Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
4
Helpful
8
Replies

New WIFI SSID not working over new WLAN Interface(WLC - AIR-CT2504-K9)

makarand17zx
Level 1
Level 1

‎12-11-2023 07:29 AM

Hi Team,

We are trying to create new SSID on WLC 2504- name Test WLAN over new WLAN interface using VLAN 2. It is having [WPA2][AUTH (802.1X)] using Radius server as NPS. When user are trying to connect this new SSID, Authentication getting failed. 

thanks

Mak

Labels:
Preview file
11 KB
0 Helpful
8 Replies 8

xZamalek
Level 1
Level 1

‎12-11-2023 07:33 AM

From the screenshot you provided , the SSID is not enabled , so enable it and it will work.

0 Helpful

makarand17zx
Level 1
Level 1
In response to xZamalek

‎12-11-2023 01:58 PM

No, it is temporarily disabled

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎12-11-2023 07:33 AM

I see that SSId not enabled as per the screenshot

what is the Error user getting, what Logs you see on NPS Wifi ?

is there any other SSID working same NPS Server ?

Do you debug on WLC with MAC address see what is wrong ( also post the logs here ?)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

makarand17zx
Level 1
Level 1
In response to balaji.bandi

‎12-11-2023 02:03 PM

Yes, we do have other SSID working same NPS Server, it is vlan 1 on swich and as untagged vlan on WLC.

We running out of DHCP scope for that existing vlan 1 hence we are creating new SSID with new VLAN 2

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to makarand17zx

‎12-11-2023 02:16 PM - edited ‎12-11-2023 02:18 PM

Running out of DHCP, you can implement interface groups so that your one SSID can utilize the existing and a new interface.

Take a look at this link for reference:

https://mrncciew.com/2013/02/27/configuring-dynamic-interfaces-on-wlc/

-Scott
*** Please rate helpful posts ***

makarand17zx
Level 1
Level 1
In response to balaji.bandi

‎12-11-2023 02:31 PM

debugs log

*radiusTransportThread: Nov 16 13:00:13.826: d4:3b:04:31:d3:f5 Max servers (tried 1) retransmission of Access-Request (id 237) to 192.168.52.23 (port 1812, qid 5) reached for mobile d4:3b:04:31:d3:f5. message retransmit cnt 6, server
*radiusTransportThread: Nov 16 13:00:13.826: d4:3b:04:31:d3:f5 [Error] Client requested no retries for mobile D4:3B:04:31:D3:F5 
*radiusTransportThread: Nov 16 13:00:13.826: d4:3b:04:31:d3:f5 Returning AAA Error 'Timeout' (-5) for mobile d4:3b:04:31:d3:f5

*osapiBsnTimer: Nov 16 13:00:32.769: d4:3b:04:31:d3:f5 802.1x 'txWhen' Timer expired for station d4:3b:04:31:d3:f5 and for message = M0

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to makarand17zx

‎12-11-2023 02:51 PM

What does the NPS log show?  I'm assuming that the existing SSID that is working with NPS is identical to the new SSID you are testing with?  Is there something in the policy on NPS that is failing, maybe you are using called-station-id?  Try to provide some screen shots or else its just very hard to figure out what is wrong.

-Scott
*** Please rate helpful posts ***
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎12-11-2023 07:33 AM

You need to provide more information.  802.1x has many varieties along with how you configure radius.  You need to provide how the clients are configured and how your radio policies are defined.  Also make sure that the clients trust the certificate of the NPS server to start with.  The logs from NPS should help you understand where to begin your troubleshooting.

-Scott
*** Please rate helpful posts ***
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card