ACS | WLC compatibility

We would like to know if ACS 5.7.0.15 is compatible for WLC 8.2.110.0

Hello

Yes it is compatible. Also take a look at this web page:

http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_contro...

Thank you

PS: Please do not forget to rate and score as good response if this solves your problem

Tags: Cisco Security

Similar Questions

authenticate the cisco WLC 5508 with cisco ACS 1120 (version 5.0) using GANYMEDE +.

My installation has cisco WLC 5508 and ACS 1120 ver 5.0. How to authenticate users who access to the WLC via the ACS 1120 users GANYMEDE +. I am able to authenticate users for routers and cisco switches, but when I try the same for the CMT, it fails.

Can someone explain please the config/basic steps that must be configured on both services ACS & WLC.

You use plain vanilla 5.0 or have installed patches?

the ACS 5.1 has new GANYMEDE related functionaity, including support for custom services and attributes. If they are necessary for the WLC yo need support it would improve.

He could also relevant corrective patch from calendar 5.0 but I can't find any relevant specific at this stage CDETS

WLC 4402 impossible to authenticate correctly with ACS 5.2

For some reason, I can't WLC to authenticate correctly with ACS 5.2. It's very strange in the sense that when I checked the log. ACS authenticates and authorizes the WLC 4402, but I can't log on the WLC. login screen appears, if I typed the username that he jumped

Controller of >

user:

password:

No matter what I typed (internal or external users), nothing seems to work.

It comes to my frustration, I have no problem with authentication of routers and switches except WLC 4402.

Hello

Please delete privilege on the ACS level settings.

Elements of strategy > authorization and permissions > peripheral Administration > Shell profiles > common tasks

By default the privilege - do not use.

Maximum privilege - not in use

I hope this helps.

Kind regards

Anisha

P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages

ACS secondary server does not authenticate users through 3850 WLC

HI - I have a question that my secondary ACS server does not authenticate users when the primary is taken offline. My configuration is:

3850 WLC by using the code version 03.07.00E

ACS Version 5.6 (primary/secondary)

The two ACS servers added to WLC (ACS-NLBP-01 (primary) / HEN-ACS-01 (secondary)), defined in the Group server (ACS_AUTH) and also the method list (ACS_AUTH). List of the ACS_AUTH method is then applied to the SSID.

A 'test of ACS_AUTH aaa server group' command for the two outcomes of ACS server as a result of access. Communication IP/Radius is operational between WLC and two ACS servers.

configuration of 3850 also attached for reference.

Any help would be appreciated.

Thank you

Scott

Please add the below listed orders and test again when you can.

Server radius # deadtime $min$
retransmission of radius-# 1 Server
# Server radius-dead-criteria times 5 tent 1

Configuring settings for all RADIUS servers

HTH

~ Jousset

WLC / ACS / AD - domain and laptops no - domain (802. 1 X / PEAP)

Hi all

I implement a solution based on 4404 WLC, 1113 ACS and Microsoft AD. What I want to achieve is to have two WIFI (SSID), that can be used by users on laptops of the domain, the other can be used by the users in the domain on personal laptops. Field portable computers will have full connectivity, but personal laptops will be restricted.

I created the two SSID using 802. 1 X by ACS / Remote Agent and can authenticate and connection OK.

I thought I should have user auth and auth machine for laptops of area but just user auth for personal laptops.

I have unauthenticated machines go to one group ACS or blocked, but I need to enable them in if they are on the SSID restricted. I can't quite understand how to have two SSID is authenticating with the same ACS / AD - one green and the other.

I'm on the right track?

Anyone done this before or have any bright ideas?

See you soon,.

John

With the use of WLAN access based on the SSID, users can be authenticated based on the SSID they use to connect to the WLAN. The Cisco Secure ACS server is used to authenticate users. Authentication happens in two stages on the Cisco Secure ACS:

1 authentication EAP

2 resulting SSID authentication of network (NARS) on Cisco Secure ACS Access Restrictions

For the new designation and configuraiton following URL can help you:

http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml

WCS & WLC version compatibility

Are there compatibility issues between the 7.0.164.0 of the WCS and WLC version 7.0.116.0 version?

Hi Jason,

Table 1-WCS Versions

WCS version	Controller supported versions	Rental Server Versions supported	Versions supported for MSE	Release date	Upgrade took in charge of	Operating system requirement
7.0.172.0	7.0.116.0 7.0.98.218 7.0.98.0 6.0.202.0 6.0.199.4 6.0.196.0 6.0.188.0 6.0.182.0 6.0.108.0 5.2.193.0 5.2.178.0 5.2.157.0 4.2.209.0 4.2.207.0 4.2.205.0 4.2.176.0 4.2.173.0 4.2.130.0 4.2.112.0 4.2.99.0 4.2.61.0	6.0.202.0	7.0.201.0	April 2011	7.0.164.3 7.0.164.0 6.0.202.0 6.0.196.0 6.0.181.0 6.0.170.0 6.0.132.0 5.2.148.0 5.2.130.0 5.2.125.0 5.2.110.0	Windows 2003 SP2 32-bit RHEL 5.x Windows / RHEL on ESX 3.0.1 and above No support for 64-bit
7.0.164.3	7.0.98.0 6.0.202.0 6.0.199.4 6.0.196.0 6.0.188.0 6.0.182.0 6.0.108.0 5.2.193.0 5.2.178.0 5.2.157.0 4.2.209.0 4.2.207.0 4.2.205.0 4.2.176.0 4.2.173.0 4.2.130.0 4.2.112.0 4.2.99.0 4.2.61.0	6.0.103.0	7.0.105.0	December 2010	7.0.164.0 6.0.196.0 6.0.181.0 6.0.170.0 6.0.132.0 5.2.148.0 5.2.130.0 5.2.125.0 5.2.110.0	Windows 2003 SP2 32-bit RHEL 5.x Windows / RHEL on ESX 3.0.1 and above No support for 64-bit
7.0.164.0	7.0.98.0 6.0.202.0 6.0.199.4 6.0.196.0 6.0.188.0 6.0.182.0 6.0.108.0 5.2.193.0 5.2.178.0 5.2.157.0 4.2.209.0 4.2.207.0 4.2.205.0 4.2.176.0 4.2.173.0 4.2.130.0 4.2.112.0 4.2.99.0 4.2.61.0	6.0.103.0	7.0.105.0	June 2010	6.0.181.0 6.0.170.0 6.0.132.0 5.2.148.0 5.2.130.0 5.2.125.0 5.2.110.0	Windows 2003 SP2 32-bit RHEL 5.x Windows / RHEL on ESX 3.0.1 and above No support for 64-bit
6.0.202.0	6.0.202.0 6.0.199.4 6.0.199.0 (taken from EAC) 6.0.196.0 6.0.188.0 6.0.182.0 6.0.108.0

5.2.193.0
5.2.178.0
5.2.157.0
5.1.163.0
5.1.151.0
4.2.209.0
4.2.207.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0

6.0.202.0

April 2011

6.0.196.0
6.0.181.0
6.0.170.0
6.0.132.0
5.2.148.0
5.2.130.0
5.2.125.0
5.2.110.0
5.1.65.4
5.1.64.0
4.2.128.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0

Windows 2003 SP2 32-bit

RHEL 5.x

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

6.0.196.0

6.0.199.4
6.0.199.0 (taken from EAC)
6.0.196.0
6.0.188.0
6.0.182.0
6.0.108.0
5.2.193.0
5.2.178.0
5.2.157.0
5.1.163.0
5.1.151.0
4.2.209.0
4.2.207.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0

6.0.102.0

6.0.105.0

July 15, 2010

6.0.181.0
6.0.170.0
6.0.132.0
5.2.148.0
5.2.130.0
5.2.125.0
5.2.110.0
5.1.65.4
5.1.64.0
4.2.128.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0

Windows 2003 SP2 32-bit

RHEL 5.x

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

6.0.181.0

6.0.196.0
6.0.188.0
6.0.182.0
6.0.108.0
5.2.193.0
5.2.178.0
5.2.157.0
5.1.163.0
5.1.151.0
4.2.207.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0

6.0.101.0

6.0.103.0

February 17, 2010

6.0.170.0
6.0.132.0
5.2.148.0
5.2.130.0
5.2.125.0
5.2.110.0
5.1.65.4
5.1.64.0
4.2.128.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0

Windows 2003 SP2 32-bit

RHEL 5.x

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

6.0.170.0

6.0.188.0
6.0.182.0
6.0.108.0
5.2.193.0
5.2.178.0
5.2.157.0
5.1.163.0
5.1.151.0
4.2.207.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0

6.0.97.0

November 8, 2009

6.0.132.0
5.2.148.0
5.2.130.0
5.2.125.0
5.2.110.0
5.1.65.4
5.1.64.0
4.2.128.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0

Windows 2003 SP2 32-bit

RHEL 5.x

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

6.0.132.0

6.0.182.0
6.0.108.0
5.2.178.0
5.2.157.0
5.1.163.0
5.1.151.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0

6.0.85.0

June 11, 2009

5.2.130.0
5.2.125.0
5.2.110.0
5.1.65.4
5.1.64.0
4.2.128.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0

Windows 2003 SP2 32-bit

RHEL 5.x

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

5.2.148.0

5.2.193.0
5.2.178.0
5.2.157.0
5.1.151.0
5.0.148.2
5.0.148.0
4.2.207.0
4.2.205.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0

5.2.100.0

June 25, 2009

5.2.130.0
5.2.125.0
5.2.110.0
5.1.65.4
5.1.64.0
5.0.72.0
5.0.56.2
5.0.56.0
4.2.128.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0

Windows 2003 SP2 32-bit

RHEL 5.x

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

5.2.130.0

5.2.178.0
5.2.157.0
5.1.151.0
5.0.148.2
5.0.148.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0

5.2.91.0

February 21, 2009

5.2.125.0
5.2.110.0
5.1.65.4
5.1.64.0
5.0.72.0
5.0.56.2
5.0.56.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0

Windows 2003 SP2 32-bit

RHEL 5.x

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

5.2.125.0

5.2.178.0
5.2.157.0
5.1.151.0
5.0.148.2
5.0.148.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0

5.2.91.0

February 10, 2009

5.2.110.0
5.1.65.4
5.1.64.0
5.0.72.0
5.0.56.2
5.0.56.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0

Windows 2003 SP2 32-bit

RHEL 5.x

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

5.2.110.0

5.2.157.0
5.1.151.0
5.0.148.2
5.0.148.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0

5.2.91.0

November 24, 2008

5.1.64.0
5.0.72.0
5.0.56.2
5.0.56.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0

Windows 2003 SP2 32-bit

RHEL 5.1

RHEL 5.0

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

5.1.65.4

5.1.163.0
5.1.151.0
5.0.148.2
5.0.148.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0

5.1.35.0

January 9, 2009

5.1.64.0
5.0.72.0
5.0.56.2
5.0.56.0
4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0

Windows 2003 SP2 32-bit

RHEL 5.x

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

5.1.64.0

5.1.151.0
5.0.148.2
5.0.148.0
4.2.176.0
4.2.173.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0

5.1.30.0

July 21, 2008

5.0.56.2
5.0.56.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0

Windows 2003 SP2 32-bit

RHEL 5.1

RHEL 5.0

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

5.0.72.0

5.0.148.2
5.0.148.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0
4.1.185.0
4.1.171.0

4.0.38.0

Does not apply

August 5, 2008

5.0.56.2
5.0.56.0
4.2.62.11
4.2.62.0
4.1.91.0
4.1.83.0

Windows 2003 SP2 32-bit

RHEL 5.1

RHEL 5.0

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

5.0.56.2

5.0.148.0
4.2.61.0
4.1.x.x

4.0.33.0

Does not apply

April 14, 2008

5.0.56.0
4.2.62.11
4.2.62.0
4.1.91.0
4.1.83.0

Windows 2003 SP2 32-bit

RHEL 5.0

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

5.0.56.0

5.0.148.0
4.2.61.0
4.1.x.x

4.0.32.0

Does not apply

February 16, 2008

4.2.62.11
4.2.62.0
4.1.91.0
4.1.83.0

Windows 2003 SP2 32-bit

RHEL 5.0

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

4.2.128.0

4.2.207.0
4.2.205.0
4.2.176.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0
4.1.185.0
4.1.171.0
4.0.216.0
4.0.206.0
4.0.179.11
4.0.179.8
4.0.155.0

3.1.43.0

Does not apply

May 13, 2009

4.2.110.0
4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0
4.1.91.0
4.1.83.0
4.0.100.0
4.0.97.0
4.0.96.0
4.0.87.0
4.0.81.0
4.0.66.0

Windows 2003 SP2 32-bit

RHEL 4.0

RHEL 5.0 (No. 5.1 and later supported)

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

4.2.110.0

4.2.176.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0
4.1.185.0
4.1.171.0
4.0.216.0
4.0.206.0
4.0.179.11
4.0.179.8
4.0.155.0

