No Web Authentication - but excluded client with reason code 4

Unanswered Question
Sep 24th, 2009
User Badges:


we are using a WLC 4400 with Software Version and WCS Version

Access Points are AIR-LAP1131AG-E-K9.

We have problems with one client (Windows XP SP3). The computer loses the wireless connection all the time, but we don't know why. Duration of the connections are different.

So there are a lot of minor alarms saying “Client which was associated with AP, interface '0' is excluded. The reason code is '4(Web Authentication failed 3 times.)'.”

But the wireless lan which is used by the client is not configured with Web Authentication!! It is only using MACFilter. That's very strange! (There is another wireless lan configured with Web Authentication.)

The minor alarms are created by different Access Points, amongst others by the Access Point where the client is connected to! (All Access Points radiate all wireless lans.)

Regarding to this client the SyslogServer often says:

Sep 17 16:01:57.187 1x_ptsm.c:404 DOT1X-3-MAX_EAPOL_KEY_RETRANS: Max EAPOL-key M1 retransmissions exceeded for client LOCAL USE 0 ERROR CONDITION

Sep 17 16:02:07.885 1x_ptsm.c:511 DOT1X-3-PSK_CONFIG_ERR: Client may be using an incorrect PSK LOCAL USE 0 ERROR CONDITION

Last week I tried the trouble shooting of the WCS with the following effect:

Time :09/18/2009 19:01:39 Message :Controller association request message received.

Time :09/18/2009 19:01:39 Message :Association request received from a client has an invalid RSN IE.(One reason could be mismatch in WPA2 algorithm).

Time :09/18/2009 19:01:39 Message :Received reassociation request from client.

Time :09/18/2009 19:01:39 Message :The wlan to which client is connecting requires 802 1x authentication.

Time :09/18/2009 19:01:39 Message :Client moved to associated state successfully.

Time :09/18/2009 19:01:39 Message :802.1x authentication message received, static dynamic wep supported.

Time :09/18/2009 19:01:39 Message :802.1x authentication was completed successfully.

Time :09/18/2009 19:01:39 Message :Client has got IP address, no L3 authentication required.

I think the problem is hidden at the client but I don't know what it could be. The PSK can not be incorrect because the client is able to connect to the wireless lan but later loses the connection.

Does somebody has an idea or knows the error messages?!

Greetings lydia

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion



Trending Topics - Security & Network