Problem with client authorization on wlc, connection from 10-20th attempts

fractal90 · ‎04-01-2021

I deployed points on remote sites in flexconnect mode with local switching and central authorization, after everything was configured, they began to connect users, there were complaints that the connection takes place from 10-20 times, and debug stops at this and starts over

Dot1x_NW_MsgTask_5: Mar 30 11:46:13.198: [PA] a0:a4:c5:56:61:75 dot1x - moving mobile a0:a4:c5:56:61:75 into Connecting state
*Dot1x_NW_MsgTask_5: Mar 30 11:46:13.198: [PA] a0:a4:c5:56:61:75 Sending EAP-Request/Identity to mobile a0:a4:c5:56:61:75 (EAP Id 1)
*osapiBsnTimer: Mar 30 11:47:14.433: [PA] a0:a4:c5:56:61:75 802.1x 'txWhen' Timer expired for station a0:a4:c5:56:61:75 and for message = M0
*Dot1x_NW_MsgTask_5: Mar 30 11:47:14.433: [PA] a0:a4:c5:56:61:75 dot1x - moving mobile a0:a4:c5:56:61:75 into Connecting state

at this stage, there is a constant request for a username and password ... wpa2 + wpa3 (CCMP128 (AES)), 802.1x-SHA1 is used.

i deployed a point next to me with the same configuration and i have no problem, can anyone come across this? windows, FT and IE aironet clients disabled, controller version 8.10.130.0

Rasika Nayanajith · ‎04-05-2021

What is the time taken for EAP authentication (from Identity Request to EAP Access-Accept msg)? Maybe most eap-requests get timeout.

What is the difference between your test site vs problematic site? where is the RADIUS server?

HTH

Rasika

fractal90 · ‎04-05-2021

I increased the timers, but it did not help, now I have updated from version 8.10.130.0 to version 8.10.151.0, so far no one else complained, I observe further

patoberli · ‎04-06-2021

Is WPA3 unselected or do you have this also enabled?

I think it's disabled based on your description, but make sure it really is.

fractal90 · ‎04-06-2021