3.1.42.0

Does not apply

29 sep 2008

4.2.97.0
4.2.81.0
4.2.62.11
4.2.62.0
4.1.91.0
4.1.83.0
4.0.100.0
4.0.97.0
4.0.96.0
4.0.87.0
4.0.81.0
4.0.66.0

Windows 2003 SP2 32-bit

RHEL 4.0

RHEL 5.0

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

4.2.97.0

4.2.176.0
4.2.130.0
4.2.112.0
4.2.99.0
4.2.61.0
4.1.185.0
4.1.171.0
4.0.216.0
4.0.206.0
4.0.179.11
4.0.179.8
4.0.155.0

3.1.38.0

Does not apply

June 3, 2008

4.2.81.0
4.2.62.11
4.2.62.0
4.1.91.0
4.1.83.0
4.0.100.0
4.0.97.0
4.0.96.0
4.0.87.0
4.0.81.0
4.0.66.0

Windows 2003 SP2 32-bit

RHEL 4.0

RHEL 5.0

Windows/RHEL on ESX 3.0.1 and above

No support for 64-bit

4.2.81.0

4.2.99.0
4.2.61.0
4.1.185.0
4.1.171.0
4.0.216.0
4.0.206.0
4.0.179.11
4.0.179.8
4.0.155.0

3.1.36.0

Does not apply

March 17, 2008

4.2.62.11
4.2.62.0
4.1.91.0
4.1.83.0
4.0.100.0
4.0.97.0
4.0.96.0
4.0.87.0
4.0.81.0
4.0.66.0

Windows 2003 SP2 32-bit

RHEL 4.0

RHEL 5.0

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

4.2.62.11

4.2.61.0
4.1.185.0
4.1.171.0
4.0.216.0
4.0.206.0
4.0.179.11
4.0.179.8
4.0.155.0

3.1.35.0

Does not apply

January 25, 2008

4.2.62.0
4.1.91.0
4.1.83.0
4.0.100.0
4.0.97.0
4.0.96.0
4.0.87.0
4.0.81.0
4.0.66.0

Windows 2003 SP2 32-bit

RHEL 4.0 update 5

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

4.2.62.0

4.2.61.0
4.1.185.0
4.1.171.0
4.0.216.0
4.0.206.0
4.0.179.11
4.0.179.8
4.0.155.0

3.1.35.0

Does not apply

November 9, 2007

4.1.91.0
4.1.83.0
4.0.100.0
4.0.97.0
4.0.96.0
4.0.87.0
4.0.81.0
4.0.66.0

Windows 2003 SP2 32-bit

RHEL 4.0 update 5

Windows / RHEL on ESX 3.0.1 and above

No support for 64-bit

http://www.Cisco.com/en/us/docs/wireless/WCS/release/notes/WCS_RN7_0_172.html

See you soon!

Rob

PS: + 5 to my friend Leo with the invisible stars

ACS 4.1 compatible with WLC 6.0.196.0

Hello

I have to upgrade our WLC4404s from version 4.2.207.0 to 6.0.196.0 so that our new 1142N APs are supported. Is someone can you please tell me if I am required to upgrade to Cisco Secure ACS version 4.1 and 4.2 to stay compatible (Windows) Please?

The WLC 6.0.196.0 notes publication to State "this product has been tested with CiscoSecure ACS 4.2 and later and works with any RFC-compliant RADIUS server."

Thank you

Brodie

An upgrade is not required for the current features continue to work. You only need to upgrade to 4.2 improvements. 4.1 conforms to the RFC.

Authentication Radius ACS with WLC 5508 and AD 2012 5.5 failure

Hello

I need help on these errors.

Here is my configuration: WLC 5508 7.6.130.0-> ACS 5.5.0.46-> AD 2012

I have (2) errors in ACS 5.5

12514 EAP - TLS failed SSL/TLS handshake because of unknown CA in the client certificate chain

22044 result of identity politics is configured for certificate-based authentication methods but based received password

Already installed the CA cert and cert local in ACS as well as in the client PC.

Please see screenshots

OK, in this case:

1. you will need to properly configure the Windows pleading before that this can work. You need to set the type of authentication and the trusted certification authority. If the certification authority is not available in the list of certificates, you need to import

2. If you do PEAP then your identity store should be Active Directory and no profile authentication certificate. The certificate authentication profile is used for the basis of certificates (EAP - TLS) authentication.

Thank you for evaluating useful messages!

ACS 4.2 Remote agent compatibility issues.

I did a little reading on the compatibility of remote ACS 4.2 with Windows 2008 R2 agent, and it seems that the only way out is to upgrade the ACS to 5.2. We have Cisco ACS 4.2 SE and I would like someone to confirm that I have installed what happens if the remote agent on a Windows 2003 server of Member rather than the 2008 R2 domain controller. Such a scenario will work?

Comments are appreciated.

Concerning

Yes, here's what a bug documented with this CSCtg37183 information:

http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg37183

Excerpt from the previous link:

ACS 4.x does not support the Server 2008 R2 to AD.

Symptom:

ACS 4.x does not support authentication to a back-end Server 2008 R2 Active Directory.

Conditions:

ACS 4.x
Windows Server 2008 R2 installed on the domain controller
ACS or remote agent installed on a member server in the environment (even if the Server 2003/2008)

Workaround solution:

Install the ACS or the Remote Agent on a domain controller 2003/2008

Cisco does not support this scenario because sometimes work well other doesn't work at all, so nobody wants an unstable network right, unfortunately workaround doesn't help much. Although there is an ACS 5.2 trial version that you can test, let me know if I can get you the links.

WLC with ACS 5.1 (RADIUS) for management * AND * Network users

Hello

I have authentication RADIUS of installation for the users of the network AND management on my NM - WLC (5.2 ongoing execution) against ACS 5.1

My Question is:-

For users to log in to Admin, I need to come back "Service-Type = Administrative - User" in order to make it work.

Because the ACS sees all applications from the same device (WLC) for Admin and network users,

the way I am currently treats it is by creating a filter based on the user name

Thus, users that contain 'admin' in their ID, use a set of

Network access policy authorization, who has an authorization associated with the attributes RADIUS profile.

Normal users have a ' network access policy authorization different rule ", with a different profile.

While this DOES WORK fine, still me I was wondering if there is a better way to do it, rather than create a rule

based on the user name.

I could use GANYMEDE + for the management, but I don't think that ACS allows the same client AAA (WLC) to use both protocols.

Thank you

I think it's something very common for things to do

You may notice that ACS 5 comes preinstalled with a selection policy of service that differentiates them the Protocol-based queries and orders or service 'Access to the network by default' or "Default Device Admin" out of the box

If you want only to RAY can either disable or delete the rule for applications of GANYMEDE + or not choose GANYMEDE + in the definitions of the unit

Cisco ACS 3.2 compatibility

We have a few servers ACS 3.2 old, legacy and soon-to-be-replaced-with-5.1. One of them had some serious problems and must be rebuilt.

The current operating system is Win2k. We were going to upgrade the OS to 2003 while he was down. Are there problems of compatibility with 3.2 and 2003? Anyone had any success is 3.2 to run on this?

Thank you

Hello

ACS 3.2 on Windows 2003 has never been tested, so we don't know whether or not you will encounter problems with 3.2 on 2003. I see a problem that you might encounter where the GANYMEDE + and RADIUS services may not start automatically after a reboot and will have to be started manually:

CSCsb81671 : services CSTacacs and CSRadius do not start with Windows 2003

I personally would stick with Windows 2000 for ACS 3.2 since you are migrating out of these servers soon anyway.

-Jesse

ACS 5.1 integration with WLC

Hello

can someone help me find a document for ACS 5.1 appliance, integration GANYMEDE + (configuration) with my WLC. configuration of RADIUS also for clients.

all configuration of wireless controller shows only acs 4.x integration.

Thanks in advance

Hello

There is unfortunately no official configuration example for this right now.
Haowever, you can view these screenshots I took an example of laboratory, to set up the profile of shell and pass it back due to the authorization rule.

Hope this helps,

Fede

--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

ACS 5.0 - WLC could not authenticate

Salvation of the Forumers

My script is

1 using the microsoft AD running on window 2008, use ad server to perform authentication of identity

2. I let successfully the ACS 5.0 device link and join the domain created on the AD server.

3. I have also set up on WLC 2100 series with the right key on pre-shared, server IP RADIUS (which is my ACS appliance IP)

Problem statement:

1. try to access the network Journal ACS showing the error log 'Unknow CA, a no authentication'. (I know I'm missing to place certificate for EAP protocol somehow...)

Question:

1. to solve this problem, I can generate self-signed certificate ACS, then let the WLC import the certificate self-signed GBA?

