Authentication issue - debug included

Unanswered Question
May 26th, 2009

Hi, I'm having a problem with one WAP running LEAP where sometimes users can authenticate to it and sometimes some can not. We've verified passwords as they can authenticate to other WAPs in the area.

I ran 'debug dot11 aaa authenticator all' and 'debug radius authentication' and got the following: (used "mac addy 1 instead of real MAC)

------------

May 26 14:01:16.163 PDT: dot11_auth_client_abort: Received abort request for client (mac addy 1)

May 26 14:01:16.163 PDT: dot11_auth_client_abort: No client entry to abort: (mac addy 1) for application 0x1

May 26 14:01:54.503 PDT: %DOT11-7-AUTH_FAILED: Station (mac addy 1) Authentication failed

May 26 14:01:54.504 PDT: dot11_auth_client_abort: Received abort request for client (mac addy 1)

May 26 14:01:54.504 PDT: dot11_auth_client_abort: No client entry to abort: (mac addy 1) for application 0x1

------------

I don't find anything on Cisco.com about this debug. Does anyone know what this error means? I know the auth_failed, but what's the client abort lines?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tstanik Mon, 06/01/2009 - 08:36

Does it work if you disable WDS? Not sure if I am right but you are in a WDS environment and still do not have any server group for MAC authentication configured, from your configs:

wlccp authentication-server infrastructure method_WDS_Group

wlccp authentication-server client eap method_Client

wlccp authentication-server client leap method_Client

marc.groenen Tue, 10/05/2010 - 07:37

I have  a similar problem i have notices it happens on several AP's and with several clients during a day for about 2 or 3 times.

Oct  5 16:13:29.089 Netherl: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station MAC#1

Oct  5 16:14:15.148 Netherl: %DOT11-6-ASSOC: Interface Dot11Radio0, Station APNAME  MAC#1 Reassociated KEY_MGMT[NONE]

Oct  5 16:16:11.859 Netherl: dot11_auth_client_abort: Received abort request for client  MAC#1

Oct  5 16:16:11.859 Netherl: dot11_auth_client_abort: No client entry to abort:  MAC#1 for application 0x1

Oct  5 16:16:11.859 Netherl: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station  MAC#1 Reason: Sending station has left the BSS

Oct  5 16:17:55.360 Netherl: %DOT11-6-ASSOC: Interface Dot11Radio0, Station   MAC#2 Associated KEY_MGMT[NONE]

Oct  5 16:18:11.656 Netherl: dot11_auth_client_abort: Received abort request for client MAC#2

Oct  5 16:18:11.656 Netherl: dot11_auth_client_abort: No client entry to abort: MAX#2 for application 0x1

Oct  5 16:18:11.656 Netherl: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station APNAME Reason: Sending station has left the BSS

Oct  5 16:30:15.448 Netherl: %DOT11-6-ASSOC: Interface Dot11Radio0, Station   MAC#2 Reassociated KEY_MGMT[NONE]

With debugging i dont get more information then above.
I cant find any information about the following:
- Received abort request for client
- No client entry to abort: MAX#2 for application 0x1
And as you can see in the logging the client is re-associated a few minutes later but nothing on client or AP side has been changed.
Could it perhaps be an auth request that was in progress but the client has left the AP and there for there is no client connected to that AP since it has left ?
Have you been able to solve the issue?

UPDATE:

I have managed to capture the debugging fo the Authentication FAILED event:

Oct  6 08:59:34.596 Netherl: %DOT11-7-AUTH_FAILED: Station MAC#1 Authentication failed

Oct  6 08:59:34.596 Netherl: dot11_auth_client_abort: Received abort request for client MAC#1

Oct  6 08:59:34.596 Netherl: dot11_auth_client_abort: No client entry to abort: MAC#1 for application 0x1

Oct  6 08:59:34.741 Netherl: AAA/BIND(000035FC): Bind i/f

Oct  6 09:00:04.738 Netherl: %DOT11-7-AUTH_FAILED: Station MAC#1 Authentication failed

Oct  6 09:00:04.738 Netherl: dot11_auth_client_abort: Received abort request for client MAC#1

Oct  6 09:00:04.739 Netherl: dot11_auth_client_abort: No client entry to abort MAC#1 for application 0x1

Oct  6 09:00:04.893 Netherl: AAA/BIND(000035FD): Bind i/f

I will try and debug on the WDS AP.

Actions

This Discussion

 

 

Trending Topics - Security & Network