Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

wireless client EAP-FAST authentication fail with ACS

When I use no certificate EAP-FAST authentication (Anonymous In−band PAC provisioning) to authenticate access wireless client, always authenticate fail, and can not access to wireless which is controlled by WLC.

When I debug dot1x messages of WLC. Always prompt following messages:  I am so confused with this situation and really hope guys can help me.

Sun Apr 25 15:53:51 2010: 00:40:96:af:6e:af [Error] Client requested no retries for mobile 00:40:96:AF:6E:AF
Sun Apr 25 15:53:51 2010: 00:40:96:af:6e:af Returning AAA Error 'Timeout' (-5) for mobile 00:40:96:af:6e:af
Sun Apr 25 15:53:51 2010: AuthorizationResponse: 0xbadff8d4
Sun Apr 25 15:53:51 2010:       structureSize................................28
Sun Apr 25 15:53:51 2010:       resultCode...................................-5
Sun Apr 25 15:53:51 2010:       protocolUsed.................................0xffffffff
Sun Apr 25 15:53:51 2010:       proxyState...................................00:40:96:AF:6E:AF-34:00
Sun Apr 25 15:53:51 2010:       Packet contains 0 AVPs:
Sun Apr 25 15:53:51 2010: 00:40:96:af:6e:af Processing AAA Error 'Timeout' (-5) for mobile 00:40:96:af:6e:af
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Processing RSN IE type 48, length 20 for mobile 00:40:96:af:6e:af
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Received RSN IE with 0 PMKIDs from mobile 00:40:96:af:6e:af
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Station 00:40:96:af:6e:af setting dot1x reauth timeout = 1800
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Sending EAP-Request/Identity to mobile 00:40:96:af:6e:af (EAP Id 1)
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Sending 802.11 EAPOL message  to mobile 00:40:96:af:6e:af
Sun Apr 25 15:53:53 2010: 00000000: 02 00 00 31 01 01 00 31  01 00 6e 65 74 77 6f 72  ...1...1..networ
Sun Apr 25 15:53:53 2010: 00000010: 6b 69 64 3d 57 43 4c 2c  6e 61 73 69 64 3d 43 69  kid=WCL,nasid=Ci
Sun Apr 25 15:53:53 2010: 00000020: 73 63 6f 5f 39 35 3a 38  61 3a 38 30 2c 70 6f 72  sco_95:8a:80,por
Sun Apr 25 15:53:53 2010: 00000030: 74 69 64 3d 31                                    tid=1
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Received 802.11 EAPOL message (len 4) from mobile 00:40:96:af:6e:af
Sun Apr 25 15:53:53 2010: 00000000: 01 01 00 00                                       ....
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Received EAPOL START from mobile 00:40:96:af:6e:af
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Sending EAP-Request/Identity to mobile 00:40:96:af:6e:af (EAP Id 2)
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Sending 802.11 EAPOL message  to mobile 00:40:96:af:6e:af
Sun Apr 25 15:53:53 2010: 00000000: 02 00 00 31 01 02 00 31  01 00 6e 65 74 77 6f 72  ...1...1..networ
Sun Apr 25 15:53:53 2010: 00000010: 6b 69 64 3d 57 43 4c 2c  6e 61 73 69 64 3d 43 69  kid=WCL,nasid=Ci
Sun Apr 25 15:53:53 2010: 00000020: 73 63 6f 5f 39 35 3a 38  61 3a 38 30 2c 70 6f 72  sco_95:8a:80,por
Sun Apr 25 15:53:53 2010: 00000030: 74 69 64 3d 31                                    tid=1
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Received 802.11 EAPOL message (len 31) from mobile 00:40:96:af:6e:af
Sun Apr 25 15:53:53 2010: 00000000: 01 00 00 1b 02 01 00 1b  01 50 45 41 50 2d 30 30  .........PEAP-00
Sun Apr 25 15:53:53 2010: 00000010: 2d 34 30 2d 39 36 2d 41  46 2d 36 45 2d 41 46     -40-96-AF-6E-AF
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Received EAPOL EAPPKT from mobile 00:40:96:af:6e:af
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Received EAP Response packet with mismatching id (currentid=2, eapid=1) from mobile 00:40:96:af:6e:af
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Received 802.11 EAPOL message (len 31) from mobile 00:40:96:af:6e:af
Sun Apr 25 15:53:53 2010: 00000000: 01 00 00 1b 02 02 00 1b  01 50 45 41 50 2d 30 30  .........PEAP-00
Sun Apr 25 15:53:53 2010: 00000010: 2d 34 30 2d 39 36 2d 41  46 2d 36 45 2d 41 46     -40-96-AF-6E-AF
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Received EAPOL EAPPKT from mobile 00:40:96:af:6e:af
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Received Identity Response (count=2) from mobile 00:40:96:af:6e:af
Sun Apr 25 15:53:53 2010: AuthenticationRequest: 0xb14e64c
Sun Apr 25 15:53:53 2010:       Callback.....................................0x85ef9f8
Sun Apr 25 15:53:53 2010:       protocolType.................................0x00140001
Sun Apr 25 15:53:53 2010:       proxyState...................................00:40:96:AF:6E:AF-35:00
Sun Apr 25 15:53:53 2010:       Packet contains 15 AVPs (not shown)
Sun Apr 25 15:53:53 2010: 00:40:96:af:6e:af Successful transmission of Authentication Packet (id 155) to 172.24.128.152:1812, proxy state 00:40:96:af:6e:af-00:00
Sun Apr 25 15:53:53 2010: 00000000: 01 9b 00 d0 65 1e d8 5e  94 1a 78 64 99 ce 05 a2  ....e..^..xd....
Sun Apr 25 15:53:53 2010: 00000010: 57 a3 4a 65 01 18 50 45  41 50 2d 30 30 2d 34 30  W.Je..PEAP-00-40
Sun Apr 25 15:53:53 2010: 00000020: 2d 39 36 2d 41 46 2d 36  45 2d 41 46 1f 13 30 30  -96-AF-6E-AF..00
Sun Apr 25 15:53:53 2010: 00000030: 2d 34 30 2d 39 36 2d 41  46 2d 36 45 2d 41 46 1e  -40-96-AF-6E-AF.
Sun Apr 25 15:53:53 2010: 00000040: 17 30 30 2d 31 43 2d 42  30 2d 30 36 2d 39 42 2d  .00-1C-B0-06-9B-
Sun Apr 25 15:53:53 2010: 00000050: 37 30 3a 57 43 4c 05 06  00 00 00 01 04 06 ac 18  70:WCL..........
Sun Apr 25 15:53:53 2010: 00000060: 80 23 20 10 43 69 73 63  6f 5f 39 35 3a 38 61 3a  .#..Cisco_95:8a:
Sun Apr 25 15:53:53 2010: 00000070: 38 30 1a 0c 00 00 37 63  01 06 00 00 00 01 06 06  80....7c........
Sun Apr 25 15:53:53 2010: 00000080: 00 00 00 02 0c 06 00 00  05 14 3d 06 00 00 00 13  ..........=.....
Sun Apr 25 15:53:53 2010: 00000090: 40 06 00 00 00 0d 41 06  00 00 00 06 51 05 31 32  @.....A.....Q.12
Sun Apr 25 15:53:53 2010: 000000a0: 38 4f 1d 02 02 00 1b 01  50 45 41 50 2d 30 30 2d  8O......PEAP-00-
Sun Apr 25 15:53:53 2010: 000000b0: 34 30 2d 39 36 2d 41 46  2d 36 45 2d 41 46 50 12  40-96-AF-6E-AFP.
Sun Apr 25 15:53:53 2010: 000000c0: e5 9f 90 3b 53 1f b9 17  02 4a e9 44 37 31 ef 80  ...;S....J.D71..
Sun Apr 25 15:53:55 2010: 00:40:96:af:6e:af Successful transmission of Authentication Packet (id 155) to 172.24.128.152:1812, proxy state 00:40:96:af:6e:af-00:00

602
Views
0
Helpful
0
Replies
CreatePlease login to create content