INTEL WIRELESS
Wired Stuff
WiFi Tablet Corner
My80211 White Papers (Coming Soon!)

Cisco Wireless Compatibility Matrix (Nov. 2011)

Podcasts / Videos

My80211 Videos

Cisco: 802 11 frames with Cisco VIP George Stefanick

Fluke Networks: Minimize Wi Fi Network Downtime

Aruba: Packets never lie: An in-depth overview of 802.11 frames

ATM15 Ten Talk “Wifi drivers and devices”

Houston Methodist Innovates with Wireless Technology

Bruce Frederick Antennas (1/2)

 

Bruce Frederick dB,dBi,dBd (2/2)

Cisco AP Group Nugget

Social Links
Revolution WiFi Capacity Planner

Anchor / Office Extends Ports

 

Peek Inside Cisco's Gear

See inside Cisco's latest wireless gear!

2.4 GHz Channel Overlap

EXAMPLE 1  

EXAMPLE 2

EXAMPLE 3  

CWSP RELEASE DATE 2/08/2010
  • CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    by David D. Coleman, David A. Westcott, Bryan E. Harkins, Shawn M. Jackman

    Shawn Jackman (Jack) CWNE#54 is a personal friend and has been a mentor to me for many years.  I've had the pleasure and opportunity to work with Jack for 4 years. Jack is a great teacher who takes complex 802.11 standards and breaks them down so almost anyone can understand the concept at hand. I'm excited for you brother. Great job and job well done! Put another notch in the belt!

IEEE 802.11a/g/n Reference Sheet

 

LWAPP QoS Packet Tagging

 

 

Interference Types

BLUETOOTH
 

Microwave Oven
 

Cordless Phone

JAMMER!
 

« MetaGeek - Gestalt IT Wireless Tech Field Day | Main | End-of-Sale and End-of-Life Announcement for the Cisco 3350 Mobility Services Engine »
Saturday
Mar192011

CISCO ACS 5.x RADIUS EAP-PEAP MS-CHAPv2 BUG WITH A “BIG BITE”: CSCth66302

If you are using Cisco ACS 5.1 or 5.2 and you use EAP-PEAP with MSCHAP v2 you should be aware of bug CSCth66302. It’s nasty and could impact your wireless network.

If you leverage EAP-PEAP MS-CHAPv2 in your environment and you are using Cisco ACS version 5.1 or 5.2 you need to be aware of this bug!

The bug we hit was CSCth66302 and it wasn’t pretty. As wireless clients attempted to authenticate the Cisco ACS responded with client failures, thus not authenticating the clients. When you looked at the ACS logs you would immediately see “Radius Authentication Request Rejected due to critical logging error”   in nice big red letters! When you looked at the WLC the logs showed all the EAP-PEAP clients failing authentication.

Interestingly enough, the Cisco WLC NEVER moved to the back up ACS, which was configured under the WLAN. Why? Because the local ACS sever (which was failing) still responded to the client via the WLC. As far as the WLC was concerned, the ACS responded and life was good!

 The Temporary Work Around from TAC

If you still get these messages the workaround is to restart ACS runtime service from the CLI:-

# acs stop runtime
# acs start runtime

Fix Coming in Release 5.3

Cisco TAC stated a fix will be released in ACS 5.3, which is yet to be released.

BUG Information 

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/release/notes/acs_52_rn.html  

 

CSCth66302

RADIUS authentication request rejected because of a critical logging error.

Symptom: Running stress PEAP MS-CHAPV2 against primary ACS machine fails with the following error message:

Radius Authentication Request Rejected due to critical logging error

Conditions: This problem occurs when there is a large deployment setup with one primary connected to seven secondary machines.

Workaround: None.

 

 

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments (4)

Hi George,

Always on top of things, thanks for sharing this issue with ACS !

-steve

March 19, 2011 | Unregistered CommenterSteve Williams

Thanks for the heads up.. I was about to install 5.2.x then read this and found out that 5.3 was available now so I searched the release notes and this bug is gone so I upgraded and am testing before I deploy.

December 28, 2011 | Unregistered CommenterJosiah Smith

Hi,

I am facing this issue in my WLC5508 ""aaa authentication failure for username:xxxx type:WLAN users "" , we have ACS 5.3 and LDAP scenario for users authentication..
most of the users are facing this issues ...pl help!

April 16, 2015 | Unregistered CommenterMitanshu

Hello, I wold post your question / problems on CSC - Cisco Support Community.

April 19, 2015 | Registered CommenterGeorge

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>