Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
830
Views
0
Helpful
3
Replies

Frequent reauthentications with 4402 WLC

1j.graves
Level 1
Level 1

‎04-24-2008 10:20 AM - edited ‎07-03-2021 03:46 PM

We're having an odd problem with web authentication on a 4402 WLC. Users have to reauthenticate several times before it seems to "stick." After logging in, they'll have to log in again after 2-5 minutes, and then possibly a few more times in the same kind of intervals (sometimes as few as 2-3 reauthentications, once as many as nine times).

Here's an odd wrinkle: we also have a 2106 controller, identically configured (as far as I can verify. They should have the same configuration, except for IP addresses of course). It's rock solid.

Both controllers are pointing to a Cisco ACS (the same one for both) for authentication, which in turn does an LDAP lookup.

Has anyone seen something like this? Digging into the WLC logs shows messages that the user failed authentication (note that the user never gives a bad username/password combo, so it looks as if something internal is forgetting the previous auth). Here's a sample line:

Apr 17 10:03:32.564 aaa.c:1184 AAA-5-AAA_AUTH_NETWORK_USER: Authentication failed for network user '<redacted>'

I also see a lot of messages like this, but again I have no idea if they're connected to my problem:

Apr 17 10:04:13.563 apf_foreignap.c:1278 APF-4-REGISTER_IPADD_ON_MSCB_FAILED: Could not Register IP Add on MSCB. MSCB still in init state. Address:<redacted>

Apr 17 10:03:14.090 apf_foreignap.c:1285 APF-1-CHANGE_ORPHAN_PKT_IP: Changing orphan packet IP address for station00:<redacted> from <redacted> ---><redacted>

Apr 17 10:03:14.090 apf_foreignap.c:1278 APF-4-REGISTER_IPADD_ON_MSCB_FAILED: Could not Register IP Add on MSCB. MSCB still in init state. Address:<redacted>

Any insights would be appreciated. Like I said, the fact that this setup is working fine on one WLC but not on the other is creating much head-scratching.

Thanks.

Labels:
0 Helpful
3 Replies 3

dmitry
Level 1
Level 1

‎04-24-2008 04:01 PM

Having the same issue, WLC 4402s with 5.0.148, only with internal user DB (guest users)

0 Helpful

jvandelogt
Level 1
Level 1

‎06-26-2008 03:15 AM

Did you guys find out what the problem was?

0 Helpful

armonk_netdesk
Level 1
Level 1

‎07-07-2008 10:45 AM

I'll bet your 2106 is not running 5.148 code. My first suggestion is to not use the 5.x code in a production environment. If that is not feasible then find out why the session is failing to move into the RUN state. Is there some other requirement for the client ? For example, did you enable the DHCP REQUIRED checkbox in the advanced wlan setting?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card