PC's Becoming Blacklisted

shane.clark2 · ‎09-13-2013

Cisco Any Connect 3.0.3054

5508 WLC running 7.4

AP Type 1142

PC Windows 7

We have begun to have issues where PC's that are logged off are attempting and failing to authenticate to the wireless and becoming blacklisted.

If users don't have a cached account on the PC's, they're unable to log in to the device. We're forced to either plug the device in hardwire, or have a user that does have a cached account log in, then have the other user log on before the PC is blacklisted again.

Has anyone else experienced the issue?

Stephen Rodriguez · ‎09-13-2013

For the users that do not have cached accounts, you can fix that by doing machine authenticaiton. By doing machine auth, the laptop is on the network prior to the user attempting to login.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

shane.clark2 · ‎11-22-2013

Is there a way to stop a PC from trying to do client authentication? I'm not sure why only some PC's are doing this, but it seems to only affect windows 7, and only a few devices. They are all running the same image and are all in the same container in AD.

If no way to stop a device from attempting client authetication, can you provide some links for setting up the machine authetication?

We keep seeing this error in NCS:

Client '80:9b:20:c5:fe:d8 (0.0.0.0)' which was associated with interface '802.11b/g/n' of AP 'NWB-FL1B-AP14' is excluded. The reason code is '4(802.1X Authentication failed 3 times.)'.

kaaftab · ‎11-22-2013

kindly check the following links

https://supportforums.cisco.com/message/3955348

http://jackstromberg.com/2013/05/tutorial-802-1x-authentication-via-wifi-active-directory-network-policy-server-cisco-wlan-group-policy/