04-27-2012 10:17 AM - edited 07-03-2021 10:04 PM
I am interested if others are seeing multiple-passed machine and user authentications
Using 802.1x PEAP-MSCHAPv2 wireless authentication.
XP(SP3) - Getting dual-passed machine authentications, then dual-passed user authentications
Win7 - Getting triple-passed machine authentications, then triple-passed user authentications (sometimes just duals)
Seeing this behavior in two customer environments:
Customer 1
Mix of 2008/2003 DCs
CSACS-1121-K9 5-3-0-40-1
AIR-CT5508-K9 7.0.220.0
Customer 2
Mix of 2008/2003 DCs
CSACS-1121-K9 5-3-0-40-3 (also saw issue with patch 2)
AIR-CT5508-K9 7.2.103.0
???
04-27-2012 12:03 PM
I have a similar envoirment. I just checked my logs and I am not seeing double or tripple authentications for devices or clients.
Although, I am not on 7.2 yet.
Did you do a wireless packet capture to see what is actually being sent from the client ? I wonder if your client is doing a preautntication to another ap in advance, But windoz does pmk cache, not pre autentication. So that wouldnt be it ..
Have your tried the free cisco anyconnect 3.x, it has a wireless supplicant. Just for testing purposes, to see if it still acts the same way ?
04-27-2012 12:55 PM
Been working with TAC on this for several weeks. Looks like clients are sending EAPOL-START even after they have already authenticated. Right now we are having customer tweak an XP registry to suppress EAPOL-START messages, just to see how it reacts. Have not heard results yet.
I can't be the only one seeing this behavior, at two different sites... can I?
FYI... schedule about an extra 30-45+ minutes when you upgrade to 7.2 as there is a FUS upgrade that is also part of going to 7.2. FUS updates low-level WLC components. You've got to baby sit it, cause it prompts you for each upgrade to to each component.
04-27-2012 01:45 PM
Have you tried a differernt supplicant rather then the XP and 7 itself?
Thanks for the heads up on 7.2.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide