08-29-2014 04:14 PM - edited 07-05-2021 01:28 AM
Hi Experts,
We got WLCs (5508 and 2504) and got Corporate enterprise wireless WLAN. We got this issue that the client been prompted with a "Additional information is required to connect to (network name/ssid). We are using Radius which is already set to 10 days user time outs and adjusted all the timers (session timeouts/user timeouts,idle timeouts,etc) in the WLC but doesn't help. Debug show reauthentication still happening...
Anyway to remove this "Additional information is required to connect to" prompt for our WIn7 laptops?
Tia
08-29-2014 05:42 PM
This usually means the username/password is incorrect.
Can you please try with an OPEN authentication and using the same wireless client. If this works, then start cranking up the encryption and security until you break stuff.
What is your authentication server? If it's MS AD, then look at the Event Logs.
08-29-2014 11:46 PM
Sorry forgot to mention that this happens after successfull login then when roaming, this reauhtnetication appears so it's working fine just this reauthentication thing. Assuming it's out of signal, when in range it should connect back automatically as the laptop is setup to otp so it should remember the username/pass. So wanted to get rid of this prompt. Anyone have encountered this? Tia
08-30-2014 02:27 AM
Ok, so you login fine. Roams and when the signal cuts (maybe the APs are too far apart) the wireless clients re-authenticate again?
Again, I'd check with your MS AD Event Logs. This will provide several clues as to why this is happening.
Would also be nice if you can disclose the version of firmware your WLC is running on.
08-30-2014 06:25 AM
Thnx Leo for the help so far
The AP are close to each other so I don't think it's the issue.
we have 7.3.101 firmware.
unfortunately there's another team who manage our radius server so can't check but they keep saying their end is fine.
thnx again
08-30-2014 07:13 AM
If radios don't support okc, PMK cache, 802.11r and so on as they roam from ap to ap they do FULL 802.1X Auths. Perhaps when it's roaming from ap to ap this is happening .. Is the user ID and password saved on the devices ? It sounds like a client issue to me ..
What is the client and supplicant being used ..
08-30-2014 03:59 PM
Hi George, yes the laptop/supplicant keeps the id/pass and it supports pmk cache. strange when I adjusted when adjusted the registry on the laptop, still getting the prompt (which will be gone eventually) but when I’m back on the Wifi range, then I’m back to the network too (no need to enter the credentials)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet , on EnableActiveProbing, Changed value to 0.
but we wanted to get rid of this prompt after the first successfull login of course and connect automatically.
@ Leo, what's in the 7.6 firmware?does 7.3 have bug on related to this issue?
tia
08-30-2014 04:05 PM
In version 7.X, all the odd code versions have been deferred. v7.4.121.0 and v7.6.130.0 are good code version to go with. I don't think that will fix your issue as it might be your radius timers you guy's are setting or maybe if you have multiple radius servers, they are using different certificates, which is an issue... need to be the same.
Scott
08-30-2014 07:44 AM
7.3 firmware? Hmmm ... Can you upgrade to 7.6.130.0 and try again?
09-03-2014 06:55 PM
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/108501-webauth-tshoot.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide