cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
29003
Views
3
Helpful
21
Replies

802.1x authentication on PSK key mgmt?

danletkeman
Level 1
Level 1

Hello,

I'm setting up a new 5508 WLC (the first wlc I have ever setup) and I have my WLAN setup with our existing WPA/TKIP ssid for transitioning our clients from our existing autonomous system to the wlc. I have selected PSK as the key mgmt and I can get the client's to connect for a few minutes but I keep seeing these errors:

Fri Aug 21 08:50:05 2009 Client Excluded: MACAddress:00:21:00:f9:dd:50 Base Radio MAC :00:23:eb:27:e3:b0 Slot: 1 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4

I don't have nor do I want 802.1x enabled. Is there something I need to disable either on the client or the controller?

Thanks.

Dan.

21 Replies 21

I fixed the problem a while ago with a restart of the controller. I had never restarted it after the initial bootup.

Lukasz.Slemp
Level 1
Level 1

Hey,

I have same problem with Cisco 2100 Series WLC on software version 7.0.98.0.

I get a lot of error messages in Log Monitor which look like these:

0Thu Dec 9 09:00:28 2010Client Excluded: MACAddress:(..................) Base Radio MAC :(..................) Slot: 0 User Name: unknown Ip Address: (..................) Reason:802.1x Authentication failed 3 times. ReasonCode: 4
1Thu Dec 9 08:57:09 2010Interference Profile Failed for Base Radio MAC: (..................) and slotNo: 0
2Thu Dec 9 08:53:43 2010Client Excluded: MACAddress:(..................) Base Radio MAC :(..................) Slot: 0 User Name: unknown Ip Address: (..................) Reason:802.1x Authentication failed 3 times. ReasonCode: 4
3Thu Dec 9 07:57:15 2010Client Excluded: MACAddress:(..................) Base Radio MAC :(..................) Slot: 0 User Name: unknown Ip Address: (..................) Reason:802.1x Authentication failed 3 times. ReasonCode: 4
4Thu Dec 9 07:54:10 2010Client Excluded: MACAddress:(..................) Base Radio MAC :(..................) Slot: 0 User Name: unknown Ip Address: (..................) Reason:802.1x Authentication failed 3 times. ReasonCode: 4
5Thu Dec 9 07:50:42 2010Client Excluded: MACAddress:(..................) Base Radio MAC :(..................) Slot: 0 User Name: unknown Ip Address: (..................) Reason:802.1x Authentication failed 3 times. ReasonCode: 4

I'm not using 802.X authentication, it's just WPA/TKIP ...not even WPA2/AES. Each client gets disconnected few times per day. Auth fails like you see above, but for the most time connection just works. Not as good as I'd want it to, but it works, somehow.

I have also set up two WLANS for other devices like printers etc - it works just fine. I mean - no errors, no disconnects, it works perfectly, but why the hell is WPA not working?!

Second bigger problem is that every computer connected via WIFI is loosing one ping packet every minute. I have WLC -> 7 x AP -> End devices.

Everything till AP's is connected via ethernet, then it's wifi connection. When I'm pinging WLC or AP's from lan connected PC it works fine, but when I'm pinging wifi connected end devices (6 pc's) - each one is loosing one packet in exact, same time - every minute.

When I'm doing the same but from second side - wifi connected pc pinging AP's, WLC, lan pc - I loose one ping packet to each device including AP, WLC, other end devices.

It's definately fault in WLC configuration because I loose these packetes on AP's <-> WIFI devices. Any idea, any clue? I'm not sure which setting is responsible for that.

Thanks in advance for any hints, suggestions.

Regards,

Łukasz

use wpa aes or try the below change to see if that make any difference

disable client exclusion

disable tkip countermeasure

George Stefanick
VIP Alumni
VIP Alumni

I have a similar issue on 7.0.98.0 / 5508.

Version 7.0.98.0 / 5508- WPA/TKIP psk doesn't work

Version 7.0.98.0 / 5508- WPA2/AES psk works

downgraded to 6.0.199.0

Version 7.0.98.0 / 5508- WPA/TKIP psk works

Version 7.0.98.0 / 5508- WPA2/AES psk works


upgraded back to 7.0.98.0

Version 7.0.98.0 / 5508- WPA/TKIP psk doesn't work

Version 7.0.98.0 / 5508- WPA2/AES psk works


I called TAC and they mentioned there was no known issues. Although I have not had a chance to work with them on the issue.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Hello all.

Right now I am facing the same issue described here. My controller is running software version 7.2.103.0.

Did you manage to find a cause for this failure and/or a solution for it?

Thanks!!!

Does the issue happen with all your clients or certain client?

Did you verify the driver version of your wireless adapter? make sure to have it updated to the latest firmware version.

Buenas tardes; Yo tambien tengo el mismo inconveniente, y cuando pongo REMOVE solo se remueve por unos segundos, despues regresa al grupo EXCLUDED CLIENTS, de igual forma he hecho DISABLE, y del grupo DISABLE he hecho REMOVE, pero se excluye nuevamente.

adjunto el mensaje de error.

Client Excluded: MACAddress:9c:b7:0d:2a:5f:cf Base Radio MAC :f4:ea:67:c1:57:10 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4

Gracias.

Knut Axel Osorio Alayo ======================== Profesional en Redes y Comunicaciones de Datos
Review Cisco Networking for a $25 gift card