Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

%DOT11-7-AUTH_FAILED

Dear Cisco,

Since we installed the mbssid feature on certain access points to broadcast 2 ssid's on the

same time, we are experiencing strange behaviour concerning certain users trying to log in :

May 11 17:16:49: %DOT11-7-AUTH_FAILED: Station 0018.debf.14f1 Authentication failed

In ACS 5.2 we see the users didn't enter the correct pswd and after a certain time (and many

attemps) we see AD sets the user account locked. Our windows people see our ACS as the

guilty one, somehow the user/pswd info comes from the AP.

It seems some clients are tying "automatically" to connect to the access point because the ssid

was broadcasted. It must have something to do with the mssid feature, all our AP's without

this command doesn't seem to have the problem.

Any thoughts on this issue ?

Many thanks,

Lieven Stubbe

Belgian Railways

Everyone's tags (1)
5 REPLIES
Cisco Employee

%DOT11-7-AUTH_FAILED

MBSSID has nothing to do with authentication failure.

In the meantime please upload the following

Show run form the AP

The RADIUS authentication failure reason on ACS 5 with detailed steps of the failure

New Member

Re: %DOT11-7-AUTH_FAILED

Dear maldehne,

ACS -> 24408 : User authentication against AD failed since user has entered the wrong password.

Did some study of the logs, and it seems a great deal of these errors were caused bij "exotic" devices

on our network, like Apple devices, HTC devices,...

This is very annoying, because after a while AD puts the user in a locked state.

In attach you find the (reduced) config of one of our AP's.

Thanks,

Lieven Stubbe

Belgian Railways

Cisco Employee

Re: %DOT11-7-AUTH_FAILED

Dear Lieven

Please send the deteailed steps of failed attempt from RADIUS Authentication report

If you define an internal user on ACS and try do you have the same issue?

New Member

Re: %DOT11-7-AUTH_FAILED

Maldehne,

To test the local user, I have to set up our test ACS, this will take some time.

Somehow, most of our wireless authentications pass fine.

Thanks,

Lieven Stubbe

Belgian Railways

Cisco Employee

Re: %DOT11-7-AUTH_FAILED

The issue seems between the ACS and AD , so now try the following

debug-adclient enable

reproduce the issue

no denug-adclient enable

Collect the output of:

show acs-logs filename ACSADAgent.log

Make sure to provide the timestamp and userid used while the issue is happenning

1148
Views
0
Helpful
5
Replies
CreatePlease login to create content