AP1142N dual RADIUS

Hi.
I apologize for my english.
I installed a set of AP1142N that should interview two RADIUS servers (some users on the first server and others on the second).
It seems that the AP interrogate only the first.
The NPS are on Windows 2008 (not r2).
Here's the setup:
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname XXXXXXXXXXXXX
aaa new-model
aaa group server radius rad_eap
server xxx.yyy.zzz.mmm auth-port 1645 acct-port 1646
server xxx.yyy.zzz.kkk auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
server xxx.yyy.zzz.mmm auth-port 1645 acct-port 1646
server xxx.yyy.zzz.kkk auth-port 1645 acct-port 1646
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius rad_eap1
server xxx.yyy.zzz.mmm auth-port 1645 acct-port 1646
server xxx.yyy.zzz.kkk auth-port 1645 acct-port 1646
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone +0100 1
ip domain name my.domain.local
ip name-server xxx.yyy.zzz.mmm
dot11 syslog
dot11 ssid TEST
   authentication open eap eap_methods1
   authentication network-eap eap_methods1
   guest-mode
   infrastructure-ssid
dot11 arp-cache
username Cisco privilege 15 password 7 *************************
username admin privilege 15 password 7 *************************
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode wep mandatory
ssid TEST
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption mode wep mandatory
ssid TEST
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address vvv.ccc.bbb.nnn 255.255.0.0
no ip route-cache
ip default-gateway vvv.ccc.bbb.nnj
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host xxx.yyy.zzz.mmm auth-port 1645 acct-port 1646 key 7 ******************************
radius-server host xxx.yyy.zzz.kkk auth-port 1645 acct-port 1646 key 7 ******************************
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
sntp server xxx.yyy.zzz.mmm
sntp broadcast client
end
What's wrong?
Tks
siland

It will use the first one as the primary and the second one as the secondary. It will not round robin. Even when using a WLC, it will use the one you set as primary until the primary cant be reached then it will try the secondary and so on.
Sent from Cisco Technical Support iPhone App

Similar Messages

802.1X Inaccessible Authentication Bypass

On a 4506-E switch with supervisor engine 6L-E running IOS version 12.2(54)SG1, the command to enable Inaccessible Authentication Bypass is not available. The interface configuration mode command is supposed to be "dot1x critical".
Has it changed to something else in this version of IOS?
The data sheet for the Cisco Catalyst 4500 Supervisor Engine 6L-E shows this feature is supported (see link below).
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps4324/data_sheet_c78-530856.html

Hello Prashant
Can you post the port configurations here ? have you configured the critical port, radius parameters etc, and does the switch recognize that the radius server is down ?
I think this is more to do with the design of the entire dot1x authentication.. I have tried this in labs and have had tough times, generating these scenarios.. we would hardly able to justify this feature on the network. I think it is highly advisible to have dual radius servers (or even more than 2), and configure the switches with standby radius servers.. I really wouldnt want my network enabled with 802.1x and having issues contacting the radius server.. even though we have options and solutions to overcome it, i wouldnt want too many complications on the 802.1x front..
Hope this helps.. all the best.. rate replies if found useful..
Raj

Dual-Stack LNS - ppp negotiation fails if no ipv6 prefix assigned by Radius

Hello,
We have an LNS (asr1k), dual-stack CPE and Radius server.
Everything works fine if both ipv4 and ipv6 prefix is assigned to CPE by Radius
If we set Radius server not to assign v6 prefix, we expect to build up an ipv4-only session over ppp.
This is not what happens. PPP negotiation fails with the following debug lines:
IPv6 DHCP_AAA: No authorization data from SSS
Vi2.2364 PPP DISC: Non-PPP hang up
some config parts of LNS:
no ipv6 source-route
ipv6 unicast-routing
ipv6 dhcp binding track ppp
ipv6 dhcp pool IPv6_DHCP_POOL
ipv6 dhcp pool POOL_DHCP_PD
ipv6 multicast-routing
ipv6 multicast rpf use-bgp
interface Virtual-Template99
mtu 1460
ip unnumbered Loopback0
ip tcp adjust-mss 1420
no logging event link-status
ipv6 enable
no ipv6 nd prefix framed-ipv6-prefix
no ipv6 nd ra suppress
ipv6 dhcp server POOL_DHCP_PD allow-hint
peer default ip address pool adslpool_1 adslpool_2
ppp max-configure 3
ppp authentication pap AAA_AUTHEN_PPP_noc3x
ppp authorization AAA_AUTHOR_NET_noc3x
ppp accounting AAA_ACCT_NET_noc3x
ppp ipcp address required
ppp ipcp address accept
ppp ipcp no-renegotiation send-termreq
ppp link reorders
ppp timeout retry 5
ppp timeout ncp 30
ppp timeout authentication 30
end
Can anyone help?
Regards,
Antal

Have opend a case with cisco. The solution for me is to put
no ipv6 dhcp ppp terminate
in to the global config.
Hope that helps anyone who has the same problem.

ISE 1.2.1 - RADIUS service down after Promoting Secondary PAN

Hi Experts,
I have currently a ISE deployment where I run a Dual Node construct (both 3495)
ISE-1: PAN (Primary), MNT (Secondary), PSN
ISE-2: PAN (Secondary), MNT (Primary), PSN
When ISE-1 fails and ISE-2 is promoted to Primary PAN then the services are restarted. This causes also the radius service to go down which causes a full RADIUS outage. Also if ISE-1 is online again and is re-promoted, also both ISE instances restart simultanious the services which includes the RADIUS service. Again full RADIUS outage.
A ISE service restart takes about 10-15 minutes.
Is this "workes as designed" or a bug? I think this behavior was different in ACS 5.X
Best Regards Michael

List of working (Y) and Non Working (N) if Primary PAP is down
Existing internal user radius auth : Y
Existing/New AD user radius auth : Y
Existing endpoint with no profile change : Y
Existing endpoint with profile change : Y
New endpoint learned via profiling : Y
Existing guest (LWA) : Y
Existing guest (CWA) : Y
Guest - Change Password : N (user must log in using old password)
Guest - AUP : Y (displayed for every login)
Guest - Max Failed Login Enforcement : N
New guest (Sponsored or Self-Registration) : N
Posture : Y
New Device Registration : N
Existing registered device : Y

How to change the color of radius for point features

Hi forum
When using the addPointFeature() in MapViewer, you can specify a double[] radius a parameter to get a circle drawn around the point. Problem is, this circle is always red, I can't find any way to change the color to black or other color.
Is there any way to do this? I'm looking for some way to add a circle "feature" like addPolygonFeature. I also tried to add define a marker circle style and add it to a PolygonFeature, but this doesn't seem to work. Any better way to do this?
Thanks,
Jacob

