Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7611
Views
0
Helpful
3
Replies

Clients cannot connect: "Reason:802.1x Authentication failed 3 times. Reas"

Go to solution
jrackelmann
Level 1
Level 1

‎09-11-2007 08:44 AM - edited ‎07-03-2021 02:36 PM

As of 1:30 yesterday, no clients can authenticate to my LWAPP Access points. I'm getting this message in the trap logs on my 4404:

Client Excluded: MACAddress:00:90:4b:86:23:94 Base Radio MAC :00:17:df:7f:c8:60 Slot: 0 Reason:802.1x Authentication failed 3 times. ReasonCode: 3

And my (MS IAS) RADIUS server has an entry:

Authentication-Type = EAP

EAP-Type = <undetermined>

Reason-Code = 66

Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.

The previous successful entries all refer to PEAP. We restored our WCS server from tape yesterday, but why would that affect the authentication on the 4404? Does anyone have any idea what's going wrong?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
acomiskey
Level 10
Level 10

‎09-11-2007 09:25 AM

There should be a line in the server log that says "Policy-Name =". Is it matching the correct remote access policy and if so is PEAP enabled in that policy?

View solution in original post

0 Helpful
3 Replies 3

Go to solution
acomiskey
Level 10
Level 10

‎09-11-2007 09:25 AM

There should be a line in the server log that says "Policy-Name =". Is it matching the correct remote access policy and if so is PEAP enabled in that policy?

0 Helpful

Go to solution
jrackelmann
Level 1
Level 1
In response to acomiskey

‎09-11-2007 10:23 AM

That was it. I had two RADIUS servers configured in the 4404 WLC. For whatever reason, it started using the 2nd one in the list, which I had forgotten to enable PEAP for. Amazing that I went this long withuot realizing the two RADIUS servers weren't identical...

0 Helpful

Go to solution
acomiskey
Level 10
Level 10
In response to jrackelmann

‎09-11-2007 11:17 AM

There is a command line syntax which will also allow you to export and import an IAS config to other IAS servers. Then you will be sure they are identical...

http://support.microsoft.com/kb/883619

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card