Hi George, yes the laptop

redrobish · ‎08-29-2014

Hi Experts,

We got WLCs (5508 and 2504) and got Corporate enterprise wireless WLAN. We got this issue that the client been prompted with a "Additional information is required to connect to (network name/ssid). We are using Radius which is already set to 10 days user time outs and adjusted all the timers (session timeouts/user timeouts,idle timeouts,etc) in the WLC but doesn't help. Debug show reauthentication still happening...

Anyway to remove this "Additional information is required to connect to" prompt for our WIn7 laptops?

Tia

Leo Laohoo · ‎08-29-2014

This usually means the username/password is incorrect.

Can you please try with an OPEN authentication and using the same wireless client. If this works, then start cranking up the encryption and security until you break stuff.

What is your authentication server? If it's MS AD, then look at the Event Logs.

redrobish · ‎08-29-2014

Sorry forgot to mention that this happens after successfull login then when roaming, this reauhtnetication appears so it's working fine just this reauthentication thing. Assuming it's out of signal, when in range it should connect back automatically as the laptop is setup to otp so it should remember the username/pass. So wanted to get rid of this prompt. Anyone have encountered this? Tia

Leo Laohoo · ‎08-30-2014

Ok, so you login fine. Roams and when the signal cuts (maybe the APs are too far apart) the wireless clients re-authenticate again?

Again, I'd check with your MS AD Event Logs. This will provide several clues as to why this is happening.

Would also be nice if you can disclose the version of firmware your WLC is running on.

redrobish · ‎08-30-2014

Thnx Leo for the help so far

The AP are close to each other so I don't think it's the issue.

we have 7.3.101 firmware.

unfortunately there's another team who manage our radius server so can't check but they keep saying their end is fine.

thnx again

George Stefanick · ‎08-30-2014

If radios don't support okc, PMK cache, 802.11r and so on as they roam from ap to ap they do FULL 802.1X Auths. Perhaps when it's roaming from ap to ap this is happening .. Is the user ID and password saved on the devices ? It sounds like a client issue to me ..

What is the client and supplicant being used ..

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

redrobish · ‎08-30-2014

Hi George, yes the laptop/supplicant keeps the id/pass and it supports pmk cache. strange when I adjusted when adjusted the registry on the laptop, still getting the prompt (which will be gone eventually) but when I’m back on the Wifi range, then I’m back to the network too (no need to enter the credentials)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet , on EnableActiveProbing, Changed value to 0.

but we wanted to get rid of this prompt after the first successfull login of course and connect automatically.

@ Leo, what's in the 7.6 firmware?does 7.3 have bug on related to this issue?

tia

Scott Fella · ‎08-30-2014

In version 7.X, all the odd code versions have been deferred. v7.4.121.0 and v7.6.130.0 are good code version to go with. I don't think that will fix your issue as it might be your radius timers you guy's are setting or maybe if you have multiple radius servers, they are using different certificates, which is an issue... need to be the same.

Scott

-Scott
*** Please rate helpful posts ***

Leo Laohoo · ‎08-30-2014

7.3 firmware? Hmmm ... Can you upgrade to 7.6.130.0 and try again?

Abhishek Abhishek · ‎09-03-2014

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/108501-webauth-tshoot.html

Additional information is required to connect to?