802.1x with Cisco wireless controller

Mohammad H. Al Shami mshami at tagorg.com
Tue Apr 21 16:31:17 CEST 2015

Thanks for your suggestion Phil,

That's exactly what I did. I started from a fresh FreeRadius setup and reconfigured the controller from scratch. I back up every working step and when I fix something, I revert to the previous copy and make only the required changes, and back up again. I have an OpenWRT router authenticating against my FreeRadius server with no issues what so ever.

When trying to connect using the Cisco access controller 9 times out of 10 I get a "Can't connect to this network" error. With OpenWRT, it's working 100%.

I tried different configurations on the wireless controller with no luck. I followed the documentation, used the same options as the working SSID which uses the NPS, even tried toggling one option at a time. Both the WLC and the radius server are on the same subnet.

I would really appreciate it if you could share your configuration so I can check.

Thanks again

-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+mshami=tagorg.com at lists.freeradius.org] On Behalf Of Phil Mayers
Sent: Tuesday, April 21, 2015 5:17 PM
To: freeradius-users at lists.freeradius.org
Subject: Re: 802.1x with Cisco wireless controller

On 21/04/15 14:46, Mohammad H. Al Shami wrote:
> Thanks Matthew,
> My access controller is running version Can you share your 
> configuration files or at least point me to a place where I can look?
> My setup works once then fails for some time, works once then fails 
> for even more time. Clients can't join the wireless network so it's 
> not an issue if me looking at the log.

You're not being clear here.

We use Cisco WLC. There's no special magic - just set them up according to the docs and they'll do radius auth.

I'm not sure what:

Clients can't join the wireless network so it's not an issue if me looking at the log.


I suggest you blow away your WLC and radius configs and start from scratch. Start simple - put a single controller and radius server on the same subnet, configure basic WPA-Enterprise on the controller, start with the FreeRADIUS default configs and a single test user, work from there. Make small changes at each step, and check the configs into version control after each change is working.
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list