cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7612
Views
0
Helpful
3
Replies

Clients cannot connect: "Reason:802.1x Authentication failed 3 times. Reas"

jrackelmann
Level 1
Level 1

As of 1:30 yesterday, no clients can authenticate to my LWAPP Access points. I'm getting this message in the trap logs on my 4404:

Client Excluded: MACAddress:00:90:4b:86:23:94 Base Radio MAC :00:17:df:7f:c8:60 Slot: 0 Reason:802.1x Authentication failed 3 times. ReasonCode: 3

And my (MS IAS) RADIUS server has an entry:

Authentication-Type = EAP

EAP-Type = <undetermined>

Reason-Code = 66

Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.

The previous successful entries all refer to PEAP. We restored our WCS server from tape yesterday, but why would that affect the authentication on the 4404? Does anyone have any idea what's going wrong?

1 Accepted Solution

Accepted Solutions

acomiskey
Level 10
Level 10

There should be a line in the server log that says "Policy-Name =". Is it matching the correct remote access policy and if so is PEAP enabled in that policy?

View solution in original post

3 Replies 3

acomiskey
Level 10
Level 10

There should be a line in the server log that says "Policy-Name =". Is it matching the correct remote access policy and if so is PEAP enabled in that policy?

That was it. I had two RADIUS servers configured in the 4404 WLC. For whatever reason, it started using the 2nd one in the list, which I had forgotten to enable PEAP for. Amazing that I went this long withuot realizing the two RADIUS servers weren't identical...

There is a command line syntax which will also allow you to export and import an IAS config to other IAS servers. Then you will be sure they are identical...

http://support.microsoft.com/kb/883619

Review Cisco Networking for a $25 gift card