WLC Failed to complete DTLS handshake with peer

Unanswered Question
Feb 22nd, 2011

WLC 5508 running 7.0.98.0

Site was running fine until the WLC had a hardware failure.

A new WLC was shipped out, was running 6.0.99 then manually upgraded to 7.0.98. Clients cannot authenticatewith recurrent logs messages like this.

*dot1xMsgTask: Feb 23 17:05:03.648: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2914 Max EAP identity request retries (3) exceeded for client 00:21:5c:<snip>
*spamApTask0: Feb 23 17:05:01.926: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:629 Failed to complete DTLS handshake with peer 192.168.214.91

I have tried changing the key on the radius server to no avail.Anybody have any ideas?

I have this problem too.
2 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nicolas Darchis Wed, 02/23/2011 - 00:17

DTLS message corresponds to an AP not joining or disconnecting.

The EAP message above is about a client not finishing its dot1x authentication.

Since what changed is the WLC itself, I would check for changes :

-did it change ip address ? is the config EXACTLY the same as before ?

-What does your radius server reports as failed attempt reason ?

Nicolas

shaanismath Wed, 02/23/2011 - 15:16

Hi Nicolas,

I reconfigured the WLC manually and from what I can see the configs are the same.

Are the AP disconnect (DTLS) and EAP messages even related to each other?

The log on the radius indicates Filtering Platform Packet drop, its an NPS server

Tia

shaanismath Wed, 02/23/2011 - 19:05

I also saw this message in the NPS logs.

Authentication failed due to an EAP session timeout; the EAP session with the access client was incomplete.

Nicolas Darchis Wed, 02/23/2011 - 22:59

I'm unsure about what the first NPS message means.

It's a dot1x authentication not completing issue, the authentication process must be looked at to understand which part is stopping. It could be the client not trusting the NPS certificate, the NPS stopping the authentication because it doesn't like the WLC for some reason ... could be anything.

Actions

Login or Register to take actions

This Discussion

Posted February 22, 2011 at 10:09 PM
Stats:
Replies:4 Overall Rating:
Views:6539 Votes:2
Shares:0
Tags: No tags.
 

Discussions Leaderboard

Rank Username Points
1
Scott Fella
3,325
2
Stephen Rodriguez
1,515
3
George Stefanick
1,299
4
Leo Laohoo
800
5
Manannalage ras...
651
Rank Username Points
Manannalage ras...
28
Scott Fella
15
George Stefanick
15
Stephen Rodriguez
15
Freerk Terpstra
10

Trending Topics - Security & Network