Hi Jacob,
what you have tried won't work. You are just rendering a marker on the center of the polygon coordinates. The corrdinates array must be the circle points, and the style should be a line style (if you want just to draw the circle border) or a fill (color for example) style.
// build coordinates with circle points
mv.addPolygonFeature(coordinates, 0, "line_style", null, null, true);
The number of points on the circle may depend on your zoomlevel, and will depend on your application.
There is another way to generate this circle, and you won't need to care about the circle points. You could try to use the sdo_geom.sdo_buffer to generate the circle around the point clicked. Basically you need to create a jdbc theme with a SQL statement having the buffer method. For example you can try this request using MapViewer web page and the demo data set.
<?xml version="1.0" standalone="yes"?>
<map_request
             title="Oracle LBS MAP"
             basemap="demo_map"
             datasource = "mvdemo"
             width="640"
             height="480"
             bgcolor="#a6cae0"
             antialiase="false"
             format="PNG_STREAM">
<center size="0.15">
     <geoFeature >
         <geometricProperty typeName="center">
             <Point srsName="SDO:8265">
                 <coordinates>-122.2615, 37.5266</coordinates>
             </Point>
         </geometricProperty>
     </geoFeature>
</center>
<themes>
    <theme name="theme1">
      <jdbc_query
         datasource="mvdemo"
         jdbc_srid="8265"
         spatial_column="geometry"
         render_style="C.RED"
         asis="true"
         >select sdo_geom.sdo_buffer(mdsys.sdo_geometry(2001, 8265,
                 mdsys.sdo_point_type(-122.2615, 37.5266,null),
                             null, null), 0.5 , 0.005,
       'unit=mile arc_tolerance=0.005') geometry from dual
      </jdbc_query>
     </theme>
</themes>
</map_request>Joao

WLC Applying cached RADIUS Override values for mobile

Hello!
We have a WiSM2 (version 7.4.110.0) with approx 200 APs. We are doing RADIUS authentication via a PacketFence backend. Everything usually works fine, but we are having an intermittent issue...
The WiSM2 gets its VLAN assignment for a client from the PacketFence server and does AAA override. If a client has not registered their device, go on one VLAN. Once they register, PacketFence disconnects them via RADIUS to the WiSM2, and then they should get their new VLAN assignment. This works fine in the majority of cases, but occasionally, after registering, the client disconnects and reconnects but is still put back on registration VLAN.
debug client mac shows this in the logs:
Applying cached RADIUS Override values for mobile 00:25:56:3d:f6:7b (caller pem_api.c:2210)
And I do not see the WiSM2 asking the PacketFence server for a VLAN assignment in the PacketFence logs.
Eventually, if the client stays disconnected long enough (5+ minutes), they can reconnect and get the proper VLAN assignment. I had previously opened a TAC about this, and they suggested a WiSM2 software upgrade and setting the Session Timeout on the WLAN to 900 seconds, which I did. This issue then disappeared for several weeks, but it has started happening again today (we saw it happen to about 15 clients throughout the day).
Anyone have any ideas on why this is happening, and how to stop the caching? Any thoughts would be greatly appreciated.
Here is the output from a show wlan of one of our WLANs we have seen this on:
WLAN Identifier.................................. 2
Profile Name..................................... BlitzNet
Network Name (SSID).............................. BlitzNet
Status........................................... Enabled
MAC Filtering.................................... Enabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Enabled
Network Admission Control
Client Profiling Status ....................... Disabled
   DHCP ......................................... Disabled
   HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 538
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 900 seconds
User Idle Timeout................................ 300 seconds
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... WISM2_SDC
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ blitznet
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream          Downstream
Average Data Rate................................   0                      0
Average Realtime Data Rate.......................   0                      0
Burst Data Rate..................................   0                      0
Burst Realtime Data Rate.........................   0                      0
Per-Client Rate Limits........................... Upstream          Downstream
Average Data Rate................................   0                      0
Average Realtime Data Rate.......................   0                      0
Burst Data Rate..................................   0                      0
Burst Realtime Data Rate.........................   0                      0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Drop
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ ipofradiusserver 1812
   Accounting.................................... Global Servers
      Interim Update............................. Disabled
   Dynamic Interface............................. Disabled
   Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security
   802.11 Authentication:........................ Open System
   FT Support.................................... Disabled
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Disabled
   WAPI.......................................... Disabled
   Wi-Fi Direct policy configured................ Disabled
   EAP-Passthrough............................... Disabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   FlexConnect Local Switching................... Disabled
   flexconnect Central Dhcp Flag................. Disabled
   flexconnect nat-pat Flag...................... Disabled
   flexconnect Dns Override Flag................. Disabled
   FlexConnect Vlan based Central Switching ..... Disabled
   FlexConnect Local Authentication.............. Disabled
   FlexConnect Learn IP Address.................. Disabled
   Client MFP.................................... Optional but inactive (WPA2 not configured)
   PMF........................................... Disabled
   PMF Association Comeback Time................. 1
   PMF SA Query RetryTimeout..................... 200
   Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID     IP Address            Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled

There is nothing in the RADIUS server logs. It is as if the WiSM2 does not talk to it for the 2nd request. The flow for a problem client is like this:
1. New client associates
2. WiSM asks RADIUS server for VLAN
3. RADIUS Server hasn't seen it, so it puts it on VLAN 84 (our registration VLAN)
4. Client goes through captive portal
5. RADIUS server sends disconnect client message to WiSM
6. Client disconnects, reconnects
7. WiSM2 puts it back on VLAN 84, when it should put it on a VLAN determined by the SSID. The WiSM2 never asks the RADIUS server for the VLAN again, until the client has stayed disconnected for 5+ minutes, and I see the message in the wism2 log that I wrote above.
In the vast majority of cases, step 7 works properly. That is, when the client reconnects, it asks the RADIUS server what VLAN to put it on (I see it in the RADIUS server logs). I see the second request come in, and the RADIUS server replies with appropriate VLAN for the SSID.
After they get their proper VLAN, this doesn't occur again. It is as if the RADIUS server caches the client's VLAN override attribute somewhere and uses that, rather than asking the RADIUS server.

VSS Catalyst 4500X-16 SFP+ / crashing on cat4500e-universalk9.SPA.03.05.03.E.152-1.E3.bin / radius / dot1x

