Authentication Failure in Aironet 1210

Unanswered Question
Jun 25th, 2008
User Badges:

I have few APs. The client authentication is done by ACS server. ALL the APs were working fine before and some of the AP have no clients associated. Here is the output from sys log



Jun 25 19:47:05.767: %DOT11-7-AUTH_FAILED: Station 001c.bf7a.0055 Authentication failed

Jun 25 19:47:05.855: %DOT11-7-AUTH_FAILED: Station 001c.bf7a.0055 Authentication failed

Jun 25 19:47:05.910: %DOT11-7-AUTH_FAILED: Station 001c.bf7a.0055 Authentication failed

Jun 25 19:47:35.951: %DOT11-7-AUTH_FAILED: Station 001c.bf7a.0055 Authentication failed

Jun 25 19:51:27.331: %DOT11-7-AUTH_FAILED: Station 0014.a8a7.86bc Authentication failed

Jun 25 19:54:02.054: %DOT11-7-AUTH_FAILED: Station 0014.a8a7.86bc Authentication failed

Jun 25 19:56:26.545: %DOT11-7-AUTH_FAILED: Station 0014.a8a7.86bc Authentication failed

Jun 25 19:58:49.187: %DOT11-7-AUTH_FAILED: Station 0014.a8a7.86bc


As my clients are configured to work with FAST-EAP and the client credential is fine when connected with one AP but not with other. I doubt something has changed in ACS itself or AP. I put the load the configuration of working AP to the faulty AP keeping shared authentication key between Radius and AP same. but still not worked.


Anybody helps how to troubleshoot these issues.


subharose

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Wed, 06/25/2008 - 12:59
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

What does the log on the ACS show. Make sure all the ap's are setup as AAA clients and the shared secret is the same.

bcolvin Wed, 06/25/2008 - 13:04
User Badges:
  • Bronze, 100 points or more

Check this document and determine what phase of the authentication is failing there should be messages before the AUTH-FAILED indicating where the process failed.


http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a008024aa4f.shtml


Also make sure the AP's are Authenticated with the ACS server if no stations are authenticating through them.


if all the AP's have stations Authenticated and Associated then you either have a driver/suplicant issue in the station or if you are also using MAC authentication the MAC address has not be entered correctly in the ACS server.


Hope this helps


Bill

subharojdahal Wed, 06/25/2008 - 17:48
User Badges:
bcolvin Thu, 06/26/2008 - 17:01
User Badges:
  • Bronze, 100 points or more

AS Scott Said you need to check the logs on the ACS server to determine what part of the authentication is failing.


I would set up a new userid and password on the ACS server if it is your radius server or check the status of your radius server.


Bill

Scott Fella Thu, 06/26/2008 - 18:32
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

What are your clients using... windows zero, access connections, intel proset??


Does you client have "authenticate as computer when computer information is available" checked? if so uncheck this if you are using XP. If you have Intel ProSet Utility, check the roaming profile.

Actions

This Discussion

 

 

Trending Topics - Security & Network