I set up a WLC 2106 v4.2 in the lab with an upgraded LWAPP Aironet 1220b (also upgraded to G module). I have two vlans set up on it, one being the corporate using RADIUS/PEAP with MS IAS server, the other being guest using Web authentication.
The guest WLAN works great. Our current corporate WLAN is using PEAP with the fat APs and MS RADIUS server. So I configured the 2106 to use the same setup and servers. The corporate WLAN on this new network worked fine at first. Then I noticed at different times, the wireless card would go into constant reauthentication with the little yellow ball by the wifi systray icon flashing like crazy, cycling between "connected", "attempting to authenticate", and "validating identity". Although I am still on the network, this has badly degraded network speed. Occasionally it will snap out of it but most of the time I have to repair it. After a while it will start it again.
I modified all the power settings including the wlan card. It still happens.
I tried two different laptops with different wifi cards. Tried B, G only or Mixed. Both runs XP sp1. Our network is all 2000 servers with AD. Console logs on the LW AP shows numerous attack attempts from these laptops, of course:
%WIDS-4-SIG_ALARM: Attack is detected on Sig:Standard Id:12 Channel:11 Source MAC:001c.bf12.c8d7
%WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:12 Channel:11
On the WLC 2106, numerous Trap log entries when this happens:
Decrypt errors occurred for client 00:1c:bf:12:c8:d7 using unknown key on 802.11b/g interface of AP 00:07:0e:15:1b:10
WLC management logs:
Feb 08 10:35:14.098 spam_lrad.c:21624 LWAPP-4-SIG_INFO1: Signature information; AP 00:07:0e:15:1b:10, alarm ON, standard sig EAPOL flood, track per-Macprecedence 12, hits 30, slot 0, channel 11, most offending MAC 00:1c:bf:12:c8:d7
Feb 08 10:05:19.463 dtl_net.c:1299 DTL-1-ARP_POISON_DETECTED: STA [00:1c:bf:12:c8:d7, 0.0.0.0] ARP (op 1) received with invalid SPA 172.16.7.63/TPA 172.16.7.1
Meanwhile, MS eventlog on the IAS RADIUS server shows 15-16 successful PEAP authentications PER SECOND from the same user.
These two laptops are right next to the LW AP and controller. Signal level from production APs are very low.