Hi guys,
I am not sure if I am hitting IOS bug CSCtx61557
according to the bug tool this is the info:
crash after authc result 'success' from 'dot1x' for client (Unknown MAC)
CSCtx61557
Description
Symptoms: The switch crashes after logging "success" from "dot1x" for client
(Unknown MAC).
Conditions: The symptom is observed with the following conditions:
1. A switchport is configured with both of the following:
authentication event server dead action authorize...
authentication event server alive action reinitalize
2. The radius server was down previously, and a port without traffic (for
example: a hub with no devices attached) was authorized into the inaccessible
authentication bypass (IAB) VLAN without an associated MAC address.
3. The radius server becomes available again, and a dot1x client
attempts to authenticate.
Workaround: There is no workaround.
I am running the following IOS on my 4500X-16 SFP+:
cat4500e-universalk9.SPA.03.05.03.E.152-1.E3.bin
This is what I configured, and what happened:
HOSTNAME(config)#aaa group server radius rad_eap
HOSTNAME(config-sg-radius)# server name ACS1
HOSTNAME(config-sg-radius)# server name ACS2
HOSTNAME(config-sg-radius)# server name ACS3
HOSTNAME(config-sg-radius)#$ication login default group radius local
HOSTNAME(config)#aaa authentication login CONSOLE local
HOSTNAME(config)#aaa authentication enable default group radius enable
HOSTNAME(config)#aaa authentication ppp default local group radius
HOSTNAME(config)#aaa authentication dot1x default group radius
HOSTNAME(config)#aaa authorization exec default if-authenticated
HOSTNAME(config)#aaa authorization network default group radius
HOSTNAME(config)#aaa accounting update newinfo
HOSTNAME(config)#aaa accounting dot1x default start-stop group radius
HOSTNAME(config)#aaa accounting network default start-stop group
eption to IOS Thread:
Frame pointer 897BAE38, PC = 1C03EECC
IOSD-EXT-SIGNAL: Aborted(6), Process = Exec
-Traceback= 1#49176b00b95a50f3145e3825de17d470 c:1C008000+36ECC c:1C008000+3BE50 c:1C008000+3BF48 :1F679000+201A18C :1F679000+31CEE2C :1F679000+2C22958 :1F679000+2C293E4 :1F679000+1166260 :1F679000+2C3C20C
Fastpath Thread backtrace:
-Traceback= 1#49176b00b95a50f3145e3825de17d470 uld:1F224000+2DE8 uld:1F224000+2DE4 iosd_unix:1C3ED000+186A0 pthread:1AA69000+6450
Auxiliary Thread backtrace:
-Traceback= 1#49176b00b95a50f3145e3825de17d470 pthread:1AA69000+BB8C pthread:1AA69000+BB6C c:1C008000+F61E4 iosd_unix:1C3ED000+21270 pthread:1AA69000+6450
Buffered messages: (last 8192 bytes only)
6 left the port-channel Port radius
HOSTNAME(config)#aaa accounting system default start-stop group radius
HOSTNAME(config)#
HOSTNAME(config)#
HOSTNAME(config)#no authentication logging verbose
HOSTNAME(config)#
HOSTNAME(config)#
HOSTNAME(config)#login block-for 300 attempts 5 within 60
-channel1
*Aug 28 01:08:47.873 UTC: %C4K_IOSINTF-5-LMPHWSESSIONSTATE: Lmp HW session DOWN on slot 11 port 12.
*Aug 28 01:08:48.056 UTC: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 172.16.5.98 port 514 started - CLI initiated
*Aug 28 01:08:48.571 UTC: %FASTHELLO-2-FH_DOWN: Fast-Hello interface Te2/1/12 lost dual-active detection capability
*Aug 28 01:08:49.099 UTC: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.250.61 on interface Vlan250
*Aug 28 01:15:08.753 UTC: %C4K_IOSINTF-5-LMPHWSESSIONSTATE: Lmp HW session UP on slot 11 port 1.
*Aug 28 01:15:24.759 UTC: %VSLP-5-VSL_UP: Ready for control traffic
*Aug 28 01:15:27.760 UTC: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as ACTIVE by VSLP
*Aug 28 01:15:27.760 UTC: %EC-5-BUNDLE: Interface TenGigabitEthernet2/1/1 joined port-channel Port-channel2
*Aug 28 01:15:28.049 UTC: %C4K_REDUNDANCY-6-DUPLEX_M
<Thu Aug 28 01:18:32 2014> Message from sysmgr: Reason Code:[2] Reset Reason:Service [iosd] pid:[6813] terminated abnormally [6].
Details:
Service: IOSd service
Description: IOS daemon
Executable: /tmp/sw/mount/cat4500e-universalk9.SPA.152-1.E.pkg//usr/binos/bin/iosd
Started at Wed Aug 27 22:27:48 2014 (647795 us)
Stopped at Thu Aug 28 01:18:32 2014 (115506 us)
Uptime: 2 hours 50 minutes 44 seconds
Start type: SRV_OPTION_RESTART_STATELESS (23)
Death reason: SYSMGR_DEATH_REASON_FAILURE_SIGNAL (2)
Last heartbeat 0.00 secs ago
PID: 6813
Exit code: signal 6 (no core)
CWD: /var/sysmgr/work
PID: 6813
UUID: 512
FAILURE: syslogd shutdown
I had a ICMP ping going, and it was not affected, as the Standby VSS chassis kicked in and took over, while the previous active chassis reloaded.
2nd time it happened:
Now this time, I had waited until the previous active chassis was back up and running and came back up as Standby hot.
once again I pasted the same config, and bang, It happened a second time on the second chassis which was acting now as Active supervisor.
And once again, the ICMP continuous ping was not interrupted, as the other chassis remained up, while the "new" active crashed after configuring the same configs in a slight different order.
HOSTNAME(config)#radius server ACS2
HOSTNAME(config-radius-server)#$5.22 auth-port 1812 acct-port 1813
HOSTNAME(config-radius-server)# timeout 1
HOSTNAME(config-radius-server)# key 0 XXXX
HOSTNAME(config-radius-server)#!
HOSTNAME(config-radius-server)#radius server ACS3
HOSTNAME(config-radius-server)#$xxxx auth-port 1812 acct-port 1813
HOSTNAME(config-radius-server)# timeout 1
HOSTNAME(config-radius-server)# key 0 xxxxxxx
HOSTNAME(config-radius-server)#
HOSTNAME(config-radius-server)#aaa group server radius rad_eap
HOSTNAME(config-sg-radius)# server name XXXX
HOSTNAME(config-sg-radius)# server name XXXX
HOSTNAME(config-sg-radius)# server name XXXX
HOSTNAME(config-sg-radius)#
HOSTNAME(config-sg-radius)#
PER-3-S
Exception to IOS Thread:
Frame pointer 89455E38, PC = 1CC27ECC
IOSD-EXT-SIGNAL: Aborted(6), Process = Exec
-Traceback= 1#e495ba4f9346cc1496eecd01ebf1814a c:1CBF1000+36ECC c:1CBF1000+3BE50 c:1CBF1000+3BF48 :20276000+201B18C :20276000+31D0DA8 :20276000+2C24800 :20276000+2C2B28C :20276000+11671B0 :20276000+2C3E0B4
Fastpath Thread backtrace:
-Traceback= 1#e495ba4f9346cc1496eecd01ebf1814a iosd_unix:1CFD6000+1C230 iosd_unix:1CFD6000+1C284 iosd_unix:1CFD6000+18854 pthread:1B653000+6450
Auxiliary Thread backtrace:
-Traceback= 1#e495ba4f9346cc1496eecd01ebf1814a pthread:1B653000+BB8C pthread:1B653000+BB6C c:1CBF1000+F61E4 iosd_unix:1CFD6000+21270 pthread:1B653000+6450
Buffered messages: (last 8192 bytes only)
INTF-5-TRANSCEIVERINSERTED: Slot=11 Port=3: Transceiver hasW-9(config-sg-radius)#
HOSTNAME(config-sg-radius)#no authentication logging verbose
HOSTNAME(config)#
HOSTNAME(config)#
HOSTNAME(config)#login block-for 300 attempts 5 within 60
been inserted
*Aug 28 01:26:03.864 UTC: %C4K_IOSINTF-5-TRANSCEIVERINSERTED: Slot=11 Port=4: Transceiver has been inserted
*Aug 28 01:26:03.864 UTC: %C4K_IOSINTF-5-TRANSCEIVERINSERTED: Slot=11 Port=5: Transceiver has been inserted
*Aug 28 01:26:03.864 UTC: %C4K_IO
<Thu Aug 28 01:28:10 2014> Message from sysmgr: Reason Code:[2] Reset Reason:Service [iosd] pid:[6770] terminated abnormally [6].
Details:
Service: IOSd service
Description: IOS daemon
Executable: /tmp/sw/mount/cat4500e-universalk9.SPA.152-1.E3.pkg//usr/binos/bin/iosd
Started at Thu Aug 28 01:13:52 2014 (60006 us)
Stopped at Thu Aug 28 01:28:10 2014 (993041 us)
Uptime: 14 minutes 18 seconds
Start type: SRV_OPTION_RESTART_STATELESS (23)
Death reason: SYSMGR_DEATH_REASON_FAILURE_SIGNAL (2)
Last heartbeat 0.00 secs ago
PID: 6770
Exit code: signal 6 (no core)
CWD: /var/sysmgr/work
are these the symptoms related to CSCtx61557 ?
I have tested this in a test environment, where no ACS was reachable!
Thanks
Colin

Another update,
It seems not only the 4500X platform is affected, its also 4510R+E's:
WS-C4510R+E
WS-X45-SUP8-E
IOS-XE (cat4500es8-UNIVERSALK9-M), Version 03.03.01.XO
4510R+E#sh redundancy /| i    | i state
        Current Software state = ACTIVE
       Uptime in current state = 2 hours, 39 minutes
        Current Software state = STANDBY HOT
       Uptime in current state = 6 minutes
4510R+E(config)#login block-for 300 attempts 3 within 60
Exception to IOS Thread:
Frame pointer 8D104E28, PC = C9C0FF4
IOSD-EXT-SIGNAL: Aborted(6), Process = Exec
-Traceback= 1#9492282023e5ef761bd83af205155966 c:C98A000+36FF4 c:C98A000+3C2B0 c:C98A000+3C3A8 :10000000+201B994 :10000000+31CA4E4 :10000000+2C1DC54 :10000000+2C246E0 :10000000+116A3F0 :10000000+2C37508
Fastpath Thread backtrace:
-Traceback= 1#9492282023e5ef761bd83af205155966 c:C98A000+E29C0 c:C98A000+E29A0 iosd_unix:CD74000+1877C pthread:B3FE000+647C
Auxiliary Thread backtrace:
-Traceback= 1#9492282023e5ef761bd83af205155966 pthread:B3FE000+BBB4 pthread:B3FE000+BB94 c:C98A000+FA4E8 iosd_unix:CD74000+21270 pthread:B3FE000+647C
Buffered messages: (last 8192 bytes only)
at least one now can directly "redundancy failover" from config mode.....      :)

Cannot authenticate Radius via WLC

Trying to configure RADIUS client on Server 2012 using a 5508 series WLC. Getting the following debug on the WLC:
(Cisco Controller) >*dot1xMsgTask: Dec 13 12:43:19.695: 74:e5:43:5d:48:78 Not sending EAP-Failure for STA 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:25.523: 74:e5:43:5d:48:78 Association received from mobile on BSSID 0c:68:03:b8:60:47
*apfMsConnTask_7: Dec 13 12:43:25.523: 74:e5:43:5d:48:78 Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Dec 13 12:43:25.523: 74:e5:43:5d:48:78 Max Client Trap Threshold: 0 cur: 9
*apfMsConnTask_7: Dec 13 12:43:25.523: 74:e5:43:5d:48:78 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Dec 13 12:43:25.523: 74:e5:43:5d:48:78 Deleting client immediately since WLAN has changed
*apfMsConnTask_7: Dec 13 12:43:25.523: 74:e5:43:5d:48:78 Scheduling deletion of Mobile Station: (callerId: 50) in 1 seconds
*Dot1x_NW_MsgTask_0: Dec 13 12:43:25.550: 74:e5:43:5d:48:78 Ignoring any event(1), since client is marked for deletion
*osapiBsnTimer: Dec 13 12:43:26.494: 74:e5:43:5d:48:78 apfMsExpireCallback (apf_ms.c:615) Expiring Mobile!
*apfReceiveTask: Dec 13 12:43:26.494: 74:e5:43:5d:48:78 apfMsExpireMobileStation (apf_ms.c:5827) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:b8:60:40 from Associated to Disassociated
*apfReceiveTask: Dec 13 12:43:26.494: 74:e5:43:5d:48:78 apfMsAssoStateDec
*apfReceiveTask: Dec 13 12:43:26.494: 74:e5:43:5d:48:78 apfMsExpireMobileStation (apf_ms.c:5959) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:b8:60:40 from Disassociated to Idle
*apfReceiveTask: Dec 13 12:43:26.494: 74:e5:43:5d:48:78 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Dec 13 12:43:26.494: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Deleted mobile LWAPP rule on AP [0c:68:03:b8:60:40]
*apfReceiveTask: Dec 13 12:43:26.494: 74:e5:43:5d:48:78 Deleting mobile on AP 0c:68:03:b8:60:40(0)
*apfMsConnTask_7: Dec 13 12:43:31.820: 74:e5:43:5d:48:78 Adding mobile on LWAPP AP 0c:68:03:d7:c7:90(0)
*apfMsConnTask_7: Dec 13 12:43:31.820: 74:e5:43:5d:48:78 Reassociation received from mobile on BSSID 0c:68:03:d7:c7:97
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Max Client Trap Threshold: 0 cur: 3
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Re-applying interface policy for client
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2246)
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 In processSsidIE:4210 setting Central switched to TRUE
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 In processSsidIE:4213 apVapId = 8 and Split Acl Id = 65535
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Applying site-specific Local Bridging override for station 74:e5:43:5d:48:78 - vapId 8, site 'default-group', interface 'management'
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Applying Local Bridging Interface Policy for station 74:e5:43:5d:48:78 - vlan 219, interface id 0, interface 'management'
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 STA - rates (4): 130 132 139 150 0 0 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Processing RSN IE type 48, length 20 for mobile 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Received RSN IE with 0 PMKIDs from mobile 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Setting active key cache index 8 ---> 8
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 unsetting PmkIdValidatedByAp
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 0c:68:03:d7:c7:90 vapId 8 apVapId 8 flex-acl-name:
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 apfMsAssoStateInc
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 apfPemAddUser2 (apf_policy.c:276) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:d7:c7:90 from Idle to Associated
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 apfPemAddUser2:session timeout forstation 74:e5:43:5d:48:78 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 Sending Assoc Response to station on BSSID 0c:68:03:d7:c7:97 (status 0) ApVapId 8 Slot 0
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 apfProcessAssocReq (apf_80211.c:7399) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:d7:c7:90 from Associated to Associated
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 Updating AID for REAP AP Client 0c:68:03:d7:c7:90 - AID ===> 3
*dot1xMsgTask: Dec 13 12:43:31.825: 74:e5:43:5d:48:78 Station 74:e5:43:5d:48:78 setting dot1x reauth timeout = 1800
*dot1xMsgTask: Dec 13 12:43:31.825: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Connecting state
*dot1xMsgTask: Dec 13 12:43:31.825: 74:e5:43:5d:48:78 Sending EAP-Request/Identity to mobile 74:e5:43:5d:48:78 (EAP Id 1)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:31.831: 74:e5:43:5d:48:78 Received EAPOL START from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:31.831: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Connecting state
*Dot1x_NW_MsgTask_0: Dec 13 12:43:31.831: 74:e5:43:5d:48:78 Sending EAP-Request/Identity to mobile 74:e5:43:5d:48:78 (EAP Id 2)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.346: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.346: 74:e5:43:5d:48:78 Received Identity Response (count=2) from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.346: 74:e5:43:5d:48:78 EAP State update from Connecting to Authenticating for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.346: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Authenticating state
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.346: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.350: 74:e5:43:5d:48:78 Processing Access-Challenge for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.350: 74:e5:43:5d:48:78 Entering Backend Auth Req state (id=3) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.350: 74:e5:43:5d:48:78 Sending EAP Request from AAA to mobile 74:e5:43:5d:48:78 (EAP Id 3)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.358: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.358: 74:e5:43:5d:48:78 Received EAP Response from mobile 74:e5:43:5d:48:78 (EAP Id 3, EAP Type 25)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.358: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.360: 74:e5:43:5d:48:78 Processing Access-Challenge for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.360: 74:e5:43:5d:48:78 Entering Backend Auth Req state (id=4) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.360: 74:e5:43:5d:48:78 Sending EAP Request from AAA to mobile 74:e5:43:5d:48:78 (EAP Id 4)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.514: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.514: 74:e5:43:5d:48:78 Received EAP Response from mobile 74:e5:43:5d:48:78 (EAP Id 4, EAP Type 25)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.514: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.516: 74:e5:43:5d:48:78 Processing Access-Challenge for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.516: 74:e5:43:5d:48:78 Entering Backend Auth Req state (id=5) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.516: 74:e5:43:5d:48:78 Sending EAP Request from AAA to mobile 74:e5:43:5d:48:78 (EAP Id 5)
*apfMsConnTask_7: Dec 13 12:43:42.724: 74:e5:43:5d:48:78 Client stats update: Time now in sec 1386956622, Last Acct Msg Sent at 0 sec
*apfMsConnTask_7: Dec 13 12:43:42.724: 74:e5:43:5d:48:78 Requested to send acct interim update request msg to APF task for client 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:42.725: 74:e5:43:5d:48:78 Client stats update: Time now in sec 1386956622, Last Acct Msg Sent at 0 sec
*apfMsConnTask_7: Dec 13 12:43:42.725: 74:e5:43:5d:48:78 Requested to send acct interim update request msg to APF task for client 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:42.726: 74:e5:43:5d:48:78 Client stats update: Time now in sec 1386956622, Last Acct Msg Sent at 0 sec
*apfMsConnTask_7: Dec 13 12:43:42.726: 74:e5:43:5d:48:78 Requested to send acct interim update request msg to APF task for client 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:42.727: 74:e5:43:5d:48:78 Association received from mobile on BSSID 0c:68:03:d7:c7:90
*apfMsConnTask_7: Dec 13 12:43:42.727: 74:e5:43:5d:48:78 Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Dec 13 12:43:42.728: 74:e5:43:5d:48:78 Max Client Trap Threshold: 0 cur: 4
*apfMsConnTask_7: Dec 13 12:43:42.728: 74:e5:43:5d:48:78 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Dec 13 12:43:42.728: 74:e5:43:5d:48:78 Deleting client immediately since WLAN has changed
*apfMsConnTask_7: Dec 13 12:43:42.728: 74:e5:43:5d:48:78 Scheduling deletion of Mobile Station: (callerId: 50) in 1 seconds
*apfMsConnTask_7: Dec 13 12:43:42.731: 74:e5:43:5d:48:78 Client stats update: Time now in sec 1386956622, Last Acct Msg Sent at 0 sec
*apfMsConnTask_7: Dec 13 12:43:42.731: 74:e5:43:5d:48:78 Requested to send acct interim update request msg to APF task for client 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:42.744: 74:e5:43:5d:48:78 Ignoring any event(1), since client is marked for deletion
*osapiBsnTimer: Dec 13 12:43:43.694: 74:e5:43:5d:48:78 apfMsExpireCallback (apf_ms.c:615) Expiring Mobile!
*apfReceiveTask: Dec 13 12:43:43.694: 74:e5:43:5d:48:78 apfMsExpireMobileStation (apf_ms.c:5827) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:d7:c7:90 from Associated to Disassociated
*apfReceiveTask: Dec 13 12:43:43.694: 74:e5:43:5d:48:78 apfMsAssoStateDec
*apfReceiveTask: Dec 13 12:43:43.694: 74:e5:43:5d:48:78 apfMsExpireMobileStation (apf_ms.c:5959) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:d7:c7:90 from Disassociated to Idle
*apfReceiveTask: Dec 13 12:43:43.694: 74:e5:43:5d:48:78 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Dec 13 12:43:43.695: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Deleted mobile LWAPP rule on AP [0c:68:03:d7:c7:90]
*apfReceiveTask: Dec 13 12:43:43.695: 74:e5:43:5d:48:78 Deleting mobile on AP 0c:68:03:d7:c7:90(0)
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Adding mobile on LWAPP AP 0c:68:03:b8:60:40(0)
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Reassociation received from mobile on BSSID 0c:68:03:b8:60:40
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Max Client Trap Threshold: 0 cur: 9
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Re-applying interface policy for client
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2246)
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 In processSsidIE:4210 setting Central switched to TRUE
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 In processSsidIE:4213 apVapId = 1 and Split Acl Id = 65535
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Applying site-specific Local Bridging override for station 74:e5:43:5d:48:78 - vapId 1, site 'default-group', interface 'management'
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Applying Local Bridging Interface Policy for station 74:e5:43:5d:48:78 - vlan 219, interface id 0, interface 'management'
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 STA - rates (4): 130 132 139 150 0 0 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 Processing RSN IE type 48, length 20 for mobile 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 Received RSN IE with 0 PMKIDs from mobile 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 Setting active key cache index 8 ---> 8
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 unsetting PmkIdValidatedByAp
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 0c:68:03:b8:60:40 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 apfMsAssoStateInc
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 apfPemAddUser2 (apf_policy.c:276) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:b8:60:40 from Idle to Associated
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 apfPemAddUser2:session timeout forstation 74:e5:43:5d:48:78 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 Sending Assoc Response to station on BSSID 0c:68:03:b8:60:40 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 apfProcessAssocReq (apf_80211.c:7399) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:b8:60:40 from Associated to Associated
*apfMsConnTask_7: Dec 13 12:43:49.067: 74:e5:43:5d:48:78 Updating AID for REAP AP Client 0c:68:03:b8:60:40 - AID ===> 1
*dot1xMsgTask: Dec 13 12:43:49.068: 74:e5:43:5d:48:78 Station 74:e5:43:5d:48:78 setting dot1x reauth timeout = 1800
*dot1xMsgTask: Dec 13 12:43:49.068: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Connecting state
*dot1xMsgTask: Dec 13 12:43:49.068: 74:e5:43:5d:48:78 Sending EAP-Request/Identity to mobile 74:e5:43:5d:48:78 (EAP Id 1)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:49.075: 74:e5:43:5d:48:78 Received EAPOL START from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:49.076: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Connecting state
debug client 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:49.076: 74:e5:43:5d:48:78 Sending EAP-Request/Identity to mobile 74:e5:43:5d:48:78 (EAP Id 2)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:58.993: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:58.993: 74:e5:43:5d:48:78 Received Identity Response (count=2) from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:58.993: 74:e5:43:5d:48:78 EAP State update from Connecting to Authenticating for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:58.993: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Authenticating state
*Dot1x_NW_MsgTask_0: Dec 13 12:43:58.993: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.000: 74:e5:43:5d:48:78 Processing Access-Challenge for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.000: 74:e5:43:5d:48:78 Entering Backend Auth Req state (id=3) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.000: 74:e5:43:5d:48:78 Sending EAP Request from AAA to mobile 74:e5:43:5d:48:78 (EAP Id 3)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.007: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.007: 74:e5:43:5d:48:78 Received EAP Response from mobile 74:e5:43:5d:48:78 (EAP Id 3, EAP Type 25)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.007: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.010: 74:e5:43:5d:48:78 Processing Access-Challenge for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.010: 74:e5:43:5d:48:78 Entering Backend Auth Req state (id=4) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.010: 74:e5:43:5d:48:78 Sending EAP Request from AAA to mobile 74:e5:43:5d:48:78 (EAP Id 4)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.038: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.038: 74:e5:43:5d:48:78 Received EAP Response from mobile 74:e5:43:5d:48:78 (EAP Id 4, EAP Type 25)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.038: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.040: 74:e5:43:5d:48:78 Processing Access-Challenge for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.040: 74:e5:43:5d:48:78 Entering Backend Auth Req state (id=5) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.040: 74:e5:43:5d:48:78 Sending EAP Request from AAA to mobile 74:e5:43:5d:48:78 (EAP Id 5)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.069: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.070: 74:e5:43:5d:48:78 Received EAP Response from mobile 74:e5:43:5d:48:78 (EAP Id 5, EAP Type 25)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.070: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.071: 74:e5:43:5d:48:78 Processing Access-Challenge for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.071: 74:e5:43:5d:48:78 Entering Backend Auth Req state (id=6) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.071: 74:e5:43:5d:48:78 Sending EAP Request from AAA to mobile 74:e5:43:5d:48:78 (EAP Id 6)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.125: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.125: 74:e5:43:5d:48:78 Received EAP Response from mobile 74:e5:43:5d:48:78 (EAP Id 6, EAP Type 25)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.125: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.128: 74:e5:43:5d:48:78 Processing Access-Reject for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.128: 74:e5:43:5d:48:78 Removing PMK cache due to EAP-Failure for mobile 74:e5:43:5d:48:78 (EAP Id 6)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.128: 74:e5:43:5d:48:78 Sending EAP-Failure to mobile 74:e5:43:5d:48:78 (EAP Id 6)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.128: 74:e5:43:5d:48:78 Entering Backend Auth Failure state (id=6) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.128: 74:e5:43:5d:48:78 Setting quiet timer for 5 seconds for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.128: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Unknown state
*apfMsConnTask_7: Dec 13 12:44:00.651: 74:e5:43:5d:48:78 Client stats update: Time now in sec 1386956640, Last Acct Msg Sent at 0 sec
*apfMsConnTask_7: Dec 13 12:44:00.651: 74:e5:43:5d:48:78 Requested to send acct interim update request msg to APF task for client 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:44:00.659: 74:e5:43:5d:48:78 Client stats update: Time now in sec 1386956640, Last Acct Msg Sent at 0 sec
*apfMsConnTask_7: Dec 13 12:44:00.660: 74:e5:43:5d:48:78 Requested to send acct interim update request msg to APF task for client 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:44:00.660: 74:e5:43:5d:48:78 Association received from mobile on BSSID 0c:68:03:b8:60:40
*apfMsConnTask_7: Dec 13 12:44:00.660: 74:e5:43:5d:48:78 Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Dec 13 12:44:00.660: 74:e5:43:5d:48:78 Max Client Trap Threshold: 0 cur: 10
*apfMsConnTask_7: Dec 13 12:44:00.660: 74:e5:43:5d:48:78 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Dec 13 12:44:00.660: 74:e5:43:5d:48:78 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 219
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 Re-applying interface policy for client
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2246)
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 In processSsidIE:4210 setting Central switched to TRUE
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 In processSsidIE:4213 apVapId = 1 and Split Acl Id = 65535
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 Applying site-specific Local Bridging override for station 74:e5:43:5d:48:78 - vapId 1, site 'default-group', interface 'management'
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 Applying Local Bridging Interface Policy for station 74:e5:43:5d:48:78 - vlan 219, interface id 0, interface 'management'
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 Processing RSN IE type 48, length 20 for mobile 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 Received RSN IE with 0 PMKIDs from mobile 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 Setting active key cache index 8 ---> 8
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 unsetting PmkIdValidatedByAp
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 0c:68:03:b8:60:40 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_7: Dec 13 12:44:00.662: 74:e5:43:5d:48:78 apfPemAddUser2 (apf_policy.c:276) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:b8:60:40 from Associated to Associated
*apfMsConnTask_7: Dec 13 12:44:00.662: 74:e5:43:5d:48:78 apfPemAddUser2:session timeout forstation 74:e5:43:5d:48:78 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_7: Dec 13 12:44:00.662: 74:e5:43:5d:48:78 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_7: Dec 13 12:44:00.662: 74:e5:43:5d:48:78 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_7: Dec 13 12:44:00.662: 74:e5:43:5d:48:78 Sending Assoc Response to station on BSSID 0c:68:03:b8:60:40 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_7: Dec 13 12:44:00.662: 74:e5:43:5d:48:78 apfProcessAssocReq (apf_80211.c:7399) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:b8:60:40 from Associated to Associated
*dot1xMsgTask: Dec 13 12:44:00.664: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Connecting state
*dot1xMsgTask: Dec 13 12:44:00.664: 74:e5:43:5d:48:78 Sending EAP-Request/Identity to mobile 74:e5:43:5d:48:78 (EAP Id 1)
*Dot1x_NW_MsgTask_0: Dec 13 12:44:00.677: 74:e5:43:5d:48:78 Received EAPOL START from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:44:00.677: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Connecting state
*Dot1x_NW_MsgTask_0: Dec 13 12:44:00.677: 74:e5:43:5d:48:78 Sending EAP-Request/Identity to mobile 74:e5:43:5d:48:78 (EAP Id 2)
I setup wireshark to capture on all interfaces and am getting absolutely 0 packet data when I attempt to authenticate as well.
Thanks in advance,
-B

Thanks for the reply Scott...so sorry for the spammy post!
The radius server where the client is deployed is not displaying any sort of logs in any of the NPS log files.
Show WLAN 1 is as follows:
WLAN Identifier.................................. 1
Profile Name..................................... GHI
Network Name (SSID).............................. GHI
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Enabled
   DHCP ......................................... Enabled
   HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ 300 seconds
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... GHI_WLC
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Per-Client Rate Limits........................... Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
--More-- or (q)uit
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Drop
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ 172.18.0.44 1812
   Accounting.................................... Global Servers
      Interim Update............................. 600 Seconds
   Dynamic Interface............................. Enabled
   Dynamic Interface Priority.................... wlan
--More-- or (q)uit
Local EAP Authentication......................... Disabled
Security
   802.11 Authentication:........................ Open System
   FT Support.................................... Disabled
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Disabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Disabled
         AES Cipher.............................. Enabled
                                                               Auth Key Management
         802.1x.................................. Enabled
         PSK..................................... Disabled
         CCKM.................................... Disabled
         FT-1X(802.11r).......................... Disabled
         FT-PSK(802.11r)......................... Disabled
         PMF-1X(802.11w)......................... Disabled
         PMF-PSK(802.11w)........................ Disabled
      FT Reassociation Timeout................... 20
      FT Over-The-DS mode........................ Enabled
      GTK Randomization.......................... Disabled
      SKC Cache Support.......................... Disabled
      CCKM TSF Tolerance......................... 1000
   WAPI.......................................... Disabled
   Wi-Fi Direct policy configured................ Disabled
   EAP-Passthrough............................... Disabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   FlexConnect Local Switching................... Disabled
   flexconnect Central Dhcp Flag................. Disabled
   flexconnect nat-pat Flag...................... Disabled
   flexconnect Dns Override Flag................. Disabled
   FlexConnect Vlan based Central Switching ..... Disabled
   FlexConnect Local Authentication.............. Disabled
   FlexConnect Learn IP Address.................. Enabled
   Client MFP.................................... Optional
   PMF........................................... Disabled
   PMF Association Comeback Time................. 1
   PMF SA Query RetryTimeout..................... 200
   Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID     IP Address            Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Hope this helps and thanks again!
/r
B

Edge detection, Refine Radius tool not apparently working

Dear Community,
I hope you can help me, this is the first time I have asked a question. I have been struggling with the tricky selection of blowing hair and I have read and tried many tutorials but not it's not working for me. I must be doing something wrong.
I have a Mac desktop running Photoshop CS6. I have tried editing both RAW files and JPEGs, and switched between 8 and 16 bit but no apparent differences.
My method:-
1) Edit file in Photoshop and use the quick selection tool for a rough selection of girl on the right.
2) Then click on the Refine Edge button at the top menu bar and in the menu box, I tick Smart Radius, set it to 12 px, tick decontaminate colours and set 50%. This is when I am told the magic should happen. I then paint the hairs top right of screen against the blue sky with brush size approx. 70/80 px and paint on the small hairs near her right eye. But if you look close the selection gets worse by doing this. I included White on Black to show the messy grey area near her right eye and hair is not coming out clean white top and top right.
3) I have put a new layer in and filled red to show the end result but not what I would have hoped for. You can see the messy area above her right eye and lack of clarity in the hair top right.
I have tried to reset Photoshop preferences in case any issues. Any help would be massively appreciated, as I just can't think what I am doing wrong ? e.g. is it to do with brush type settings ?
Many Thanks
Mark

Refine Edge is a game changer, but it is not fool proof, and not even particularly intuitive. It took me a while to get to grips with it, and there are frequently times when a dual masking approach is needed. An easy fix is to click on Decontaminate Colors, because that automatically changes the output mode to New layer with layer mask. That puts you straight into a situation where you can repair problems using the layer mask. Something a lot of people don't realise is that you still have full access to the normal masking aid when painting in a Layer mask. For instance, you can use the pen tool to outline the soft edge, Ctrl click the resulting workpath in the Paths panel to load it as a selection, and use that select as an aid to pain in the soft edge with black. Then invert the selection and paint out the overspill with white.
Something else you can do before you use Quick Select is to copy the layer and increase the contrast. Use the modified layer to make the selection, and switch back to the normal layer to action the selection. You can increase the contrast ob both tonal values with Curves or levels, or colour with Hue saturation. In your example using a H/S layer and selecting Reds from the RGB dropdown, would let you increase saturation for just the reds. Refine Edge uses both tone and color information, so this can make a big difference.
Personally, I just Output to new layer with layer mask and fix it with the paint brush.

Radius WPA2 Enterprise Error

I have 3 AirPort Dual Band BaseStations on the wired network and security is handled by the Radius service on a Mac (Snow Leopard) Server. In fact, 1 of them is a Time Capsule and although the wireless setup is identical to the other BSs, a MacBook Pro sitting about 4 feet from the TC insists on instead connecting through a double wall to one of the other BSs which is in the next room. After restarting AirPort on the MBP it seemed to be ok, then later that day - no connection and try as I might I couldn't get it to connect.
Today I had another look at the MBP and the problem seems to be related to the authentication with the Radius Server (10.6.2 on an XServe in this case). When I checked the logs I see this error repeated
"Error: Ignoring request to authentication address * port 1812 from unknown client xx.xx.xx.xx port 65524"
where xx.xx.xx.xx IS the address of the Time Capsule that the MBP should be trying to connect to and this is most definitely listed as a Base Station in the Radius config. Again, I restarted AirPort on the MBP and authentication was rapidly established and connection was perfect. But will it be able to connect when it wakes up again?
So without any actual configuration changes, I may get the above error, or I may not. Under what circumstances would this error be generated when the config is obviously not incorrect?
Anyone help here?

I am trying to deal with this very issue now. My connections work through regular computers (Macs), albeit with the "non-trusted certificate" warning. I am trying to get this to work with my iPhone. I sent the certificate to my iPhone (and installed it), but I still get the error. Interestingly it's through a Time Capsule (Dual Band II), so I may try it with my earlier revision of TC.
Edit: Confirmed: the older TC (single-band) works well. The new TC just gets ignored by the server so it never gets a chance to even protest the untrusted certificate. I'll continue to work the problem...
Edit2: Rebooting the RADIUS server seems to have solved this problem (?)
Edit3: Pro tip (evidently): Reboot the RADIUS server every time you add/delete a base station.

Nortel switches authenticating to both ACS via RADIUS

Dual ACS solution (4.2) with one ACS doing the authenticating, the other acting as a standby.
Recently when accessing nortel switches, they authenticate to both ACS, as some are going to ACS2 despite their primary RADIUS server being ACS1.
The ACS solution has other network devices, using TACACS+ and they seem fine. DB replication is fine between the ACS and nothing I believe has changed in the configuration between the two.
Any ideas? (all I can think is the response from ACS1 is exceeding the timeout and the switches then select ACS2, but there's no evidence to suggest a problem in network delay).

I am unfamiliar with the Nortel switches. If a cisco switch queries a AAA server and it fails to respond, it will mark it as dead and move to the next. When the AAA server is back online, the switch will not revert to the previous server. It will remain on the current AAA server until AAA is disabled or the current AAA server fails to respond.
Network delay would cause this. Maybe the services were disabled or replication was occuring while the device was trying to authenticate.
Thank You,
Dan Laden

RADIUS Capabilities in Mac OS X Server (10.6 specifically)

We are building a WiFi Network to support 100 users. Our building is about a city block by a half a city block, so we will be using a lot of Airports (Airport Extreme 802.11n dual). Since we are concerned about security, we will be using Mac OS X Server's (10.6) Radius server.
Can anyone tell me if it is possible to record logs of user1 when to siteX at this date and time? I am concerned that if something bad goes down, we can track who did what & when.
Any info on this is appreciated.

