cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1937
Views
11
Helpful
7
Replies

Authentication issue

serjt
Level 1
Level 1

New to the community so if i say something wrong please have some mercy  

Running a virtual WLC on VMWare ESXi, IW3702 AP. Have a couple of clients that are not connecting to my SSID. The WLC logs show this:

*Dot1x_NW_MsgTask_0: May 11 16:24:49.676: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:749 Client XX:XX:XX:XX:XX:40 may be using an incorrect PSK
*Dot1x_NW_MsgTask_0: May 11 16:24:49.676: %APF-6-MOBILE_EXCLUDED: apf_ms.c:7032 Excluded the mobile XX:XX:XX:XX:XX:40 Reason: "802.1X Failure"

We're not using the Radius server authentication therefore it's strange that i see 802.1X auth even mentioned. 

Would this mean that the client tries to use the 802.1X authentication and obviously fails? Or is there some other meaning for "802.1X Failure"?

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

what WLC congtroller ? i mean code runnning (is this WLC 9800 ?), how is user authenticate using PSK ?

 

some troubleshoot messages :

 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-2/message/guide/sysmsg/dot1d_dot1q_dot1x_dot3ad_msgs8.html

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Cisco vWLC AireOS 8.5.151

User uses WPA2-PSK.

i'll look into the troubleshooting messages linked above.

thanks.

is this issue with only 1 device all the devices ?

 

1. i will also do other side, update the latest drivers at client end

2. make sure PSK entered as expected or configured.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

So far I've seen this happening with 2 users out of many. The client is not supposed to use 802.1X as they requested for PSK which we followed in WLC. I'm surprised to see 802.1X Failure in the logs.

Unfortunately i don't have any way to get the client's logs, that would've been helpful i guess in order to see the whole picture.

if only 2 users, i go more looking end point what is that user device ? compare to others ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Can we see L2 security config for this WLAN?
what are these two client OS ?

Hi

  Run "debug client 'mac address' and share the output.  Looking the log seems that the client tried to authenticate using radius. You can also check the client to see how is it configured.

 

 For clients windows a good command would be "netsh wlan show interfaces" and "netsh wlan show networks"

Review Cisco Networking for a $25 gift card