Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1230
Views
5
Helpful
3
Replies

iPad AAA Authentication Failure

Go to solution
jspobuk
Frequent Visitor
Frequent Visitor

‎04-25-2022 08:03 PM

Hello, 

I setup a WLAN on a vWLC to not use any security, and the iPad can connect wirelessly to my network.

 

I changed the security to be WPA2+WPA3 using our existing RADIUS server, and now the iPad doesn't connect properly.  The message I get in the vWLC trap log is:

"AAA Authentication Failure for Client MAC: XX:XX:XX:XX:XX:XX, Username:XXXXX, User Type:WLAN USER, Reason: Authentication failed"

 

There is a client listed on the vWLC Monitor page, and it is the right MAC address.  However, the IP address is shown as 0.0.0.0 whereas the iPad has the IP address as a static entry.

 

The iPad shows a checkmark by the Wifi Network with privacy warning (i turned off private wifi address option)

 

I can't ping the iPad from the network side.

 

I can't go to webpages on iPad that I should be able to get to when on the network.

 

Network is isolated industrial network without internet access.

 

I setup iPad profile configuration with iPhone Configuration Utility, installed root certificate on iPad.

 

I don't see any Event Log events on the server hosting the RADIUS, not sure if i am looking in the right place?  Looked at all Windows Logs and Server Role logs.

 

Sorry for the long post.  Any help with any part of the process is appreciated.

 

Thank you, 

John

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jspobuk
Frequent Visitor
Frequent Visitor

‎04-27-2022 07:33 PM

Update:  I found that the reason I didn't have RADIUS events in the event log was because I didn't have Audit Network Policy Server properties configured.  Once I configured it for Success and Failure events I was able to see the failed event in the Security log.  The problem was my authentication was not matching my Network Policy, so I had to change that and it worked.

 

Thank you for the responses.

 

-John

View solution in original post

3 Replies 3

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame

‎04-25-2022 11:33 PM

 

               - What's in the radius-server authenticating logs for that particular authentication ?

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

Go to solution
Flavio Miranda
VIP
VIP

‎04-26-2022 02:45 AM

Try to use only WPA2 instead WPA2+WPA3. Probably the client is not associanting the network due encryption problem and that´s why you are not seing authentication logs on radius server.

 

0 Helpful

Go to solution
jspobuk
Frequent Visitor
Frequent Visitor

‎04-27-2022 07:33 PM

Update:  I found that the reason I didn't have RADIUS events in the event log was because I didn't have Audit Network Policy Server properties configured.  Once I configured it for Success and Failure events I was able to see the failed event in the Security log.  The problem was my authentication was not matching my Network Policy, so I had to change that and it worked.

 

Thank you for the responses.

 

-John

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card