If you enable the extended logging using the following commands you will get all the details you are after in the radius log.
$ sudo radiusconfig -setconfig log_auth yes
$ sudo radiusconfig -setconfig logauthgoodpass yes
$ sudo radiusconfig -setconfig logauthbadpass yes
In the log you will then see entries like this
Auth: Login OK: [002500xxxxxx/password] (from client Airport BaseStation port 0 cli 00-25-00-xx-xx-xx)
where 'Airport BaseStation' will be the name of your access point as defined in the RADIUS server admin section.
Charlie at ewhizz d0t net
ewhizz dot net

Toshiba Radius P55W-B5220 Wifi Driver

Hello Everyone, After updating to Windows 10, the Wifi driver was working properly and I navigated and the system was slightly faster over Windows 8.1. After the next reboot, the driver stopped working and the network center said that the adapter was turned off. After investigating, apparently there needs to be an updated driver for Windows 10 in the 18.11.0.x range. Toshiba doesn't provide it yet apparently.
Looking at this link: http://win10upgrade.toshiba.com/swupdate/modellist.aspx?region=TAIS&lang=en&country=US It shows Satellite Radius P50W-B (PSVP2)‎ which is able to be updated. Does this cover the P55W version as well? I'm sure it does as the first few letters of my P/N is PSVP2. Already spoke to support, no avail. I would like to see if anyone can confirm it. I guess we're waiting on Intel to release the updated drivers. The wireless card is the Intel Dual Band Wireless-AC 7260. Anyone had luck?

Satellite Radius P55W-B5220 (PSVP2U-003004)
Does this cover the P55W version as well? I'm sure it does as the first few letters of my P/N is PSVP2.
Yes. In fact if you put the whole part number (PSVP2U-003004) in here, you'll come to a page that lists new software for Windows 10.
It also says "Your selected Toshiba PC is supported for upgrade to Windows 10. Now all of the software for the upgrade is available." There are seven items listed, but there is no new WiFi driver.
I take that to mean the old driver for Windows 8.1 should work. What does it have in Device Manager for Device status of the Wireless-AC 7260?

Consistent Roaming with WDS on AP1142n WAPs

Hi there
Background
I have 3 Cisco AP1142n with one as the WDS and running local radius, the WDS then authenticates to an external FreeRadius server. The SSID is using EAP-TLS authentication.
The other 2 AP's are running as WDS clients and they have registered and authenticated fine against local radius on WDS AP
Problem
Users are able to roam however 90% of the time this does not work and users who are connected to a VPN lose their connection and have to re-ath to the SSID.. I am also seeing the pattern is that when users roam from WDS-Client AP 1 to WDS-Client AP2 , this does not work however when they then re-auth to WDS-Client AP2 and back to AP1 this works fine.
I have following debug enabled on the WDS device
General OS:
AAA Authentication debugging is on
AAA Authorization debugging is on
dot11/wlccp authenticator:
receive packet debugging is on
transmit packet debugging is on
state machine debugging is on
process debugging is on
Mac Authentication debugging is on
Dispatcher debugging is on
List of MNs with WDS events debugging enabled :
b88d.1213.1b3a
The question I have is the following line which I keep seeing in the output
May 13 12:24:47.980: AAA/AUTHOR: auth_need : user= 'xxx' ruser= 'AP-WDS-01'rem_addr= '10.x.x.x' priv= 1 list= '' AUTHOR-TYPE= 'commands'
May 13 12:24:51.243: AAA/AUTHOR: auth_need : user= 'xxx' ruser= 'AP-WDS-01'rem_addr= '10..x.x.x' priv= 15 list= '' AUTHOR-TYPE= 'commands'
May 13 12:25:17.259: AAA/AUTHOR: auth_need : user= 'xxx' ruser= 'AP-WDS-01'rem_addr= '10.x.x.x' priv= 15 list= '' AUTHOR-TYPE= 'commands'
Do these lines tell me anything?
Also in addition
WDS Statistics for last 4d19h:
   Current AP count: 3
   Current MN count: 0
   AAA Auth Attempt count: 12
   AAA Auth Success count: 12
   AAA Auth Failure count: 0
   MAC Spoofing Block count: 0
   Roaming without AAA Auth count: 15
   Roaming with full AAA Auth count:5
   Fast Secured Roaming count: 0
   MSC Failure count: 0
   KSC Failure count: 0
   MIC Failure count: 0
   RN Mismatch count: 0
What do the above bold lines tell me?
Kind Regards

Agree with Rasika..
if you are using 802.1x, then only you would want to configure WDS for the key caching.
if you are using a PSK, then all you need to do is configure the AP exactly the same way, with the exception of the IP address on the BVI interface, as long as the ssid and encryption are the same, and there is overlap between the cells the client should roam between the AP
Regards

How large of a hard drive can I install on dual G5, and do I need more RAM?

I recently had a situation in which my dual-processor 2.0 G5 was completely refurbished by Apple repair-new logic board, both processors, video card, thermistor, all new. Finally it has been working well after a month of trips back and forth from the Apple store. I have two internal hard drives installed on my G5, both 300GB, one for OS applications, and one for audio. I am running out of space on my main hard drive, and so I recently purchased a Maxtor 1TB hard drive, now manufactured by Seagate, from Fry's. After having my G5 refurbished, I was having an issue with my Samsung 930B monitor going into sleep mode when I boot-up from a CD, but other than that G5 was working fine. I removed the main 300GB hard drive from slot #1 and put it into slot #2, from which I had removed my audio hard drive. I installed the Maxtor drive in slot #1 and reformatted it for Mac using my laptop with ATA/USB cables previously purchased for data transfer. This took about 14 hours as I used the "zeros" option. After that I hooked up the internal cables to both drives and tried to boot up from Leopard in order to install it on the Maxtor drive, but again my monitor went into to sleep mode. We went to the Apple store to try to see if there was an issue with the computer, but everything worked fine with their monitors and CD's, as well as my CD. So there is some kind of issue with my monitor, probably software as it works fine when booting up from the main hard drive, and also was fine when I did its self-test function. While at the Apple store, they installed Leopard from their hard drive which took about 30 minutes.
My problem is this: When I arrived home, I turned on my G5, which had been set to boot from my new Maxtor drive and complete the Leopard setup process, which we had decided to do at home as it would have taken another 20 minutes in the Apple store. The G5 turned on, chimed, I got the Apple screen with the wheel, but then after that my monitor goes into sleep mode. I can hear Leopard's setup intro playing through the speakers, but the screen is in sleep mode. So I reboot holding down the option key so I can boot up from my old (300GB) main hard drive, now in slot #2. This works and the monitor screen does not go to sleep. However, as I am browsing on the web to check for issues concerning this monitor, the G5 freezes, and I get a screen with black bars with writing in them and various technical language across the screen. This happened several times after rebooting. Finally I shut the computer down. I am going to try removing the new hard drive and putting both old ones back in and see if the G5 stops crashing. I think the monitor issue is a separate issue, and I am more concerned with the crashing, as previous to the new hard drive installation the G5 was working fine, monitor fine, other than the issue when booting up from a CD. Do I need more memory? Is the 1TB hard drive too large for my dual-processor 2.0 G5 and overloading it? Would I be better off with a 500GB drive? Would appreciate advice from persons with experience in this area. Thank you.

I have replaced my 5 year old G5 with a Mac Pro, as the G5 just had too many issues, even after replacing all major components (logic board, both processors, video card, etc.) Once I took out the 1 TB hard drive from my old G5, it stopped having the kernel panic issue. Nonetheless I had been through a lengthy repair process previous to this issue, so I didn't care to trust an older machine any longer, especially since being told by an Apple tech that the "new" parts were really just older parts stockpiled from a central location. Could be new, could be refurbished. Apple was kind enough to credit the money we had spent on the G5 repairs towards the purchase of my Mac Pro.

AP1142N dual RADIUS

Similar Messages

Maybe you are looking for