cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
570
Views
0
Helpful
4
Replies

Client Authentication dropping....

rtjensen4
Level 4
Level 4

Hi,

I'm having issues with two sites that I'm tasked to support. They are unable to stay connected to the Wireless!

The clients authenticate with a MS Internet Authorization server via Radius, using their machine-name to authenticate on the Domain.

I reloaded the AP last night hoping that would clear up the problem.

I'm seeing the following in the Log of the AP:

Aug 16 16:16:05.337: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0012.f078.33d0 Reason: Sending station has left the BSS

Aug 16 16:23:34.140: %DOT11-4-MAXRETRIES: Packet to client 0012.f078.33d0 reached max retries, removing the client

Aug 16 16:23:34.141: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0012.f078.33d0 Reason: Previous authentication no longer valid

Aug 16 16:24:04.402: %DOT11-7-AUTH_FAILED: Station 0012.f078.33d0 Authentication failed

Aug 17 08:48:26.744: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0002.8abe.3a39 Associated KEY_MGMT[NONE]

Aug 17 08:48:37.522: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0002.8abe.3a39 Reason: Sending station has left the BSS

Aug 17 08:48:40.531: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0002.8abe.3a39 Associated KEY_MGMT[NONE]

Aug 17 08:49:05.721: %DOT11-4-MAXRETRIES: Packet to client 0002.8abe.3a39 reached max retries, removing the client

Aug 17 08:49:05.721: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0002.8abe.3a39 Reason: Previous authentication no longer valid

Radius is configured on the AP as such:

radius-server attribute 32 include-in-access-req format %h

radius-server host <IP> auth-port 1645 acct-port 1646 key 7 <key>

radius-server retransmit 4

radius-server timeout 40

radius-server vsa send accounting

I checked the radius stats on the AP and see that the average latency to the server is 57s with a max of 83ms.

Anyone have any idea what's going on? I'm not really sure what the log entries are telling me. Does somthing need to be investigated with the AP? Is this a client issue maybe? Something that would need to be tweaked on the Radius server? If someone could shed some light on where I should look next, that'd be awesome. Thanks!

4 Replies 4

dsweeny
Level 3
Level 3

Client has passed Raidus server authentication but roams to a different access point due to interfernce from the adjacent access point. Adjust the channel and power setting on the access point such that their coverage cells don't overlap Try to upgrade the firmware of the client.

bkbristlin
Level 1
Level 1

I also had the same problems with one of my AP's. The client uses a Panasonic Toughbook Wireless Display enabling them to view and interact with their desktop from anywhere in the wireless AP's range. The display allows for 4 different profiles to be setup as far as the IP address goes. I recieved the same message when they tried to connect with IP's that were in a completely different range. As soon as I walked them through the steps to use the corect profile I showed them connect right away. Don't know if it helps any but that's my two cents.

Descotes.D
Level 1
Level 1

i bet that even without any radius server to authenticate, you'll have the same disconnexions;)

the clients are authenticated and then deauthenticate, that's why your raidus server config is good, right?

bkbristlin
Level 1
Level 1

I saw the same log entries when a device with the proper settings for the AP tried to connect with an IP that wasn't in the IP range for that location. Meaning the AP was on one subnet and the client trying to connect was on a completely different subnet. I have never used RADIUS though so I don't know if that helps or not.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: