06-26-2008 12:38 PM - edited 07-03-2021 04:05 PM
Hi, have a problem with clients connection to AP. On WLC can see status Probing, sometimes associated but no IP received. It was working for a month but stopped for some reason. Am slightly not sure on the steps how it all works ? First authentication takes the place and then IP assignment by DHCP, correct ? Could you please help in pinpointing the problem ? Radius reachable from WLC, AP's have IP's assigned by DHCP server from another subnet
06-26-2008 12:42 PM
Well best thing to do is create a new ssid and leave it open for testing. See if you can associate an dobtain an ip address. this will eliminate that dhcp is an issue. Then configure authentication on the new ssid to what you had in the existing ssid. Then see if you can authenticate and obtain an ip address. Look at the logs on the wlc and on acs. Post the logs if you still can't find out what the issue might be.
06-26-2008 01:07 PM
In the WLC logs I have 2 types of errors:
Client Excluded: MACAddress:00:1c:26:1a:d6:45
Base Radio MAC :00:21:1c:7a:b2:70 Slot: 0 Reason:802.1x Authentication failed 3 times. ReasonCode: 3
Client Deauthenticated: MACAddress:00:12:f0:69:43:4e
Base Radio MAC:00:21:1c:7a:b7:60 Slot: 0 Reason:Unspecified ReasonCode: 1
06-26-2008 01:31 PM
The client excluded, means that the device is not passing authentication. Look at the device setting once again. After 3 attempt, the wlc puts the device in client exclusion for 60 seconds (default unless you change it or remove client exclusion). But if the device keeps trying, that device will be stuck in client exclusion.
06-29-2008 08:03 PM
Hi,
You can turn off the client exclusion and aironetIE under the wireless lan setting.
You can also set to allow longer time out:
config advanced eap eapol-key-timeout 5
config advanced eap eapol-key-retries 4
Below is the Reason code Meaning
0 Reserved
1 Unspecified reason
2 Previous authentication no longer valid
3 Deauthenticated because sending STA is leaving (or has left) IBSS or ESS
4 Disassociated due to inactivity
5 Disassociated because AP is unable to handle all currently associated STAs
6 Class 2 frame received from nonauthenticated STA
7 Class 3 frame received from nonassociated STA
8 Disassociated because sending STA is leaving (or has left) BSS
9 STA requesting (re)association is not authenticated with responding STA
10 Disassociated because the information in the Power Capability element is unacceptable
11 Disassociated because the information in the Supported Channels element is unacceptable
12 Reserved
13 Invalid information element, i.e., an information element defined in this standard for
which the content does not meet the specifications in Clause 7
14 Message integrity code (MIC) failure
15 4-Way Handshake timeout
16 Group Key Handshake timeout
17 Information element in 4-Way Handshake different from (Re)Association Request/Probe
Response/Beacon frame
18 Invalid group cipher
19 Invalid pairwise cipher
20 Invalid AKMP
21 Unsupported RSN information element version
22 Invalid RSN information element capabilities
23 IEEE 802.1X authentication failed
24 Cipher suite rejected because of the security policy
25-31 Reserved
32 Disassociated for unspecified, QoS-related reason
33 Disassociated because QoS AP lacks sufficient bandwidth for this QoS STA
34 Disassociated because excessive number of frames need to be acknowledged, but are not
acknowledged due to AP transmissions and/or poor channel conditions
35 Disassociated because STA is transmitting outside the limits of its TXOPs
36 Requested from peer STA as the STA is leaving the BSS (or resetting)
37 Requested from peer STA as it does not want to use the mechanism
38 Requested from peer STA as the STA received frames using the mechanism for which a
setup is required
39 Requested from peer STA due to timeout
45 Peer STA does not support the requested cipher suite
46-65535 Reserved
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide