08-21-2009 06:01 AM - edited 07-03-2021 05:58 PM
Hello,
I'm setting up a new 5508 WLC (the first wlc I have ever setup) and I have my WLAN setup with our existing WPA/TKIP ssid for transitioning our clients from our existing autonomous system to the wlc. I have selected PSK as the key mgmt and I can get the client's to connect for a few minutes but I keep seeing these errors:
Fri Aug 21 08:50:05 2009 Client Excluded: MACAddress:00:21:00:f9:dd:50 Base Radio MAC :00:23:eb:27:e3:b0 Slot: 1 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4
I don't have nor do I want 802.1x enabled. Is there something I need to disable either on the client or the controller?
Thanks.
Dan.
08-21-2009 07:12 AM
Congrats on getting your first controller set up. Since you don't have any 802.1X configured, could it be that the client in question is trying to use an incorrect PSK?
08-21-2009 08:39 AM
I don't think so. All of the clients connect, but then get disconnected with the 802.1x error message.
Dan.
04-22-2015 08:45 AM
My scenery is the next:
Acces Client->AP->WLC
Authentication Client->AP->WLC->Radius
Ip Asignament after the authentication Client->DHCP
I had the same log trap "Client Excluded: MACAddress:(..................) Base Radio MAC :(..................) Slot: 0 User Name: unknown Ip Address: (..................) Reason:802.1x Authentication failed 3 times. ReasonCode: 4", i saw the log of the RADIUS and the cause was the algorithm PEAP and the radius talk in EAP, i change it the propieties of my Wireless Network (Control Panel->Internet and Networks->Wireless Mangement), in the security tab in authentication method i chose intenlligent card and other certification and that's it
08-21-2009 09:36 AM
If I click on the client and look at the client details it shows under the policy manager state that 802.1x is required. Is there something configured wrong on the client?
Clients > Detail
Client Properties
MAC Address 00:21:00:f9:dd:50
IP Address
Client Type
WGB MAC Address
Number of Wired Client(s)
User Name
Port Number
Interface
VLAN ID
CCX Version
E2E Version
Mobility Role
Mobility Peer IP Address
Policy Manager State 8021X_REQD
Management Frame Protection
08-22-2009 01:41 PM
I have come across some more information reguarding my problem.
When the lap cannot connected to the wlc then everything works! The clients can connect just fine without problems. As soon as I take the acl of the switch port and allow the lap to connect back to the controller, the client's cannot connect.
08-22-2009 03:11 PM
Just another note.
When i set the Wlan to no authentication (open system) then I can connect to the ap when it is in h-reap mode and communicating with the controller. When i have the Wlan set to wpa/aes/psk i cannot connect.
Is there a know bug in 6.0.182.0?
05-25-2013 05:06 AM
is there a specific reason to use that 6.0 code, upgrade to latest 7.0.240 code and try to reproduce the issue.
05-25-2013 06:11 AM
Look at the date of my original post. It is nearly 4 years ago! I don't know why people are responding to this thread.
05-25-2013 07:12 AM
People seem to want to add onto what was posted already... I don't know why, but its better if they did open up their own thread.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
08-25-2009 11:08 PM
I had a similar problem a while ago, caused by WCS not setting the PSK correctly on the WLC. Cisco TAC informed me that the error message not necessary is a dot1x error message, it can also indicate a PSK error (wrong key).
Are you using WCS to push the PSK to the WLC?
08-26-2009 09:41 AM
No I am not using WCS. I contacted TAC and it looks like it might be a bug in the 6.x software. There next step was to re-create it in there lab.
08-26-2009 08:44 PM
If you are using WPA with AES, then I would change that setting - either use WPA with TKIP, or use WPA2 with AES (even if that does not solve your problem). Even though you are supposed to be able to mix and match WPA/WPA2 and TKIP/AES, I have seen some clients that work better using WPA/TKIP or WPA2/AES.
08-27-2009 09:41 AM
It's not that either. I have tried every combination of WPA and WPA2...the only ones that work is WEP or Open System.
WPA and WPA2 work when the ap connection to the controller is lost. So it looks like the ap is not operating in H-Reap mode when it has a connection to the controller.
11-12-2009 10:28 PM
Does your PSK have any numbers, special characters or is it exceptionally long? Try temporarily changing the PSK to something short with lower case characters only to see if that allows you to connect.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: