Publication Date: 2018-05-16 | Views: 605 | Downloads: 0 | Author: t84075118 | Document ID: EKB1001590284
Customer configured portal authentication on Agile-Controller that was also the radius server.
When trying to connect to the WLAN network using portal authentication, the portal page was displayed correctly but after the username and password was inserted the login would fail.
We have made a trace using the STA IP address and from the trace we found that the authentication failure was due to shared-key mismatch.
Please note that:
The shared key is used to encrypt the password and generate the response authenticator.
When exchanging authentication packets with a RADIUS server, the device uses MD5 to encrypt important data such as the password to ensure security of data transmission over the network. To ensure validity of both communication parties, the device and RADIUS server must be configured with the same shared key.
We have configured the shared-key again on S5720 radius-server template (that was working as AC) and on Agile Controller, but after the change the authentication still failed.
We have checked configuration again and we noticed that the radius-server shared-key was configured both globally and in the radius-server template.
The radius-server configured globally has a high priority than radius-server template, if we configure a global radius-server shared key and a template shared key, the AC will send the globally configured one.
Remove the command “radius-server ip-address 10.1.1.1 shared-key” from the global configuration.
After we removed it the portal authentication was working.
Make sure that you have same shared key configured on both ends (Agile Controller and Access Controller) and if both global and template radius shared key is configured for same ip address please note that the globally configured will take priority.