Client failed EAP authentication with following reason: Cred failed

thuy.hoang · ‎06-07-2023

Hello Friends,

I have a WLC C9800 with the Local EAP configuration, but when the client with the local account, it shows Unable to connect.

I did some troubleshooting and found this logging:

2023/06/07 14:17:33.484807549 {wncd_x_R0-0}{1}: [errmsg] [15175]: (note): %DOT1X-5-FAIL: R0/0: wncd: Authentication failed for client (f8e9.4eae.ac0f) with reason (Cred Fail) on Interface capwap_90000005 AuditSessionID 03FA5D0A0000006C96384712 Username: user1
2023/06/07 14:17:33.484816399 {wncd_x_R0-0}{1}: [auth-mgr] [15175]: (info): [f8e9.4eae.ac0f:capwap_90000005] Authc failure from Dot1X, Auth event fail
2023/06/07 14:17:33.484824401 {wncd_x_R0-0}{1}: [auth-mgr] [15175]: (info): [f8e9.4eae.ac0f:capwap_90000005] Method dot1x changing state from 'Running' to 'Authc Failed'

I already see a post with the same issue as link below but not resolved

https://community.cisco.com/t5/wireless/wlc-9800-local-eap-authentication-failed-for-client/td-p/4420304

Is there anyone have a experience on that?

Thanks much.

Leo Laohoo · ‎06-07-2023

What is the model of the AP?

What is the firmware of the controller?

Is the AP local or FLEX?

thuy.hoang · ‎06-07-2023

Hi Leo,

AP model: 2802i

WLC version: 17.09.03

AP is now in FLEX mode.

Thanks much.

Leo Laohoo · ‎06-07-2023

Could either be CSCwc48042 or CSCvt38486.

thuy.hoang · ‎06-07-2023

Hi Leo,

Thanks for your advice.

I have look to those bugs detail but it looks not the same with our issue.

Rich R · ‎06-10-2023

Have you checked your WLC config using output from "show tech wireless" at https://cway.cisco.com/wireless-config-analyzer/ ?
Have you followed https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/215026-local-eap-authentication-on-catalyst-980.html and checked that you did not miss any steps or config?
Also https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/config-guide/b_wl_17_9_cg/local-extensible-auth-protocol.html
Have you reviewed the best practice guide (below)?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

ChrisStegner · ‎06-23-2023

Have you gotten anywhere with this? I am having the exact same issue.

However, some additional detail... it used to work..

I have users attempting to connect with Iphones that get this error, but laptops on the same SSID work just fine.

I am guessing there was an IOS upgrade that killed this...

Leo Laohoo · ‎06-23-2023

What is the model of the AP?

What is the firmware of the controller?

Is the AP local or FLEX?

ChrisStegner · ‎06-23-2023

AP is C9130AXI-B
Firmware 17.6.4
Local

It lines up very well with the bugs that you noted above. But it is odd to me that it is just the IOS devices that are having the issue not the Windows boxes.

Leo Laohoo · ‎06-23-2023

Upgrade to 17.9.3 and try again.

fabiano.dantas · ‎07-12-2023

Hello Friends

I have this same problem, but with a particularity

-------------------

My Environment

WLC version: 17.09.03

AP model: 9120

AP in FLEX mode.

--------------------

The networks wireless it's run normaly with all devices on company.

Just doesn't work with laptops from HP.

Notebook HP 240 G7

The logs is similar from colleagues here.

anybody had problem similar?

fabiano.dantas · ‎07-12-2023

Hello Friends,

I have this same problem, but with a particularity

-------------------
My environment

WLC version: 17.09.03

AP model: 9120

AP in FLEX mode.

--------------------

The networks wireless it's run normaly with all devices on company.

Just doesn't work with laptops from HP, Notebook HP 240 G7.

The logs is similar from colleagues here.

anybody had problem similar?

Leo Laohoo · ‎07-12-2023

What is the exact model of the wireless NIC and what is the wireless NIC driver?

Unsure? Use the command "netsh wlan show drivers" and look at the top five lines.

zachhoiberg · ‎07-18-2023

We have two devices, both with similar drivers and card models, that are experiencing this issue.

Interface name: Wi-Fi

Driver : Intel(R) Dual Band Wireless-AC 7260
Vendor : Intel Corporation
Provider : Intel
Date : 4/29/2019
Version : 18.33.17.1
INF file : oem13.inf
Type : Native Wi-Fi Driver
Radio types supported : 802.11b 802.11g 802.11n 802.11a 802.11ac
FIPS 140-2 mode supported : Yes
802.11w Management Frame Protection supported : Yes
Hosted network supported : Yes
Authentication and cipher supported in infrastructure mode:
Open None
Open WEP-40bit
Open WEP-104bit
Open WEP
WPA-Enterprise TKIP
WPA-Enterprise CCMP
WPA-Personal TKIP
WPA-Personal CCMP
WPA2-Enterprise TKIP
WPA2-Enterprise CCMP
WPA2-Personal TKIP
WPA2-Personal CCMP
Open Vendor defined
Vendor defined Vendor defined
Authentication and cipher supported in ad-hoc mode:
Open None
Open WEP-40bit
Open WEP-104bit
Open WEP
WPA2-Personal CCMP
IHV service present : Yes
IHV adapter OUI : [00 80 86], type: [00]
IHV extensibility DLL path: C:\WINDOWS\System32\IWMSSvc.dll
IHV UI extensibility ClSID: {1bf6cb2d-2ae0-4879-a7aa-a75834fbd0e3}
IHV diagnostics CLSID : {00000000-0000-0000-0000-000000000000}
Wireless Display Supported: Yes (Graphics Driver: Yes, Wi-Fi Driver: Yes)

Interface name: Wi-Fi

    Driver                    : Intel(R) Wireless-N 7260
    Vendor                    : Intel Corporation
    Provider                  : Intel
    Date                      : 9/3/2018
    Version                   : 18.33.14.3
    INF file                  : oem12.inf
    Type                      : Native Wi-Fi Driver
    Radio types supported     : 802.11b 802.11g 802.11n
    FIPS 140-2 mode supported : Yes
    802.11w Management Frame Protection supported : Yes
    Hosted network supported : Yes
    Authentication and cipher supported in infrastructure mode:
                                Open            None
                                Open            WEP-40bit
                                Open            WEP-104bit
                                Open            WEP
                                WPA-Enterprise TKIP
                                WPA-Enterprise CCMP
                                WPA-Personal    TKIP
                                WPA-Personal    CCMP
                                WPA2-Enterprise TKIP
                                WPA2-Enterprise CCMP
                                WPA2-Personal   TKIP
                                WPA2-Personal   CCMP
                                Open            Vendor defined
                                Vendor defined Vendor defined
    Authentication and cipher supported in ad-hoc mode:
                                Open            None
                                Open            WEP-40bit
                                Open            WEP-104bit
                                Open            WEP
                                WPA2-Personal   CCMP
    Wireless Display Supported: Yes (Graphics Driver: Yes, Wi-Fi Driver: Yes)

The first result is the most up to date drivers for that WiFi card, the second seems to be the default Windows will grab for the card.

Leo Laohoo · ‎07-18-2023

@zachhoiberg wrote:
Driver : Intel(R) Dual Band Wireless-AC 7260
Version : 18.33.17.1

The wireless NIC driver is ancient. Please update it. The latest driver can be found HERE.

NOTE: Intel 7260 is already EoS/EoL so Intel (like any technology company) deletes all documentation and files (including drivers) from the public once EoS date has been reached. The product DN2820FY and AC 7260 are the same. Installing the wireless NIC driver for the DN2820FY into a laptop with 7260 should be fine.