Customer configured portal authentication on
Agile-Controller that was also the radius server.
When trying to connect to the WLAN network using
portal authentication, the portal page was displayed correctly but after the
username and password was inserted the login would fail.
We have made a trace using the STA IP address and from the trace we found
that the authentication failure was due to shared-key mismatch.
Please note that:
The shared key is used to encrypt the password and generate the response
When exchanging authentication packets with a RADIUS server, the device
uses MD5 to encrypt important data such as the password to ensure security of
data transmission over the network. To ensure validity of both communication
parties, the device and RADIUS server must be configured with the same shared
We have configured the shared-key again on S5720 radius-server template
(that was working as AC) and on Agile Controller, but after the change the
authentication still failed.
We have checked configuration again and we noticed that the radius-server
shared-key was configured both globally and in the radius-server template.
radius-server configured globally has a high priority than radius-server
template, if we configure a global radius-server shared key and a template
shared key, the AC will send the globally configured one.
the command “radius-server ip-address 10.1.1.1 shared-key” from the global
we removed it the portal authentication was working.
Make sure that you have same shared key configured on both ends (Agile
Controller and Access Controller) and if both global and template radius shared
key is configured for same ip address please note that the globally configured
will take priority.