01-26-2018 08:40 PM - edited 07-05-2021 08:10 AM
I have configured a guest network that authenticates using the local database in my 2500 series wireless controller. When I login, using the username/password I create, I see a success screen and I get an IP address but am not connected to the internet. (Not able to ping 8.8.8.8). When I look at the recent traps, I see the following corresponding entries:
1080 | Fri Jan 26 18:18:43 2018 | Client Disassociated: MACAddress:45:85:00:b1:14:e4 Base Radio MAC:48:90:a5:cb:9c:80 Slot: 1 User Name: test, Ip Address: 10.20.44.106 Reason:Unspecified ReasonCode: 1 TxPkts: 0l TxBytes: 0l RxPkts: 0l RxBytes: 0l |
1081 | Fri Jan 26 18:18:43 2018 | Client Deauthenticated: MACAddress:45:85:00:b1:14:e4 Base Radio MAC:48:90:a5:cb:9c:80 Slot: 1 User Name: test Ip Address: 10.20.44.106 Reason:Unspecified ReasonCode: 1 |
1082 | Fri Jan 26 18:18:43 2018 | Client Disassociated: MACAddress:45:85:00:b1:14:e4 Base Radio MAC:48:90:a5:cb:9c:80 Slot: 1 User Name: test, Ip Address: 10.20.44.106 Reason:Unspecified ReasonCode: 1 TxPkts: 0l TxBytes: 0l RxPkts: 0l RxBytes: 0l |
1083 | Fri Jan 26 18:18:43 2018 | Client Disassociated: MACAddress:45:85:00:b1:14:e4 Base Radio MAC:48:90:a5:cb:9c:80 Slot: 1 User Name: test, Ip Address: 10.20.44.106 Reason:Unspecified ReasonCode: 1 |
1084 | Fri Jan 26 18:18:42 2018 | Client Association Failure: MACAddress:45:85:00:b1:14:e4 Base Radio MAC:48:90:a5:cb:9c:80 Slot: 1 User Name:test IP Addr: 10.20.44.106 Reason:Authentication rejected because of challenge failure ReasonCode: 15 |
1092 | Fri Jan 26 18:18:09 2018 | User test logged in. Client MAC:45:85:00:b1:14:e4, Client IP:10.20.44.106, AP MAC:48:90:a5:cb:9c:80, AP Name:AP4810.7A70.464A |
1093 | Fri Jan 26 18:18:09 2018 | Client Authenticated: MAC Address:45:85:00:b1:14:e4 base Radio MAC:48:90:a5:cb:9c:80 Slot: 1 User Name:test IP Addr:10.20.44.106 SSID:Guest |
I can't seem to find any information on what "Authentication rejected because of challenge failure ReasonCode: 15" corresponds to.
Thanks for your help.
01-26-2018 11:26 PM
@gyip wrote:
Reason:Authentication rejected because of challenge failure ReasonCode: 15
4-way handshake timeout.
This means that during the initial phase of authentication the wireless client didn't respond or didn't respond within the time frame.
01-26-2018 11:36 PM
01-26-2018 11:43 PM
01-27-2018 12:05 AM
01-27-2018 12:07 AM
01-28-2018 12:55 PM
01-28-2018 05:42 PM
01-29-2018 09:09 PM
I've resolved my issue and just wanted to give everyone my resolution.
As I mentioned above, the authentication traps are indeed correct and show that the client was authenticated. The signs that point me to this conclusion were the fact that the traps show client authenticated (which is identical traps to when you authenticate with radius and any other method successfully) in addition to the web auth success page.
I have a post auth ACL to restrict access of my guest wireless network to internal resources by blocking all private IP address spaces. Because of I have DHCP coming from a server (rather than the wireless controller as the DHCP server), I needed to include the guest wireless network subnet as a permitted address space in the ACL. It seems that the IP address range of the client wasn't implied and I had to explicitly grant access to it. Once I added it, everything works now.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: