cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2871
Views
0
Helpful
4
Replies

801.X through ISE failing on autonomous AP, error "Dynamic key exchange did not succeed within configured time"

nathgregory
Level 1
Level 1

Hi.  We have a 2700 autonomous AP configured to allow domain users to authenticate access to the Wireless Lan.  To connect to the wireless the users enter their username/password or tick the "Use windows credentials" box which prepopulates the fields.  We then get the "unable to connect to network" error.  We have a guest WiFi with WPA2 which works fine by the way.

We use Cisco ISE to authenticate the users which is backed off to our AD servers.  The rules are working, as the radius live logs show passes for both the machine and user.

Debugs on the AP show that it is receiving the "Radius Access Accept" message.  Windows Event Logs show "Wireless 802.1x authentication succeeded." followed by "Dynamic key exchange did not succeed within configured time."

I don't think the AP is timing out, not sure if a Windows issue or something I am doing.  Any help would be appreciated.

4 Replies 4

patoberli
VIP Alumni
VIP Alumni
Do you send any configuration back from the Radius to the AP, like VLAN mappings? If so, make sure the AP has the VLANs configured.

No, nothing returned apart from Access-Accept.

The AP has two VLANS configured though.  The client accesses EAP through an SSID that is set to Vlan 200 which is the normal data (and mgmt) VLAN of the LAN.

Can you compare your configuration with the one from here (last chapter): https://www.networkstraining.com/configuration-of-cisco-wpa2-enterprise-and-personal/
Should still look the same on the 2700 series.

Hi.  We're discussing same issue on my other thread, I've just replied to that :)

Review Cisco Networking for a $25 gift card