cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

964
Views
0
Helpful
6
Replies
Highlighted
Beginner

Virtual Wireless LAN controller Authentication problems

Hi guys,

I'm Hoping someone can help with a big on-going issue we've been experiencing now for the past few months....

Issue: We use a vWLC ( AIR-CTVM-K9 ) which has been working for years just fine. We have about 20 AP's operating in FlexConnect mode. About 4 months ago we upgrade the iOS and two weeks after operating fine all users were unable to connect to the wireless using ([WPA + WPA2][Auth(802.1X + CCKM)]) certificate based off a Server 2012 R2 server.

We obviously thought it was the iOS so we updated to a newer iOS and the issue persisted. Ultimately we decided to go back to the original iOS (7.4.121.0). So unfortunately we're at square one again, as today all users were unable to connect to wireless when they came into the office. (Strangely if you're already connected its fine however people that took their laptop home are unable to re-connect). We are able to resolve it by rebooting the vWLC but I'm certain by this time next week (it usually works for 1 - 2 weeks) it will stop working again...

If anyone can provide some insight it would be greatly appreciated!

I've attached the most recent Syslogs. From what I have seen over the multiple times its occurred the common error is:

AVASYDWLC02: *Dot1x_NW_MsgTask_2: Aug 26 22:29:48.508: #DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication Aborted for client 98:5f:d3:5c:31:fa
AVASYDWLC02: *Dot1x_NW_MsgTask_2: Aug 26 22:29:48.525: #DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:606 Unable to send AAA message for client 98:5f:d3:5c:31:fa

Everyone's tags (2)
6 REPLIES 6
Beginner

Bump

Bump

Hall of Fame Master

The issue you are probably

The issue you are probably seeing is due to having both WPA+WPA2 configured for the WLAN. What I would do is only use WPA2-AES and then push out a GPO to define that encryption only.  If you are not or can't push out a GPO, then you need to define the existing WLAN as WPA2-AES and then create a new WLAN with an ID of 17 or higher.  This new SSID, define the profile name as WPA-TKIP and configure the same SSID name and encryption will be of course WPA-TKIP.  See if that helps. The issue you might be running into is hat some devices have WPA-TKIP defined and the newer code doesn't allow for that anymore.  The best way is to reconfigure the devices or push out the wireless profile via GPO if the end stations are Windows.

-Scott 

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***
Hall of Fame Master

Make sure that your radius

Make sure that your radius isn't the issue also. Maybe restart the radius or review the logs to see if that is an issue.  You can download NTRadPing and test out radius. 

https://thwack.solarwinds.com/thread/14486

-Scott 

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***
Beginner

Thanks for replying Scott!

Thanks for replying Scott!

I'll give the encryption change a go. Out of curiosity, what makes you think that's what causing the problem?

cheers,

Dean 

Hall of Fame Master

I have seen the same

I have seen the same complaints before with my customers.  User would connect, then they wouldn't. User would then roam and sometimes disassociate.  On a device for example, you can one configure a wireless profile to do one type of encryption but on the WLC, you can setup multiple.  It is worth a try and anyways it's good practice to only use one type of encryption method. This keeps troubleshooting simple per say. 

-Scott 

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***
Contributor

Re: Virtual Wireless LAN controller Authentication problems

Just run the controller in  VirtualBox, but simply importing the downloaded .OVA file didn't work straight away. After the import was done, I ended up with a virtual machine configuration, where a bootable image was missing. So I had to untar the  .OVA file by myself:
$ tar xvf AIR-CTVM-K9-8-0-110-0.ova
AS_CTVM_8_0_110_0.ovf
AS_CTVM_8_0_110_0.mf
AS_CTVM_8_0_110_0.vmdk
AS_CTVM_8_0_110_0.iso

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards