Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
553
Views
5
Helpful
3
Replies

iPad AAA Authentication Failure

Go to solution
jspobuk
Level 1
Level 1

‎04-25-2022 08:03 PM

Hello, 

I setup a WLAN on a vWLC to not use any security, and the iPad can connect wirelessly to my network.

 

I changed the security to be WPA2+WPA3 using our existing RADIUS server, and now the iPad doesn't connect properly.  The message I get in the vWLC trap log is:

"AAA Authentication Failure for Client MAC: XX:XX:XX:XX:XX:XX, Username:XXXXX, User Type:WLAN USER, Reason: Authentication failed"

 

There is a client listed on the vWLC Monitor page, and it is the right MAC address.  However, the IP address is shown as 0.0.0.0 whereas the iPad has the IP address as a static entry.

 

The iPad shows a checkmark by the Wifi Network with privacy warning (i turned off private wifi address option)

 

I can't ping the iPad from the network side.

 

I can't go to webpages on iPad that I should be able to get to when on the network.

 

Network is isolated industrial network without internet access.

 

I setup iPad profile configuration with iPhone Configuration Utility, installed root certificate on iPad.

 

I don't see any Event Log events on the server hosting the RADIUS, not sure if i am looking in the right place?  Looked at all Windows Logs and Server Role logs.

 

Sorry for the long post.  Any help with any part of the process is appreciated.

 

Thank you, 

John

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jspobuk
Level 1
Level 1

‎04-27-2022 07:33 PM

Update:  I found that the reason I didn't have RADIUS events in the event log was because I didn't have Audit Network Policy Server properties configured.  Once I configured it for Success and Failure events I was able to see the failed event in the Security log.  The problem was my authentication was not matching my Network Policy, so I had to change that and it worked.

 

Thank you for the responses.

 

-John

View solution in original post

3 Replies 3

Go to solution
marce1000
VIP
VIP

‎04-25-2022 11:33 PM

 

               - What's in the radius-server authenticating logs for that particular authentication ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Flavio Miranda
VIP
VIP

‎04-26-2022 02:45 AM

Try to use only WPA2 instead WPA2+WPA3. Probably the client is not associanting the network due encryption problem and that´s why you are not seing authentication logs on radius server.

 

0 Helpful

Go to solution
jspobuk
Level 1
Level 1

‎04-27-2022 07:33 PM

Update:  I found that the reason I didn't have RADIUS events in the event log was because I didn't have Audit Network Policy Server properties configured.  Once I configured it for Success and Failure events I was able to see the failed event in the Security log.  The problem was my authentication was not matching my Network Policy, so I had to change that and it worked.

 

Thank you for the responses.

 

-John

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card