Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1772
Views
0
Helpful
4
Replies

801.X through ISE failing on autonomous AP, error "Dynamic key exchange did not succeed within configured time"

nathgregory
Level 1
Level 1

‎05-16-2019 11:08 AM - edited ‎07-05-2021 10:24 AM

Hi.  We have a 2700 autonomous AP configured to allow domain users to authenticate access to the Wireless Lan.  To connect to the wireless the users enter their username/password or tick the "Use windows credentials" box which prepopulates the fields.  We then get the "unable to connect to network" error.  We have a guest WiFi with WPA2 which works fine by the way.

We use Cisco ISE to authenticate the users which is backed off to our AD servers.  The rules are working, as the radius live logs show passes for both the machine and user.

Debugs on the AP show that it is receiving the "Radius Access Accept" message.  Windows Event Logs show "Wireless 802.1x authentication succeeded." followed by "Dynamic key exchange did not succeed within configured time."

I don't think the AP is timing out, not sure if a Windows issue or something I am doing.  Any help would be appreciated.

Labels:
0 Helpful
4 Replies 4

patoberli
VIP Alumni
VIP Alumni

‎05-17-2019 06:50 AM

Do you send any configuration back from the Radius to the AP, like VLAN mappings? If so, make sure the AP has the VLANs configured.
0 Helpful

nathgregory
Level 1
Level 1
In response to patoberli

‎05-17-2019 06:55 AM

No, nothing returned apart from Access-Accept.

The AP has two VLANS configured though.  The client accesses EAP through an SSID that is set to Vlan 200 which is the normal data (and mgmt) VLAN of the LAN.

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to nathgregory

‎05-17-2019 07:31 AM

Can you compare your configuration with the one from here (last chapter): https://www.networkstraining.com/configuration-of-cisco-wpa2-enterprise-and-personal/
Should still look the same on the 2700 series.
0 Helpful

nathgregory
Level 1
Level 1
In response to patoberli

‎05-17-2019 07:49 AM

Hi.  We're discussing same issue on my other thread, I've just replied to that :)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card