WLC and LWAP Registration Log Question

Similar Messages

• IPv6 for management and control plane on WLCs and LWAPs

  Good morning, everybody!
  I am trying to find answer to a question that has been previously asked by people but never successfully answered
  The question is about IPv6 support on Cisco Wireless LAN Controllers and access points... Does Cisco have a roadmap to include support for IPv6 used in CAPWAP, control plane and management? There are couple of posts on this topic that do not unfortunately provide any answer to this point.
  https://supportforums.cisco.com/message/3018843
  https://supportforums.cisco.com/docs/DOC-15667
  Infamous "Cisco IPv6 Solution" at http://www.cisco.com/en/US/partner/technologies/collateral/tk648/tk872/tk373/technologies_white_paper_09186a00802219bc_ps6553_Products_White_Paper.html briefly states "Wireless Solutions... In future, IPv6 control plane features may get added to those components."
  Has anyone heard of any more specific roadmap for IPv6 support for CAPWAP, control plane and management on WLCs and LWAPs?

  Full ipv6 support will never be available on the Wism and 440x controllers because they have a NPU to forward traffic and it was not designed with ipv6 in mind.
  The 5508 and Wism2 and all new controllers all have CPU based forwarding and ipv6 is coming in next releases.
  WLC 8.0 is only for december 2011/2012 and I have to say I don't know if it will support native ipv6.
  my 2 cents

• Peculiar error from WLC and LWAP locking out iPhone 6+

  WiFi LAN:
  WLC Cisco 2504 Software Version 8.0.100.6
  LWAP's Cisco 1702i's Software Version IOS 15.3 Mini IOS 8.0.72.236
  Single WLAN using WPA2 (AuthPSK)
  Apple iPhone 6+ Software Version 8.1.2
  The error being reported in the 2504 WLC Message Log is:
  "*sntpReceiveTask: Jan 21 10:59:27.457: #LWAPP -3-DUP_IP:spam_Irad.c:39857 The system has added client a8:8e:24:60:a0:52 to exclusion list due to IP Address conflict of AP 192.168.10.10, this is a duplicate of IP on another machine (MAC a8:8e:24:60:a0:52)"
  In the error above:
  a8:8e:24:60:a0:52  - Is the Smart Phone being locked out of the LAN.
  192.168.10.10 - Is the IP address of the LWAP where the problem started yesterday.
  To troubleshoot, I took the smartphone to another LWAP 100 meters away and the above error still gets reported to the 2504 WLC.
  My questions to the support community:
  1) I have looked everywhere for this "Exclusion List" on the 2504 WLC GUI and cannot fine it. Does it exist on the 2504 GUI? CLI?
  2) If not, is it on the LWAP?
  My thinking is to clear this list to see if this smartphone can then join the LAN.  THX

  Thanks for that Scott. I will do the updates when a window opens up. I performed the opened SSID as you suggested and the smartphone would not join on the first attempt. On the second attempt I manually entered network settings and it finally joined and has held for over an hour now. I have 2 iPhone 6 smartphones with this problem now and 45 mixed iPhone 6's/Droids running flawlessly with WPA2/AES Security. I will attach a couple screenshots of the security setup to this post. 
  On another note, I had originally though that this was an Apple IOS 8 issue as I found a recent thread on the Apple Support Communities mentioning the same issue of continuous re-logging in.
  https://discussions.apple.com/thread/6536955

• WLC and AP in L3

  Hello everyone
  I hope if anyone can help me.
  a Building has 3 companies (A,B and C)
  and I have one WLC
  in each company there is 3 AP
  I want to configure WLC whereas any AP in company A cant communicate to other AP in company B and C
  and the same to all companies
  I mean totally separate in IP scheme (no routing between them)
  can that done with WLC and LWAP ??
  PLZ advice

  thank you all for your reply
  I would like to ask you another question fo another scenario.
  I have one WLC installed in one subnet, let's say in the head quarter network, while the LAPs are installed in the branches and there is WAN connectivity between the HQ and the branch and OSPF routing is enabled between this WAN network. How can I do my configuration in order to register the LAPs installed in the branch with WLC installed in the HQ?
  Thanks,

• Connection between 5508 WLC and 3750-24PS switch

  I have to realize a connection between  an 5508 WLC and 3750 switch using one SFP cable. I found on Cisco documentation some reference about two different SFP cables.
  The first one is CAB-SFP-50CM, but this is used to interconnect two 3560 switches.
  The second is SFP-H10GB-CU1M. This one has SFP+ transceivers on both ends which I don’t know if are compatible with the standard SFP ports that can be found both on WLC and switch.
  My question is if I can use one of these cables in order to connect my devices, or if you know other one piece SFP cables.
  Many thanks

  I know that you can use those SFP transceivers, but I want to know if someone tried to use the SFP-H10GB cables for this kind of connection. Because I saw on another vendor website that the SFP+ cables are compatible with standard SFP ports, and I wanted to see if it is the same for Cisco cables too.
  Regards

• I have change e-mail address after first registration and when I logged in it send new password to my old e-mail address. now I can't use my old profile

  I have change e-mail address after first registration and when I logged in it send new password to my old e-mail address. now I can't use my old profile.
  and I can't install my old adobe X anymore
  what to do?
  Mika

  Change Account https://forums.adobe.com/thread/1465499 may help
  -wrong email https://forums.adobe.com/thread/1446019

• WLC 5508 and LightWeight APs Deployment question

  Hi There,
  Can you please wit the following question in regards to the deployment of a new WLC and new LAPs,
  I have configured and connected a 5508 WLC and 3500 series LAP.
  LAG is enabled in the WLC and successfully connected to the neighboring switch (using etherchannel) and to the network.
  The port-channel port is set to trunk mode obviously and certain vlan ids are currently allowed (3-5)
  The management interface has this IP address 192.168.5.250/24
  I created a WLAN with WLAN ID 3, Interface set to Management and say SSID test1
  I have connected a new LAP to the network, which switchport interface is set to access mode and assigned with vlan id 3. The LAP is able to join the WLC successfully with an IP address, such as, 192.168.3.100 (assigned via DHCP).
  When I try connecting a mobile client to the wireless LAN, it can successfully detect and connect to the WLAN, created in the WLC (test1) however it gets an IP address by DHCP, in the 192.168.5.0/24 network, which is the IP range of the management interface's IP address.
  What can I do to get the clients connecting on network 192.168.3.0/24? I thought this would be the case since I allocated the WLAN Id of 3 in the WLAN test1 configuration and since the LAP switchport is set to access mode with vlan ID 3.
  Cheers,
  egua5261

  Hi,
  The WLAN ID has no effect with the VLAN ID. WLAN ID is just an identifier for the WLAN.
  you said "Interface set to Management and say SSID test1" and here is your issue.
  You set the interface of the WLAN to the management. So, the WLAN will be mapped to the VLAN to which the management interface is mapped to.
  What you need to do is to create a dynamic interface with ip range in 192.168.3.0/24 and provide VLAN ID for that interface and assign your WLAN to this new interface. This way your clients will get an IP from this specified range.
  HTH
  Amjad

• I have a new IMAC 5k running Yosemite and when I log in I am asked a whole series of questions as to what keychain can access. How can I authorise all of these to be available upon login? Items concerned are such as "Talagent", "Messages agent" etc

  I have a new IMAC 5k running Yosemite and when I log in I am asked a whole series of questions as to what keychain can access. How can I authorise all of these to be available upon login? Items concerned are such as "Talagent", "Messages agent" etc

  Back up all data before proceeding.
  Launch the Keychain Access application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad and start typing the name.
  Select the login keychain from the list on the left side of the Keychain Access window. If your default keychain has a different name, select that.
  If the lock icon in the top left corner of the window shows that the keychain is locked, click to unlock it. You'll be prompted for the keychain password, which is the same as your login password, unless you've changed it.
  Right-click or control-click the login entry in the list. From the menu that pops up, select
            Change Settings for Keychain "login"
  In the sheet that opens, uncheck both boxes, if not already unchecked.
  From the menu bar, select
            Keychain Access ▹ Preferences... ▹ First Aid
  There are four checkboxes in the window that opens. Check all of them. if they're not already checked. Close the window.
  Select
            Keychain Access ▹ Keychain First Aid
  from the menu bar and repair the keychain. Quit Keychain Access.
  If you use iCloud Keychain, open the iCloud preference pane and uncheck the Keychain box. You'll be prompted to delete the local iCloud keychain. Confirm. Then re-check the box. Follow one of the procedures described in this support article to set up iCloud Keychain on an additional device.

• "rescue and recovery" and "swshare" log question

  I am currently analzying logs from "rescue and recovery" and "swshare" program and notice SMA.log and capture.sma in particular. I want to verifiy what do each of those 2 logs mean. does one mean the data that was successfully backed up and the other one means what was restored to the machine? the restore.log contains a specific date, was that the date the data was restored to the machine?
  Thanks in advance!!!

  The logs gets created automatically and have the information of the particular task which is completed or processed.
  Best Regards,
  Tanuj
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution".! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.
  Follow @LenovoForums on Twitter!

• 5760 WLC and 5760 HA WLC question

  Hi everyone,
  I assume this information must exist... I just cannot locate it. Customer purchasing two 5760 WLCs:
  1     AIR-CT5760-500-K9
  1     AIR-CT5760-HA-K9
  I am looking for info on how to configure these 2 WLCs to work together.  How do you inform the production WLC that a HA WLC is available to sync with? Do WLCs have to be L-2 adjacent, or will HA operate at L-3?  How does this HA setup work? etc.
  Any help would be really appreciated.

  Hi,
  Any news regarding this issue?
  We've have the same scenario:
  1     AIR-CT5760-500-K9
  1     AIR-CT5760-HA-K9
  Both running
  IOS XE 03.03.01SE
  I've activated Global AP Failover Priority in both WLC and from a total of 47 APs, i've configured 8 with Priority Critical, 7 APs with Priority High and  3 APs with Priority Medium.
  We've issued an reload to the primary WLC and it took 7 minutes for the APs recover from the Secondary to the Primary
  13:14 - reload issued on the primary WLC
  13:15 - service granted by the secondary WLC (required an shut/no shut to the "Network Status" of the radio interfaces)
  13:22 - service recovered to the primary WLC
  Edit - Forgot to mention that the priority values mentioned above didn't show much improvement in the AP recovery time...

• 5508 controller coexisting with Autonomous and LWAPs

  v\:* {behavior:url(#default#VML);}
  o\:* {behavior:url(#default#VML);}
  w\:* {behavior:url(#default#VML);}
  .shape {behavior:url(#default#VML);}
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin-top:0in;
  mso-para-margin-right:0in;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0in;
  line-height:50%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  I have a question for the group and was curious if anyone has done this. I am looking through the docs on CCO and have gone through several books:
  Controller-Based Wireless LAN Fundamentals – very good and updated 2010 publication and Deploying and Troubleshooting Cisco Wireless LAN Controllers also very good but from 2009.
  I have a new install coming up over a legacy install. What I mean is we have a classic autonomous AP based setup on the campus with one vlan. We now want to deploy 5508 controllers and new N based AP. My questions are for migration approach. One school of thought is to deploy the controllers and convert all the autonomous fat APs to LWAPs then replace each LWAPs with a new N unit one or x at a time at our convenience. Then convert the removed FAT to converted LWAPs back to FAT (IOS) for another special classic non controller use.
  I was curious if I can save this conversion step and deploy the controllers thus letting the users continue to use their classical FAT architecture while I add the N based APs one at a time. So, for example, I have the fat architecture now, deploy controllers, and on one floor where there is 5 fat APs swap one with an N AP. Now anyone in that N cell range will go through the controller but the other folks in the other cells can continue to authenticate and associate using the fat system in place. Can the controllers and Autonomous systems reside together? The only immediate protocol mechanics related issue here is roaming. I want to avoid any issues related to converting the FAT aps to LW aps in production(bugs, rollbacks etc that can slow things down). This way I can get the controllers and new APs in place quickly utilizing some known RF variables and slowly push the older APs out of use. Kinda like a SIN routing protocol migration flip with Admin distance flipping.
  Is this possible and has anyone done this? Just curious. I am still looking though the docs. An thoughts are greatly appreciated.

  This is possible. But don't expect any collaboration between WLC and IOS APs.
  So roaming between lwapp aps and ios aps won't be smooth. The Lwapp aps will also consider the IOS APs as rogue unless you manually declare them friendly ...
  Co-existence is not something recommended if you are peaky about those details.
  If you only have data usage and a few hard-cut roaming doesn't scare you, then why not.
  Nicolas
  ===
  don't forget to rate answers that you find useful

• Capwap and lwap

  what is capwap and lwap? the differnce?

  LWAPP = Cisco proprietery..
  CAPWAP = Industry standard protocol
  Both used to get the AP joining the WLC...
  http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml
  Lemme know if this answered your question..
  Regards
  Surendra

• I have 2 imac computers and here are my questions: first, how to I transfer the information from my contact directory from my old imac into my new imac and once the information is transfered how can I print it? Second: I have a large music collection in m

  have 2 imac computers and here are my questions: first, how to I transfer the information from my contact directory from my old imac into my new imac?  Once the information is transfered how can I print it? Second: I have a large music collection in my old Imac computer how do I transfer this information to my new computer? Also how can I share this information with other computers at home?

  I think you may find helpful information here:
  A Basic Guide for Migrating to Intel-Macs
  The Knowledgebase article Intel-based Mac: Some migrated applications may need to be updated refers to methods of dealing with migrating from PowerPC chips to Intel with the Migration Assistant safely. The authors of this tip have not had a chance to verify this works in all instances, or that it avoids the 10.6.1 and earlier Guest Account bug that caused account information to get deleted upon use of the Migration/Setup Assistant. However, a well backed up source that includes at least two backups of all the data that are not connected to your machine will help you avoid potential issues, should they arise. In event it does not work, follow the steps below.
  If you are migrating a PowerPC system (G3, G4, or G5) to an Intel-Mac be careful what you migrate.  Keep in mind that some items that may get transferred will not work on Intel machines and may end up causing your computer's operating system to malfunction.
  Rosetta supports "software that runs on the PowerPC G3, G4, or G5 processor that are built for Mac OS X". This excludes the items that are not universal binaries or simply will not work in Rosetta:
  Classic Environment, and subsequently any Mac OS 9 or earlier applications
  Screensavers written for the PowerPC System Preference add-ons
  All Unsanity Haxies Browser and other plug-ins
  Contextual Menu Items
  Applications which specifically require the PowerPC G5 Kernel extensions
  Java applications with JNI (PowerPC) libraries
  See also What Can Be Translated by Rosetta.
  In addition to the above you could also have problems with migrated cache files and/or cache files containing code that is incompatible.
  If you migrate a user folder that contains any of these items, you may find that your Intel-Mac is malfunctioning. It would be wise to take care when migrating your systems from a PowerPC platform to an Intel-Mac platform to assure that you do not migrate these incompatible items.
  If you have problems with applications not working, then completely uninstall said application and reinstall it from scratch. Take great care with Java applications and Java-based Peer-to-Peer applications. Many Java apps will not work on Intel-Macs as they are currently compiled. As of this time Limewire, Cabos, and Acquisition are available as universal binaries. Do not install browser plug-ins such as Flash or Shockwave from downloaded installers unless they are universal binaries. The version of OS X installed on your Intel-Mac comes with special compatible versions of Flash and Shockwave plug-ins for use with your browser.
  The same problem will exist for any hardware drivers such as mouse software unless the drivers have been compiled as universal binaries. For third-party mice the current choices are USB Overdrive or SteerMouse. Contact the developer or manufacturer of your third-party mouse software to find out when a universal binary version will be available.
  Also be careful with some backup utilities and third-party disk repair utilities. Disk Warrior, TechTool Pro , SuperDuper , and Drive Genius  work properly on Intel-Macs with Leopard.  The same caution may apply to the many "maintenance" utilities that have not yet been converted to universal binaries.  Leopard Cache Cleaner, Onyx, TinkerTool System, and Cocktail are now compatible with Leopard.
  Before migrating or installing software on your Intel-Mac check MacFixit's Rosetta Compatibility Index.
  Additional links that will be helpful to new Intel-Mac users:
  Intel In Macs
  Apple Guide to Universal Applications
  MacInTouch List of Compatible Universal Binaries
  MacInTouch List of Rosetta Compatible Applications
  MacUpdate List of Intel-Compatible Software
  Transferring data with Setup Assistant - Migration Assistant FAQ
  Because Migration Assistant isn't the ideal way to migrate from PowerPC to Intel Macs, using Target Disk Mode, copying the critical contents to CD and DVD, an external hard drive, or networking will work better when moving from PowerPC to Intel Macs.  The initial section below discusses Target Disk Mode.  It is then followed by a section which discusses networking with Macs that lack Firewire.
  If both computers support the use of Firewire then you can use the following instructions:
  1. Repair the hard drive and permissions using Disk Utility.
  2. Backup your data.  This is vitally important in case you make a mistake or there's some other problem.
  3. Connect a Firewire cable between your old Mac and your new Intel Mac.
  4. Startup your old Mac in Transferring files between two computers using FireWire.
  5. Startup your new Mac for the first time, go through the setup and registration screens, but do NOT migrate data over. Get to your desktop on the new Mac without migrating any new data over.
  If you are not able to use a Firewire connection (for example you have a Late 2008 MacBook that only supports USB:)
  1. Set up a local home network: Creating a small Ethernet Network.
  2. If you have a MacBook Air or Late 2008 MacBook see the following:
  MacBook (13-inch, Aluminum, Late 2008) and MacBook Pro (15-inch, Late 2008)- What to do if migration is unsuccessful;
  MacBook Air- Migration Tips and Tricks;
  MacBook Air- Remote Disc, Migration, or Remote Install Mac OS X and wireless 802.11n networks.
  Copy the following items from your old Mac to the new Mac:
  In your /Home/ folder: Documents, Movies, Music, Pictures, and Sites folders.
  In your /Home/Library/ folder:
  /Home/Library/Application Support/AddressBook (copy the whole folder) /Home/Library/Application Support/iCal (copy the whole folder)
  Also in /Home/Library/Application Support (copy whatever else you need including folders for any third-party applications)
  /Home/Library/Keychains (copy the whole folder) /Home/Library/Mail (copy the whole folder) /Home/Library/Preferences/ (copy the whole folder) /Home /Library/Calendars (copy the whole folder) /Home /Library/iTunes (copy the whole folder) /Home /Library/Safari (copy the whole folder)
  If you want cookies:
  /Home/Library/Cookies/Cookies.plist /Home/Library/Application Support/WebFoundation/HTTPCookies.plist
  For Entourage users:
  Entourage is in /Home/Documents/Microsoft User Data Also in /Home/Library/Preferences/Microsoft.
  Credit goes to Macjack for this information.
  If you need to transfer data for other applications please ask the vendor or ask in the  Discussions where specific applications store their data.
  5. Once you have transferred what you need restart the new Mac and test to make sure the contents are there for each of the applications.
  Written by Kappy with additional contributions from a brody.Revised 5/21/2011

• "logon time" between USR41 and security audit log

  Dear colleagues,
  I got a following question from customer for security audit reason.
  > 'Logon date' and 'Logon time' values stored in table  USR41 are exactly same as
  > logon history of Security Audit Log(Tr-cd:SM20)?
  Table:USR41 saves 'logon date' and 'logon time' when user logs on to SAP System from SAP GUI.
  And the Security Audit Log(Tr-cd:SM20) can save user's logon history;
  at the time when user logged on, the security audit log is recorded .
  I tried to check SAP GUI logon program:SAPMSYST several ways, however,
  I could not check it because the program is protected even for read access.
  I want to know about specification of "logon time" between USR41 and security audit log,
  or about how to look into the program:SAPMSYST and debug it.
  Thank you.
  Best Regards.

  Hi,
  If you configure Security Audit you can achieve your goals...
  1-Audit the employees how access the screens, tables, data...etc
  Answer : Option 1 & 3
  2-Audit all changes by all users to the data
  Answer : Option 1 & 3
  3-Keep the data up to one month
  Answer: No such settings, but you can define maximum log size.
  4-Log retention period can be defined.
  Answer: No !.. but you can define maximum log size.
  SM19/SM20 Options:
  1-Dialog logon
  You can check how many users logged in and at what time
  2-RFC login/call
  Same as above you can check RFC logins
  3-Transaction/report start
  You can see which report or transaction are executed and at what time
  (It will help you to analyise unauthorized data change. Transactions/report can give you an idea, what data has been changed. So you can see who changed the data)
  4-User master change
  (You can see user master changes log with this option)
  5-System/Other events
  (System error can be logged using this option)
  Hope, it clear the things...
  Regards.
  Rajesh Narkhede

• ISE 1.2 With WLC and AD

  Hi everyone,
  What is the steps and Procedure implement Wired and wireless authentication with ISE, WLC and AD for a LAB environment. currently the following are done.
  The wireless network is configured with 2 SSID (Staff and Guest) 
  Active Directory, DNS, DHCP, and  NTP configured & synced.
  ISE and AD running on C220 VMs, and WLC is 5760 Appliance.
  Please provide your thoughts and assistance.
  Regards

  You have to implement dot1x and radius between your NAD and ISE device.
  Using the switch 3850, that are the steps: 
  username RADIUS-HEALTH password radiusKey1 privilege 15
  aaa new-model
  aaa authentication login default local
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa authorization auth-proxy default group radius
  aaa accounting update periodic 5
  aaa accounting auth-proxy default start-stop group radius
  aaa accounting dot1x default start-stop group radius
  !this password will be used to communicate with ISE and to verify reachability
  !between ISE and Switch
  aaa server radius dynamic-author
   client 172.16.1.18 server-key 7 radiuskey
   client 172.16.1.20 server-key 7 radiuskey
  ip domain-name lab.local
  ip name-server 172.16.1.1
  dot1x system-auth-control
  interface GigabitEthernet1/0/3
   switchport mode access
   switchport voice vlan 50
   switchport access vlan 10
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action authorize voice
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  ip access-list extended ACL-ALLOW
   permit ip any any
  !the comm between radius and ise will occur on these Port
  ip radius source-interface Vlan100
  logging origin-id ip
  logging source-interface Vlan100
  logging host 172.16.1.20 transport udp port 20514
  logging host 172.16.1.18 transport udp port 20514
  ip radius source-interface Vlan100
  logging origin-id ip
  logging source-interface Vlan100
  logging host 172.16.1.20 transport udp port 20514
  logging host 172.16.1.18 transport udp port 20514
  snmp-server community ciscoro RO
  snmp-server community public RO
  snmp-server trap-source Vlan100
  snmp-server source-interface informs Vlan100
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 10 tries 3
  radius-server vsa send accounting
  radius-server vsa send authentication
  !defining ISE servers
  radius server ISE-RADIUS-1
   address ipv4 172.16.1.20 auth-port 1812 acct-port 1813
   automate-tester username RADIUS-HEALTH idle-time 15
   key radiusKey
  Please be sure that NTP servers and time are synchronized. 
  enable dot1X on windows machine, or using cisco NAM. 
  you can enable debugging on aaa authentication to see the events. 
  you have to create this user on ISE (RADIUS-HEALTH). 
  3850#test aaa group radius username password new-code 
  and observe the result. You are supposed to have user authenticated successfully. 
  You Must also have define these device in ISE on the radius interface.
  ip radius source-interface ..... use this interface ip address to define Ip address of the NAD device in ISE. 
  administration-->network resources -->Network Devices-->Add
  input the name
  input the Ip address for radius communication
  select the authentication settings and field the corresponding shared secret radius key
  select snmp settings and select version 2c. 
  snmp community : ciscoro
  you can customize the polling interval if you want and that all. 
  you are supposed to received message communication between your NAD and ISE. 
  After you can do the procedure for WLC device. 
  I will fill it after you have passed the first steps (3850 authentication).