(so EAPoW challenge can happen as ACS and WLC are reciprocal trust, which, in my view, ACS simply use the user of the AD, so in this cse ACS database is the authentication server and WLC is the authenticator and my AP / user's begging him, am I rite?)

can I not like it? Appreciate all feedback and response!

2. If we are not my thought, can you please suggest me a solution (my requirement, it is not using any third party trusted agent certificate)

Thank you

Noel

Hi Noel,

If I can update your list, the components must be the following:

-ACS authentication server =

-WLC = authenticator

-wireless client = client

Use of certificates for EAP authentication between client wireless and ACS (devices performing the EAP authentication): the WLC check all ACS certificate.

You can certainly create a self-signed certificate on ACS for PEAP for example working.

On the client, you must then either not to validate a server certificate or to import GBA self-signed certificate as a CA certificate root to trust the self-signed certificate ACS itself when sent by ACS during the configuration of the PEAP TLS tunnel.

One final note, for WLC working with ACS 5.0, please make sure you are on the patch
5.0.0.21.6 or later

http://www.Cisco.com/cgi-bin/tablebuild.pl/acs5_patches

in order to avoid the known bug CSCsy17858

http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsy17858

Kind regards

Fede

--

If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

WLC 4400 w/o ACS home page

I administer a network comprising 11 APs, ASA 5510, 4402 WLC and 1760 router wireless.

The network share an internet connection to all guests free of charge so I did not need authorization.

I want to implement a cover page which would have shown to all clients when they connect first. The start page is suppoused have only the basic information on the service provided and no logon.

Is it possible to do without buying an ACS?

Thank you for your help.

Hello!

Yes, if you do not need authentication (which would require to define users locally on the WLC or by using a RADIUS external.. like ACS server), you can directly activate Web Auth Passthrough on the WLC.

Check out this example config:

http://www.Cisco.com/en/us/products/ps6366/products_configuration_example09186a00809bdb5f.shtml

In any case, this thread should better go to the wireless community if ACS does not participate.

I hope this helps!

Kind regards

Federico

--
If this answers your question please mark the question as "answered" and write it down, so other users can easily find it.

ACS RADIUS timeout with WLC 7.0 5.0

Hi guys,.

I'm setting up a device Cisco Secure ACS 1120 running 5.0.0.21 ACS to manage the RADIUS of a Cisco WLC 5508 device query running the 7.0.116.0 version.
- These devices have open communication on all ports - no firewall or ACL
- they have successful ping communication
The following statements illustrate some but not all debugging I did to make sure that each device works properly in isolation.
- Using the simple windows (radserv2.exe) instead of the Cisco ACS RADIUS server
  - This works and the WLC gets answer my fortune Server RADIUS
- Using a simple windows EAP client to query the ACS using the RADIUS protocol
  - This works and the FAC processes the RADIUS request and sends a response
- Placed a customer wireshark on the network to inspect the time-out.
  - Wireshark saves the package to the WLC for GBA using port 1812 but does not see responses to GBA package
At the moment I have the
1. WLC accepting wireless client association and
2. sending the query RADIUS (EAP - TLS, PEAP and EAP-FAST) for GBA,
3. the WLC receives no answer and generates a timeout message and separates the client.
  1. Note this is not a rejection or a similar message, the simple ACS does not even the package. i.e. There is absolutely nothing in the logs of ACS to suggest that he had even received a package of radius of the WLC.
In summary the WLC and GBA properly operate independently, but they do not communicate via radius.

Any help appreciated thanks

It seems that you use ACS 5.0 without tasks.

For your information, the version of the product is now up to 5.2 and 5.3 ACS should soon be released

I recall there was a problem with ACS 5.0 with WLC operations that has been resolved in patch for 5.0

I'm not sure of the specific CDETS but can be:

CSCsy17858 Any manipulation of Tunnel-Type & Tunnel-Client-Endpoint uploading incorrect

ACS 5.0 has a rollup with all the patches being accumulated approach

My recommendation would be to download the patch 8 for ACS 5.0: 5.0.0.21.8

Patch can be downloaded from CEC

To install a patch set a repository on ACS (cumulative patches are larger than 32 MB, you can not use TFTP to it), copy the patch file in the repository, click ACS CLI:

# acs patch installs repository

ACS | WLC compatibility

Similar Questions

Configuring settings for all RADIUS servers

Maybe you are looking for