Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5194
Views
0
Helpful
3
Replies

802.1X Authentication Failed with WPA 1/2

qingyu.guo
Level 1
Level 1

‎06-07-2010 04:51 AM - edited ‎07-03-2021 06:51 PM

Hi

i have a wlc 2106 , when a user want to connnect to the wireless , it will show the log as below . the user can not connect to the wireless network .

After disable and re-enable the wifi nic or connect to another AP(not cisco ) and retry to connect this ssid , the user can connect the wireless successfully ,you can get the log in detail from the attachment .Who can tell me what happen at this ? By the way , most of the nic are intel .

Mon Jun  7 09:09:05 2010: 00:13:e8:08:de:9b 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [00:1f:6d:b8:18:c0]
Mon Jun  7 09:09:05 2010: 00:13:e8:08:de:9b Deleting mobile on AP 00:1f:6d:b8:18:c0(0)
Mon Jun  7 09:09:13 2010: 00:13:e8:08:de:9b Adding mobile on LWAPP AP 00:1f:6d:b8:18:c0(0)
Mon Jun  7 09:09:13 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 23) in 5 seconds
Mon Jun  7 09:09:13 2010: 00:13:e8:08:de:9b apfProcessProbeReq (apf_80211.c:4120) Changing state for mobile 00:13:e8:08:de:9b on AP 00:1f:6d:b8:18:c0 from Idle to Probe
Mon Jun  7 09:09:13 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
Mon Jun  7 09:09:13 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
Mon Jun  7 09:09:13 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
Mon Jun  7 09:09:13 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
Mon Jun  7 09:09:13 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
Mon Jun  7 09:09:18 2010: 00:13:e8:08:de:9b apfMsExpireCallback (apf_ms.c:433) Expiring Mobile!
Mon Jun  7 09:09:18 2010: 00:13:e8:08:de:9b 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [00:1f:6d:b8:18:c0]
Mon Jun  7 09:09:18 2010: 00:13:e8:08:de:9b Deleting mobile on AP 00:1f:6d:b8:18:c0(0)
Mon Jun  7 09:09:20 2010: 00:13:e8:08:de:9b Adding mobile on LWAPP AP 00:26:99:91:44:00(0)
Mon Jun  7 09:09:20 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 23) in 5 seconds
Mon Jun  7 09:09:20 2010: 00:13:e8:08:de:9b apfProcessProbeReq (apf_80211.c:4120) Changing state for mobile 00:13:e8:08:de:9b on AP 00:26:99:91:44:00 from Idle to Probe
Mon Jun  7 09:09:20 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
Mon Jun  7 09:09:20 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
Mon Jun  7 09:09:20 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
Mon Jun  7 09:09:21 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
Mon Jun  7 09:09:21 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
Mon Jun  7 09:09:21 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
Mon Jun  7 09:09:21 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
Mon Jun  7 09:09:25 2010: 00:13:e8:08:de:9b apfMsExpireCallback (apf_ms.c:433) Expiring Mobile!
Mon Jun  7 09:09:25 2010: 00:13:e8:08:de:9b 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [00:26:99:91:44:00]
Mon Jun  7 09:09:25 2010: 00:13:e8:08:de:9b Deleting mobile on AP 00:26:99:91:44:00(0)
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b Adding mobile on LWAPP AP 00:26:99:91:44:00(0)
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 23) in 5 seconds
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b apfProcessProbeReq (apf_80211.c:4120) Changing state for mobile 00:13:e8:08:de:9b on AP 00:26:99:91:44:00 from Idle to Probe
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 24) in 5 seconds
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b Reassociation received from mobile on AP 00:26:99:91:44:00
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b STA - rates (8): 130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b Processing WPA IE type 221, length 24 for mobile 00:13:e8:08:de:9b
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b 0.0.0.0 START (0) Initializing policy
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:26:99:91:44:00
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b apfPemAddUser2 (apf_policy.c:212) Changing state for mobile 00:13:e8:08:de:9b on AP 00:26:99:91:44:00 from Probe to Associated
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b Stopping deletion of Mobile Station: (callerId: 48)
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b Sending Assoc Response to station on BSSID 00:26:99:91:44:00 (status 0)
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b apfProcessAssocReq (apf_80211.c:3885) Changing state for mobile 00:13:e8:08:de:9b on AP 00:26:99:91:44:00 from Associated to Associated
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b Station 00:13:e8:08:de:9b setting dot1x reauth timeout = 1800
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:38 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 1)
Mon Jun  7 09:09:39 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:39 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:39 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 2)
Mon Jun  7 09:09:40 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:40 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:40 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 3)
Mon Jun  7 09:09:41 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:41 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:41 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 4)
Mon Jun  7 09:09:42 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:42 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:42 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 5)
Mon Jun  7 09:09:43 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:43 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:43 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 6)
Mon Jun  7 09:09:44 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:44 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:44 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 7)
Mon Jun  7 09:09:45 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:45 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:45 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id
Mon Jun  7 09:09:46 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:46 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:46 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 9)
Mon Jun  7 09:09:47 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:47 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:47 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 10)
Mon Jun  7 09:09:48 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:48 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:48 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 11)
Mon Jun  7 09:09:49 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:49 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:49 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 12)
Mon Jun  7 09:09:50 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:50 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:50 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 13)
Mon Jun  7 09:09:51 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:51 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:51 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 14)
Mon Jun  7 09:09:52 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:52 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:52 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 15)
Mon Jun  7 09:09:53 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:53 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:53 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 16)
Mon Jun  7 09:09:54 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:54 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:54 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 17)
Mon Jun  7 09:09:55 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:55 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:55 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 18)
Mon Jun  7 09:09:56 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:56 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:56 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 19)
Mon Jun  7 09:09:57 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:57 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:57 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 20)
Mon Jun  7 09:09:58 2010: 00:13:e8:08:de:9b 802.1x 'txWhen' Timer expired for station 00:13:e8:08:de:9b
Mon Jun  7 09:09:58 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Connecting state
Mon Jun  7 09:09:58 2010: 00:13:e8:08:de:9b Sending EAP-Request/Identity to mobile 00:13:e8:08:de:9b (EAP Id 21)
Mon Jun  7 09:09:58 2010: 00:13:e8:08:de:9b Reached Max EAP-Identity Request retries (21) for STA 00:13:e8:08:de:9b
Mon Jun  7 09:09:58 2010: 00:13:e8:08:de:9b Sent Deauthenticate to mobile on BSSID 00:26:99:91:44:00 slot 0(caller 1x_auth_pae.c:2539)
Mon Jun  7 09:09:58 2010: 00:13:e8:08:de:9b Scheduling deletion of Mobile Station:  (callerId: 6) in 10 seconds
Mon Jun  7 09:09:58 2010: 00:13:e8:08:de:9b dot1x - moving mobile 00:13:e8:08:de:9b into Disconnected state
Mon Jun  7 09:09:58 2010: 00:13:e8:08:de:9b Not sending EAP-Failure for STA 00:13:e8:08:de:9b
Mon Jun  7 09:09:58 2010: 00:13:e8:08:de:9b Association received from mobile on AP 00:1f:6d:b8:18:c0
Mon Jun  7 09:09:58 2010: 00:13:e8:08:de:9b STA - rates (8): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
Mon Jun  7 09:09:58 2010: 00:13:e8:08:de:9b STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
Mon Jun  7 09:09:58 2010: 00:13:e8:08:de:9b Processing WPA IE type 221, length 24 for mobile 00:13:e8:08:de:9b
Mon Jun  7 09:09:58 2010: 00:13:e8:08:de:9b 0.0.0.0 8021X_REQD (3) Deleted mobile LWAPP rule on AP [00:26:99:91:44:00]
Mon Jun  7 09:09:58 2010: 00:13:e8:08:de:9b Updated location for station old AP 00:00:00:00:00:00-0, new AP 00:1f:6d:b8:18:c0-0

1 person had this problem
Labels:
67476-failure.txt.zip
67463-success.txt.zip
0 Helpful
3 Replies 3

Elliott Shawd
Level 1
Level 1

‎06-16-2010 08:02 AM

It looks like a identity request is being sent and timing out before the client can send an identity response. I would look at possibly increasing your EAP timeout value or figure out why your client isn't sending a response quick enough or at all. To do this, install wireshark on the client and run a capture on your wireless card in non-promiscuous mode. See if the client hears the identity request being sent by the ap and if it sends a response.

0 Helpful

stsargen
Cisco Employee
Cisco Employee

‎06-23-2010 05:50 AM

I would check your advanced eap timers on the WLC.  Run "show advanced eap" from the CLI.  It sounds like you need to increase your EAP Request Identity timeout.  It looks like it is currently set to 1 second.  It the client doesn't respond within 1 second another Request Identity will be sent.  Try increasing this value to 5 ro 10 seconds ( EAP-Identity-Request Timeout 5) and also (config EAP-Request Timeout)

0 Helpful

qingyu.guo
Level 1
Level 1
In response to stsargen

‎06-23-2010 08:25 AM

Thx for you reply ,

i have reconfig the WLC, and it looks good so far .below is my configuration

config wps client-exclusion all disable
Config advanced eap identity-request-timeout 20
Config advanced eap identity-request-retries 10
Config advanced eap request-timeout 20
Config advanced eap request-retries 10
config 802.11b disable network
config 802.11b preamble long
config 802.11b enable network

config wlan disable 1
config wlan mfp infrast protection disable
config wlan enable 1


config wlan disable 2
config wlan mfp infrast protection disable
config wlan enable 2

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card