10-23-2012 06:53 AM - edited 07-03-2021 10:54 PM
hello,
I'm having an issue with a cisco 5508 on version 7.0.116.0n, around user authentication timelap.
Indeed, if one tries to authenticate but takes a long time to input his login/password (30sec max), he can't get through authentication process.
However, if he "hurries up", it does work.
Can you please explain to me, what vars can be reconfigured in order to increase the authentication timelap ?
I Change du timer EAP-Identity-Request Timeout =>>Problem not solved
WLC >show advanced EAp
EAP-Identity-Request Timeout (seconds)........... 30 ==========> changed at 60
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
EAP-Broadcast Key Interval....................... 3600
Thanks and kind regards,
Samir
10-23-2012 06:58 AM
Take a look at this document.
https://supportforums.cisco.com/docs/DOC-12110
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
10-24-2012 01:49 AM
hello,
thank you for your answer.
I change full timer but the problem not solved.
Here are some trace:
Time :10/22/2012 15:34:06 CEST Severity :INFO Controller IP :ip-wlc Message :Controller association request message received.
Time :10/22/2012 15:34:06 CEST Severity :INFO Controller IP :ip-wlc Message :Association request received from a client has an invalid RSN IE.(One reason could be mismatch in WPA2 algorithm).
Time :10/22/2012 15:34:06 CEST Severity :INFO Controller IP :ip-wlc Message :Received reassociation request from client.
Time :10/22/2012 15:34:06 CEST Severity :INFO Controller IP :ip-wlc Message :The WLAN to which client is connecting requires 802 1x authentication.
Time :10/22/2012 15:34:06 CEST Severity :INFO Controller IP :ip-wlc Message :Client moved to associated state successfully.
Time :10/22/2012 15:34:06 CEST Severity :INFO Controller IP :ip-wlc Message :Received EAP Response from the client.
Time :10/22/2012 15:34:06 CEST Severity :INFO Controller IP :ip-wlc Message :Received EAPOL start message from client.
Time :10/22/2012 15:34:06 CEST Severity :INFO Controller IP :ip-wlc Message :Received EAP Response from the client.
Time :10/22/2012 15:34:36 CEST Severity :INFO Controller IP :ip-wlc Message :Received EAP Response from the client.
Time :10/22/2012 15:34:36 CEST Severity :INFO Controller IP :ip-wlc Message :Controller association request message received.
Time :10/22/2012 15:34:36 CEST Severity :INFO Controller IP :ip-wlc Message :Association request received from a client has an invalid RSN IE.(One reason could be mismatch in WPA2 algorithm).
Time :10/22/2012 15:34:36 CEST Severity :INFO Controller IP :ip-wlc Message :Received reassociation request from client.
Time :10/22/2012 15:34:36 CEST Severity :INFO Controller IP :ip-wlc Message :The WLAN to which client is connecting requires 802 1x authentication.
Time :10/22/2012 15:34:36 CEST Severity :INFO Controller IP :ip-wlc Message :Client moved to associated state successfully.
Time :10/22/2012 15:34:36 CEST Severity :INFO Controller IP :ip-wlc Message :Received EAP Response from the client.
Time :10/22/2012 15:34:36 CEST Severity :INFO Controller IP :ip-wlc Message :Received EAPOL start message from client.
Time :10/22/2012 15:34:36 CEST Severity :INFO Controller IP :ip-wlc Message :Received EAP Response from the client.
Time :10/22/2012 15:35:06 CEST Severity :INFO Controller IP :ip-wlc Message :Received EAP Response from the client.
Time :10/22/2012 15:35:36 CEST Severity :INFO Controller IP :ip-wlc Message :EAP response from client to AP received.
Time :10/22/2012 15:35:36 CEST Severity :ERROR Controller IP :ip-wlc Message :EAP Id request from AP client failed as maximum 802 1x retries reached.
Time :10/22/2012 15:35:36 CEST Severity :ERROR Controller IP :ip-wlc Message :De-authentication sent to client. slot 0 (claller 1x_auth_pae.c:3021)
Time :10/22/2012 15:35:36 CEST Severity :INFO Controller IP :ip-wlc Message :Controller association request message received.
Time :10/22/2012 15:35:36 CEST Severity :INFO Controller IP :ip-wlc Message :Association request received from a client has an invalid RSN IE.(One reason could be mismatch in WPA2 algorithm).
Time :10/22/2012 15:35:36 CEST Severity :INFO Controller IP :ip-wlc Message :Received reassociation request from client.
Time :10/22/2012 15:35:36 CEST Severity :INFO Controller IP :ip-wlc Message :The WLAN to which client is connecting requires 802 1x authenticatio
Best regards
Samir .
10-24-2012 03:10 AM
lock the wlan in question to use wpa-tkip or wpa2-aes only on wlc and client for that wlan if not already.
10-24-2012 06:53 AM
what type of EAP are you doing, TLS or PEAP? If it is PEAP, there is a setting in the profile to use the login credentials. If these are corporate devices, this option should be used, and should be enabled by default.
If these are guest or non-corporate devices, you should be using a PSK instead of EAP. <--IMO
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide