03-29-2022 02:39 AM - edited 03-29-2022 02:52 AM
Dears,
need help with windows 10 clients trying to connect SSID using AD authentication not working
03-29-2022 03:18 AM
Hi,
Go through these:
Regards
Dont forget to rate helpful posts
03-29-2022 03:31 AM - edited 03-29-2022 03:32 AM
I saw some informations on the log that called my attention and I´d like you to take a look:
site 'default-group', interface 'savc-guest-interface'
Assigning flex webauth ACL ID :65535 for vlan : 8
Does the interface for this SSID is named guest for some reason or it is intended to be guest network? Also, take care with default group. It may trick you on some things like WLAN ID, for example. Ideally, avoid use it.
But, you problem is related to this log:
Processing Access-Reject for mobile 00:28:f8:d3:13:cd
Entering Backend Auth Failure state (id=-1) for mobile 00:28:f8:d3:13:cd
And for that, you need to look at the Authenticion server. There might be the answer on why client had been refused. It can be wrong certificate, wrong credentials and so on and so forth.
The fact is, whatever it might be, the answers is on the authentication server or on the client.
03-29-2022 03:48 AM - edited 03-29-2022 03:50 AM
- Below you will find the output of your debug file when processed by : https://cway.cisco.com/tools/WirelessDebugAnalyzer/ , you may want to disabled fast roaming (for a test) , check if that can help. And since the radius error , check the radius server logs too
M.
TimeTaskTranslated
Mar 29 12:44:40.967 | *apfMsConnTask_7 | Client made new Association to AP/BSSID BSSID 84:f1:47:c5:58:e8 AP 3F-AP4-Corridor4 |
Mar 29 12:44:40.967 | *apfMsConnTask_7 | The Reassociation Request from the client comes with 0 PMKID |
Mar 29 12:44:40.967 | *apfMsConnTask_7 | The Reassociation Request from the client comes with 0 PMKID |
Mar 29 12:44:40.967 | *apfMsConnTask_7 | Client is entering the 802.1x or PSK Authentication state |
Mar 29 12:44:40.967 | *apfMsConnTask_7 | Client has successfully cleared AP association phase |
Mar 29 12:44:40.967 | *apfMsConnTask_7 | WLC/AP is sending an Association Response to the client with status code 0 = Successful association |
Mar 29 12:44:40.972 | *Dot1x_NW_MsgTask_5 | Client will be required to Reauthenticate in 1800 seconds |
Mar 29 12:44:40.972 | *Dot1x_NW_MsgTask_5 | WLC/AP is sending EAP-Identity-Request to the client |
Mar 29 12:44:40.992 | *Dot1x_NW_MsgTask_5 | WLC/AP is sending EAP-Identity-Request to the client |
Mar 29 12:45:10.084 | *Dot1x_NW_MsgTask_5 | Client sent EAP-Identity-Response to WLC/AP |
Mar 29 12:45:10.087 | *Dot1x_NW_MsgTask_5 | RADIUS Server denied access |
Mar 29 12:45:14.946 | *Dot1x_NW_MsgTask_5 | WLC/AP is sending EAP-Identity-Request to the client |
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide