Re: AAA Authentication Failure for UserName:anonymous User Type:

umar bhatti · ‎07-12-2013

Hello guys,

I am getting above error on my WLC and I've got setting to exclude the client for 20 minutes. After checking in Rogues there are two SSID's whos mac address is causign this.I am not sure why I am getting these logs.

Client Excluded: MACAddress:e0:75:7d:30:75:bb Base Radio MAC :3c:ce:73:9b:72:50 Slot: 1 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4

Rogue AP : 00:14:1b:5b:c9:10 detected on Base Radio MAC : 3c:ce:73:9b:72:50 Interface no:0(802.11b/g) on Channel 6 with RSSI: -87 and SNR: 4 and Classification: unclassified

Also could any one explain what should we do with Rogues Clients. In my case my WLC is detecting all the SSID's around where i am.

Please give me advise on this as I am bit confused.

Thanks for your help and support.

Umar

Scott Fella · ‎07-13-2013

It's probably someone who tried connecting to one of your SSID's and didn't know the login. So now its stored on the device and the device constantly tries to connect.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

umar bhatti · ‎07-14-2013

Hi Scott thanks for the reply. I think I will add these MAC address in to disable clients prbably best thing to do..

Scott Fella · ‎07-14-2013

Yeah thats what I would do until a user complains and then you can figure out who it is.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

George Stefanick · ‎07-14-2013

Do you have Cisco VoIP phones by chance ?

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

umar bhatti · ‎07-15-2013

Not yet but may be soon in the future.

Thanks guys for your help and advices.

Roman Pfeifer · ‎10-08-2015

Hi George,

I have a similar Problem and we use Cisco 7925G phones.

The phones are authenticating via a local user on the WLC. APs are connected via flex connect. a the message log from the wlc I see the following error, wich is from the phones:

AAA Authentication Failure for UserName:anonymous User Type: WLAN USER

therafter I got several messages from a good authentication:

Client Authenticated: MAC Address:f4:cf:e2:aa:8a:06 base Radio MAC:80:e0:1d:bd:0f:20 Slot: 1 User Name:cphone IP Addr:172.20.9.138 SSID:test

do you have any idea?

mohanak · ‎10-08-2015

Local Authentication is designed as a backup authentication system. If any RADIUS servers are configured on the controller, the controller tries to authenticate the wireless clients with the RADIUS servers first. Local Authentication is attempted only if no RADIUS servers are found, either because the RADIUS servers timed out or no RADIUS servers were configured...

Roman Pfeifer · ‎10-09-2015

Thanks for the answer.

We use EAP-Fast with a configured User on the WLC. If you will check the Box from the advanced tab "FlexConnect Local Auth" we have extreme voice problems, even when you are at the same position. The connection breakes down with the message "Authentication failed" on the phone. then you see this messages on the WLC:

AAA Authentication Failure for UserName:anonymous User Type: WLAN USER

Client Authenticated: MAC Address:f4:cf:e2:aa:8a:06 base Radio MAC:80:e0:1d:bd:0f:20 Slot: 1 User Name:cphone IP Addr:172.20.9.138 SSID:test

after a few seconds the phone is connected again and you can go ahead with the call but the same error comes back within a few second / minutes.

when I do uncheck the box then I have this Problems only when de phone roams to the next access point.

does someone has an idea?