Because the ACS sees all applications from the same device (WLC) for Admin and network users,
the way I am currently treats it is by creating a filter based on the user name
Thus, users that contain 'admin' in their ID, use a set of
Network access policy authorization, who has an authorization associated with the attributes RADIUS profile.
Normal users have a ' network access policy authorization different rule ", with a different profile.
While this DOES WORK fine, still me I was wondering if there is a better way to do it, rather than create a rule
based on the user name.
I could use GANYMEDE + for the management, but I don't think that ACS allows the same client AAA (WLC) to use both protocols.
Thank you
I think it's something very common for things to do
You may notice that ACS 5 comes preinstalled with a selection policy of service that differentiates them the Protocol-based queries and orders or service 'Access to the network by default' or "Default Device Admin" out of the box
If you want only to RAY can either disable or delete the rule for applications of GANYMEDE + or not choose GANYMEDE + in the definitions of the unit
-
Cisco ACS 3.2 compatibility
We have a few servers ACS 3.2 old, legacy and soon-to-be-replaced-with-5.1. One of them had some serious problems and must be rebuilt.
The current operating system is Win2k. We were going to upgrade the OS to 2003 while he was down. Are there problems of compatibility with 3.2 and 2003? Anyone had any success is 3.2 to run on this?
Thank you
Hello
ACS 3.2 on Windows 2003 has never been tested, so we don't know whether or not you will encounter problems with 3.2 on 2003. I see a problem that you might encounter where the GANYMEDE + and RADIUS services may not start automatically after a reboot and will have to be started manually:
CSCsb81671 : services CSTacacs and CSRadius do not start with Windows 2003
I personally would stick with Windows 2000 for ACS 3.2 since you are migrating out of these servers soon anyway.
-Jesse
-
ACS 5.1 integration with WLC
Hello
can someone help me find a document for ACS 5.1 appliance, integration GANYMEDE + (configuration) with my WLC. configuration of RADIUS also for clients.
all configuration of wireless controller shows only acs 4.x integration.
Thanks in advance
Hello
There is unfortunately no official configuration example for this right now.
Haowever, you can view these screenshots I took an example of laboratory, to set up the profile of shell and pass it back due to the authorization rule.Hope this helps,
Fede
--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it. -
ACS 5.0 - WLC could not authenticate
Salvation of the Forumers
My script is
1 using the microsoft AD running on window 2008, use ad server to perform authentication of identity
2. I let successfully the ACS 5.0 device link and join the domain created on the AD server.
3. I have also set up on WLC 2100 series with the right key on pre-shared, server IP RADIUS (which is my ACS appliance IP)
Problem statement:
1. try to access the network Journal ACS showing the error log 'Unknow CA, a no authentication'. (I know I'm missing to place certificate for EAP protocol somehow...)
Question:
1. to solve this problem, I can generate self-signed certificate ACS, then let the WLC import the certificate self-signed GBA?
(so EAPoW challenge can happen as ACS and WLC are reciprocal trust, which, in my view, ACS simply use the user of the AD, so in this cse ACS database is the authentication server and WLC is the authenticator and my AP / user's begging him, am I rite?)
can I not like it? Appreciate all feedback and response!
2. If we are not my thought, can you please suggest me a solution (my requirement, it is not using any third party trusted agent certificate)
Thank you
Noel
Hi Noel,
If I can update your list, the components must be the following:
-ACS authentication server =
-WLC = authenticator
-wireless client = client
Use of certificates for EAP authentication between client wireless and ACS (devices performing the EAP authentication): the WLC check all ACS certificate.
You can certainly create a self-signed certificate on ACS for PEAP for example working.
On the client, you must then either not to validate a server certificate or to import GBA self-signed certificate as a CA certificate root to trust the self-signed certificate ACS itself when sent by ACS during the configuration of the PEAP TLS tunnel.
One final note, for WLC working with ACS 5.0, please make sure you are on the patch
5.0.0.21.6 or laterhttp://www.Cisco.com/cgi-bin/tablebuild.pl/acs5_patches
in order to avoid the known bug CSCsy17858
Kind regards
Fede
--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.
-
WLC 4400 w/o ACS home page
I administer a network comprising 11 APs, ASA 5510, 4402 WLC and 1760 router wireless.
The network share an internet connection to all guests free of charge so I did not need authorization.
I want to implement a cover page which would have shown to all clients when they connect first. The start page is suppoused have only the basic information on the service provided and no logon.
Is it possible to do without buying an ACS?
Thank you for your help.
Hello!
Yes, if you do not need authentication (which would require to define users locally on the WLC or by using a RADIUS external.. like ACS server), you can directly activate Web Auth Passthrough on the WLC.
Check out this example config:
http://www.Cisco.com/en/us/products/ps6366/products_configuration_example09186a00809bdb5f.shtml
In any case, this thread should better go to the wireless community if ACS does not participate.
I hope this helps!
Kind regards
Federico
--
If this answers your question please mark the question as "answered" and write it down, so other users can easily find it. -
ACS RADIUS timeout with WLC 7.0 5.0
Hi guys,.
I'm setting up a device Cisco Secure ACS 1120 running 5.0.0.21 ACS to manage the RADIUS of a Cisco WLC 5508 device query running the 7.0.116.0 version.
- These devices have open communication on all ports - no firewall or ACL
- they have successful ping communication
The following statements illustrate some but not all debugging I did to make sure that each device works properly in isolation.
- Using the simple windows (radserv2.exe) instead of the Cisco ACS RADIUS server
- This works and the WLC gets answer my fortune Server RADIUS
- Using a simple windows EAP client to query the ACS using the RADIUS protocol
- This works and the FAC processes the RADIUS request and sends a response
- Placed a customer wireshark on the network to inspect the time-out.
- Wireshark saves the package to the WLC for GBA using port 1812 but does not see responses to GBA package
At the moment I have the
- WLC accepting wireless client association and
- sending the query RADIUS (EAP - TLS, PEAP and EAP-FAST) for GBA,
- the WLC receives no answer and generates a timeout message and separates the client.
- Note this is not a rejection or a similar message, the simple ACS does not even the package. i.e. There is absolutely nothing in the logs of ACS to suggest that he had even received a package of radius of the WLC.
In summary the WLC and GBA properly operate independently, but they do not communicate via radius.
Any help appreciated thanks
It seems that you use ACS 5.0 without tasks.
For your information, the version of the product is now up to 5.2 and 5.3 ACS should soon be released
I recall there was a problem with ACS 5.0 with WLC operations that has been resolved in patch for 5.0
I'm not sure of the specific CDETS but can be:
CSCsy17858 Any manipulation of Tunnel-Type & Tunnel-Client-Endpoint uploading incorrect
ACS 5.0 has a rollup with all the patches being accumulated approach
My recommendation would be to download the patch 8 for ACS 5.0: 5.0.0.21.8
Patch can be downloaded from CEC
To install a patch set a repository on ACS (cumulative patches are larger than 32 MB, you can not use TFTP to it), copy the patch file in the repository, click ACS CLI:
# acs patch installs repository
Maybe you are looking for
-
I have had my iPad Pro for 6 months, I hunt bought a new Bluetooth headphones work fine on my iPhone 6, yet my ipad even not see this device, I tried my old Bluetooth apple keyboard and unrecognized, either. The only device with which it seems to est
-
Since the installation of 4.0, I have no 'home' button How to return to my homepage after opening other windows, such as mail electronics or face book without going through the start menu or Favorites? Can I return to 3.6?
-
HP Envy 700-074: Bluetooth controller driver
Now, he is asked to the bluetooth controller driver. Suggestions anyone?
-
Impossible to uninstall Expression Web 3 SP2
Hello everyone, I have a Windows XP Pro SP3 and Office 2003 Standard (latest version of Windows + installed Office updates) and I installed a trial of Microsoft Expression Web 3 and updated to SP2. I decided, after the trial, I want to keep the softw
-
How do we install the drivers for my HP 8620 on iMac running Didier?
I use Windows XP on my iMac running Didier and just took all the drivers for my old HP 7520. I've updated to HP Officejet Pro 8620 and cannot install the drivers for the new printer. Any suggestions?