This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ
- Extreme Networks
- Community List
- Wireless
- ExtremeWireless (WiNG)
- Re: Client failed 802.1x/EAP authentication on wla...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Client failed 802.1x/EAP authentication on wlan
Client failed 802.1x/EAP authentication on wlan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā02-06-2020 10:58 AM
Hello!
WiNG 5.9
VX9000 + AP7632.
RADIUS in APās (Internal Self) with test user.
Smartphone normally connecting.
Lap-top with Win7 - no.
Could you please help - where to look at? How to debug this issue?
[ap7632-6F2CC7] 10:09:38.724: radius:RAD_MSG_AUTHENTICATOR (radius.c:1182)
[ap7632-6F2CC7] 10:09:38.724: radius:rx access-challenge from radius server for 00-13-E8-93-D4-19 (radius.c:3888)
[ap7632-6F2CC7] 10:09:38.724: eap:sending eap-code-request code 1, type 25 to 00-13-E8-93-D4-19 (eap.c:964)
[ap7632-6F2CC7] 10:09:38.724: eap:sending eap-req [eap_type:25(peap)] to 00-13-E8-93-D4-19 (eap.c:1001)
[ap7632-6F2CC7] 10:09:38.730: eap:rx eap pkt from 00-13-E8-93-D4-19 (eap.c:720)
[ap7632-6F2CC7] 10:09:38.731: radius:access-req sent to 127.0.0.1:1812 (attempt 1) for 00-13-E8-93-D4-19 (user:Extreme) (radius.c:3054)
[ap7632-6F2CC7] 10:09:38.736: radius:RAD_MSG_AUTHENTICATOR (radius.c:1182)
[ap7632-6F2CC7] 10:09:38.736: radius:rx access-reject for 00-13-E8-93-D4-19 (radius.c:3781)
[ap7632-6F2CC7] 10:09:38.736: eap:sending eap-failure to 00-13-E8-93-D4-19 (eap.c:1009)
[ap7632-6F2CC7] %%%%>10:09:38.736: radius:alarm num_eap_f ++ 1 (radius.c:3859)
[ap7632-6F2CC7] 10:09:38.736: client:clearing cached credentials for 00-13-E8-93-D4-19 (credcache.c:241)
[ap7632-6F2CC7] 10:09:38.739: mgmt:tx deauthentication [reason: authentication rejected by radius server (code:23)] to 00-13-E8-93-D4-19 (mgmt
[ap7632-6F2CC7] 10:09:38.739: client:wireless client 00-13-E8-93-D4-19 changing state from [802.1x/EAP Auth] to [Roaming] (mgmt.c:635)
AP config
!
aaa-policy "Onboard RADIUS"
authentication server 1 onboard self
!
!
wlan Extreme802-1xTest
ssid Extreme802-1xTest
vlan 241
bridging-mode local
encryption-type ccmp
authentication-type eap
use aaa-policy "Onboard RADIUS"
!
!
radius-group 802-1xTestGroup
policy vlan 241
!
!
radius-user-pool-policy Extreme802-1x
user Extreme password 0 Extreme group 802-1xTestGroup
!
radius-user-pool-policy Guest
user Test password 0 Test group Guests
!
radius-server-policy "Onboard RADIUS"
use radius-user-pool-policy Extreme802-1x
use radius-user-pool-policy Guest
authentication eap-auth-type peap-mschapv2 #(also tryed with āAllā)
chase-referral
!
Thank you!
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā02-14-2020 12:58 PM
Hi, Tomasz!
From Client side no specific info āmissing keywords
use the search to find solutions to fixā.
Itās enabled āFast BSS Transition over DSā and disabled āFast BSS Transitionā.
But if Iāll disable 802.11r - it will decrease time of clientās roaming.
Thank you!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā02-14-2020 12:21 PM
Hi Alexandr,
Quick guess - 802.11r enabled and Intel AC-xxxx card within the laptop?
Apparently, it might be helpful sometimes if you click on troubleshooting option in Windows when it pops up āunable to connectā. Then it will most probably fail but you can see detailed results and it shows at which point (from supplicant/STA point of view) it failed. It was really helpful to me when troubleshooting IdentiFi network once (and it was 11r case actually, so WPA2 4-way handshake couldnāt finish, Iām not sure if the logs here are relevant but just a guess).
Hope that helps,
Tomasz
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā02-10-2020 09:07 AM
Hi!
Christopher, all configuration steps we have made within Win7?
[ap7632-6F2CC7] 09:00:57.12: mgmt:rx auth-req from 00-13-E8-93-D4-19 on radio 1 (mgmt.c:4032)
[ap7632-6F2CC7] 09:00:57.12: mgmt:tx auth-rsp to 00-13-E8-93-D4-19 on radio 1. status: success (mgmt.c:1348)
[ap7632-6F2CC7] 09:00:57.16: mgmt:rx association-req from 00-13-E8-93-D4-19 on radio ap7632-6F2CC7:R2 signal-strength is -52dBm (mgmt.c:4006)
[ap7632-6F2CC7] 09:00:57.16: client:MU 00-13-E8-93-D4-19 panBU enab_cap=00 00 00 00, supp_cap=00 00 00 00 (mgmt.c:3195)
[ap7632-6F2CC7] 09:00:57.16: client:using cached vlan 241 for wireless client 00-13-E8-93-D4-19 (mgmt.c:3442)
[ap7632-6F2CC7] 09:00:57.16: mgmt:Client 00-13-E8-93-D4-19 negotiated WPA2-EAP on wlan (Extreme802-1xTest) (mgmt.c:3534)
[ap7632-6F2CC7] 09:00:57.16: mgmt:tx association-rsp success to 00-13-E8-93-D4-19 on wlan (Extreme802-1xTest) (ssid:Extreme802-1xTest) with ft
[ap7632-6F2CC7] 09:00:57.17: client:no pmkid from client 00-13-E8-93-D4-19 (mgmt.c:1243)
[ap7632-6F2CC7] 09:00:57.17: client:state MU_STATE_DOT1X for client 00-13-E8-93-D4-19 (mgmt.c:1252)
[ap7632-6F2CC7] 09:00:57.17: client:wireless client 00-13-E8-93-D4-19 changing state from [Roaming] to [802.1x/EAP Auth] (mgmt.c:635)
[ap7632-6F2CC7] 09:00:57.17: eap:sending eap-code-request code 1, type 1 to 00-13-E8-93-D4-19 (eap.c:964)
[ap7632-6F2CC7] 09:00:57.17: eap:sending eap-id-req to 00-13-E8-93-D4-19 (eap.c:993)
[ap7632-6F2CC7] 09:00:57.17: client:transmitting roam notification for 00-13-E8-93-D4-19 (mgmt.c:349)
[ap7632-6F2CC7] 09:00:57.17: client:os-info in credcache for 00-13-E8-93-D4-19 (OS:Unknown/Browser:Unknown/Type:Unknown) (credcache.c:1221)
[ap7632-6F2CC7] 09:00:57.17: client:user-info in credcache for 00-13-E8-93-D4-19 (loyalty_app:0) (credcache.c:1306)
[ap7632-6F2CC7] 09:00:57.54: eap:rx eap-start from 00-13-E8-93-D4-19 (eap.c:655)
[ap7632-6F2CC7] 09:00:57.54: eap:sending eap-code-request code 1, type 1 to 00-13-E8-93-D4-19 (eap.c:964)
[ap7632-6F2CC7] 09:00:57.54: eap:sending eap-id-req to 00-13-E8-93-D4-19 (eap.c:993)
[ap7632-6F2CC7] 09:00:57.64: client:rx deauthentication from 00-13-E8-93-D4-19 on radio 1 (mgmt.c:4043)
[ap7632-6F2CC7] 09:00:57.64: mgmt:rx deauthentication (unspecified error (code:1)) from wireless client 00-13-E8-93-D4-19 on bss DC-B8-08-46-E
[ap7632-6F2CC7] 09:00:57.64: client:wireless client 00-13-E8-93-D4-19 changing state from [802.1x/EAP Auth] to [Roaming] (mgmt.c:635)
[ap7632-6F2CC7] 09:00:57.64: client:starting hold timer for 00-13-E8-93-D4-19 (mgmt.c:703)
[ap7632-6F2CC7] 09:00:57.64: client:update_app_policy_name_to_credcache (credcache.c:1408)
[ap7632-6F2CC7] 09:00:57.64: client:Adding app_policy_name to credcache and sync00-13-E8-93-D4-19 (credcache.c:1409)
[ap7632-6F2CC7] 09:00:57.65: client:Credcache updated with app_policy None, for MU 00-13-E8-93-D4-19 (credcache.c:1423)
[ap7632-6F2CC7] 09:00:57.65: client:cleared packet counters on client 00-13-E8-93-D4-19 (mgmt.c:764)
[ap7632-6F2CC7] 09:00:57.65: client:CHD: chd_stop_mu (chd.c:635)
Any ideas?
Thank you!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā02-06-2020 04:50 PM
I would ensure that the radius policy is ,mapped to the AP (no AP Profile and/or Self config provided). I am assuming that no certificates have been generated.
For Win7 supplicant, you will need to manually configure the profile and ensure under Security/Choose a network authentication method is configure for Microsoft: Protocol EAP (PEAP) and and un-check Validate server certificate. Under Select Authentication Method, ensure Secured password (EAP-MSCHAP-v2) is selected and click on Configure and un-check box (Auto use my Windows logon name and password).
