Did you debug this Mike? Seems I have the same problem. Could u solve it?
2013-11-23 13:49 GMT-02:00 Bastien Migette <bastien.mige...@gmail.com>: > Maybe the CoA ACK from WLC doesn't reach ISE ? Packet capture shoud solve > the mistery maybe. > > > 2013/11/6 Mike Rojas <mike_c...@hotmail.com> > >> >> >> ------------------------------ >> From: mike_c...@hotmail.com >> To: pio...@ipexpert.com >> Subject: RE: [OSL | CCIE_Security] ISE authentication for CWA and WLC >> Date: Wed, 6 Nov 2013 12:23:38 -0600 >> >> Hi Piotr; >> >> It says: >> Dynamic Authorization failed : 11213 No response received from Network >> Access >> Device<https://10.198.28.29/mntreport/servlet/GenericRedirector?command=submit&__requesttype=immediate&invokeSubmit=true&__executableName=/home/admin/Failure_Reason/Authentication_Failure_Code_Lookup.rptdesign&rptFailureReason=11213+No+response+received+from+Network+Access+Device&__locale=en_US&iportalID=QHLVSY&__masterpage=false&__newWindow=false> >> Network Device: >> GUEST_WLC<https://10.198.28.29/mntreport/servlet/GenericRedirector?command=submit&__requesttype=immediate&invokeSubmit=true&__executableName=/home/admin/Network_Device/Network_Device_Authentication_Summary.rptdesign&rptTimeRange=lastMonth&rptNetworkDevice=GUEST_WLC&rptProtocol=RADIUS&__locale=en_US&iportalID=QHLVSY&__masterpage=false&__newWindow=false> >> : >> 192.168.200.2<https://10.198.28.29/mntreport/servlet/GenericRedirector?command=submit&__requesttype=immediate&invokeSubmit=true&__executableName=/home/admin/Network_Device/Session_Status_Summary.rptdesign&rptNetworkDeviceIP=192.168.200.2&__locale=en_US&iportalID=QHLVSY&__masterpage=false&__newWindow=false> >> : >> >> However, the Wireless client is set to the corresponding Vlan, it gets an >> IP on the Employee subnet, and it goes to the employee interface on the >> WLC. >> >> Jan; >> >> That's part of the Lab and works like a charm everytime. When the user >> authenticate on the Guest portal, it does CoA and the new profile is being >> downloaded from the ISE (based on those credentials). Then a Java applet >> runs that changes the network parameters on the NIC and starts a new DHCP >> request for the Employee subnet. >> >> >> Mike. >> >> ------------------------------ >> Date: Wed, 6 Nov 2013 13:26:24 +0100 >> Subject: Re: [OSL | CCIE_Security] ISE authentication for CWA and WLC >> From: pio...@ipexpert.com >> To: mike_c...@hotmail.com >> >> Hi >> >> I don't recall any failed authentications following CWA. What is the >> failed message about? >> >> Regards, >> -- >> Piotr Kaluzny >> CCIE #25665 (Security), CCSP, CCNP >> Sr. Technical Instructor - IPexpert, Inc. >> URL: http://www.IPexpert.com >> >> ***Want to win a free iPad mini? Just follow us on >> Twitter<http://www.twitter.com/ipexpert>or "Like" our >> Facebook <http://www.facebook.com/ipexpert> page and be entered into a >> weekly drawing! >> <http://www.IPexpert.com> >> >> >> On Wed, Nov 6, 2013 at 2:58 AM, Mike Rojas <mike_c...@hotmail.com> wrote: >> >> Hi; >> >> I did the CWA for the wireless client and everything worked fine. The >> only thing weird is that I am seeing like 3 or 4 authentication successful >> and then a fail, but the CoA is being done correctly and the client is >> being re-assinged to the correct VLAN. >> >> Has anybody run into this behavior? Is it normal? >> >> Thanks! >> >> Mike. >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > > > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc > -- Bruno Silva Network Consultant Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified Arcsight Professional Certified - ACIA/ACSA
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
