ap authentication/join issue

Unanswered Question
Aug 10th, 2010

i am having issues joining new 1242LAP's to my controller.  i am receiving the follwing error on my controller:

AAA Authentication Failure for UserName:5475d01144f0 User Type: WLAN USER

username is the MAC of my new 1242LAP.  older 1242LAP's have no issue.  i have 70 of the newer ones that i have just installed and fail to join the controller with the above error message.  i'm not sure how to resolve.  any help would be appreciated.  thanks.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (6 ratings)
Andrew Betz Tue, 08/10/2010 - 13:21

Hi Brandon,

Good question.  Sounds like your WLC may be authorizing LAPs via an Auth-list or AAA.  You can view these settings here:

Web GUI --> Secuirty --> AAA --> AP Policies

If you do not wish to authorize the APs via an auth-list or AAA, simply uncheck the following option:

Authorize MIC APs against auth-list or AAA



bmarms Wed, 08/11/2010 - 07:00

turns out the AP's were shipped with mesh image

and are in bridge mode.  even though they have a MIC, the controller was unable to auth.  i have to manually enter

their mac into the ap auth list.  they would then join the controller as a bridge.  once joined, i changed ap mode to

"local".  ap would then reboot and i removed entry from ap auth list.  thanks for your reply.

Andrew Betz Wed, 08/11/2010 - 07:02

Good Catch, Brandon.  That would do it.  Glad to hear you were able to resolve this one.

Take Care,


nstahlman Wed, 02/02/2011 - 19:55

Was there ever some sort of bug report or notice released about this issue?  I had the exact same happen today and after being on the phone with TAC for 3 hours, I stumbled across this post and it fixed my issue.  First of all, thanks and second I would be interested to know if these issue was/is documented somewhere.

Andrew Betz Thu, 02/03/2011 - 05:04

Good question.  I had the same initial reaction, but I later found out that some indoor LAPs can be pre-ordered with the Mesh image installed.  This order is typically placed by your Cisco Partner, or reseller.



Mike Hale Tue, 09/04/2012 - 15:19

This also just helped me clear up an issue...thank you very much for posting the solution.

It's really weird because our WLC doesn't do MAC authorization...in fact, the problem AP is the only one with a specific entry in that auth table.  Very strange. 


This Discussion

Related Content



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode