WLC 5520,220.127.116.11,AP2802, Dell 7490 (Windows witct corporate certificate)
There are more than 100 points in total, the accident appears at different points at different times. Clients periodically can’t connect to the SSID with 802.1x protocol on one of the points.
- can connect to the SSID with 802.1x at other points
- can connect to the another SSID (with PSK) at the same point
Reloading the point temporarily helps, but then the problem appears on another point.
the command "debug client 7C:2A:31:XX:XX:XX" gives output on the controller only if the client connects to the network with a PSK. If the client connects to the network with a 802.1X, then there is no output on the controller.
Have a sanity check of your controller configuration with https://cway.cisco.com/tools/WirelessAnalyzer/ ,
further more use the https://cway.cisco.com/tools/WirelessDebugAnalyzer/ for client debugging (e.g)
1. I don’t touch the configuration analysis yet, because the accident is temporary and occurs after a reboot point
2. during an accident, the command "debug client XX.XX." on the WLC does not output anything, and its output on the point is not analyzed by this link (https://cway.cisco.com/wireless-debug-analyzer/) (input file AP_TEST - I just did a test - I clicked delete on a regular client)
>1. I don’t touch the configuration analysis yet, because the accident is temporary
Poor argument , you should do the reverse and take the configuration analysis
regarding 802.1 only found this, but I think this is not what I'm looking for
1. First, problems with 802.1x started, and then they just started to apply a profile with a PSK
2. access points are always different, so I don’t think about them
3. when trying to connect manually, the user sees "checking network properties", i.e. no jumps to other places
I tried the command "debug client XX.XX.XX" on WLC during the accident. When connected to a network with a PSK, information is displayed. When connected to a network with a 802.1x, there is nothing in the output of the controller. Information does not even reach the radius server.
I don’t think that our client is to blame, because:
if you go to another point, then the client connects via 802.1x
if you reboot this point, then the client will also connect via 802.1x