Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Clients not able to connect to WPA2 AES wireless network

Hi,

I have a 5508 WLC and 40+ LAP1142N APs spread across 19 locations that allows staff to connect to our private network via wireless. I recently deployed about 40 new laptops all identical make and model HP ProBook 4530's and all have the same client setup for the wireless. Out of those 40 laptops I have 4 that will not connect to the private network. However, these same laptops will connect to my public, open wireless network without issue. In addition to the 4 that will not connect all the others will prompt twice for network authentication.

Now, I have about 10 other laptops that are not the HP model and all connect without issue and without dual propt. I don't think this is a wireless network issue but could be some type of issue with this model of laptop.

I have attached the Client Setup information

I am also in contact with HP to get thier take, but thought I would post here as well to see if anyone has run into this. Let me know if you need more detail on the WLAN setup.

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Clients not able to connect to WPA2 AES wireless network

On your WLC, go to show clients and see what PEM state the failing clients are in,  802.1X_REQ state?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
8 REPLIES

Clients not able to connect to WPA2 AES wireless network

Andrew,

Specific to the 4 devices that can not connect. Have you checked the radius logs for these 4 devices. If not, can you do that and see what the radius server says ?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: Clients not able to connect to WPA2 AES wireless network

Here is the audit log from the RADIUS server. The first four jbaker and aschulz are on laptops that connect but do a double login and the last 2 (aschulz) are from the laptop that will not connect at all.

10.0.1.20,SERVERS\JBaker,06/13/2012,10:32:45,IAS,ALPHA,5000,audit-session-id=0a000114000000c24fd8ce7b,31,d0-df-9a-ef-35-e7,30,2c-3f-38-ab-08-a0:Library Staff,5,13,4,10.0.1.20,32,WLC,26,0x00003763010600000002,6,2,12,1300,61,19,64,13,65,6,81,40,4108,10.0.1.20,4116,0,4128,WLC,4155,1,4154,Use Windows authentication for all users,4129,SERVERS\JBaker,4149,PEAP-Wireless,25,311 1 10.0.0.221 03/06/2012 15:52:19 6082,4130,/Staff User Accounts/IT/Non - Filtered/John Baker,4132,Secured password (EAP-MSCHAP v2),4127,11,4136,1,4142,0

10.0.1.20,SERVERS\JBaker,06/13/2012,10:32:45,IAS,ALPHA,25,311 1 10.0.0.221 03/06/2012 15:52:19 6082,4132,Secured password (EAP-MSCHAP v2),4127,11,8100,0,4120,0x01534552564552,4130,/Staff User Accounts/IT/Non - Filtered/John Baker,6,2,4108,10.0.1.20,4116,0,4128,WLC,4155,1,4154,Use Windows authentication for all users,4129,SERVERS\JBaker,4149,PEAP-Wireless,4136,2,4142,0

10.0.1.20,aschulz,06/13/2012,10:33:46,IAS,ALPHA,5000,audit-session-id=0a000114000000c34fd8cefa,31,cc-52-af-97-5c-5f,30,2c-3f-38-ab-08-a0:Library Staff,5,13,4,10.0.1.20,32,WLC,26,0x00003763010600000002,6,2,12,1300,61,19,64,13,65,6,81,40,4108,10.0.1.20,4116,0,4128,WLC,4155,1,4154,Use Windows authentication for all users,4129,SERVERS\aschulz,4149,PEAP-Wireless,25,311 1 10.0.0.221 03/06/2012 15:52:19 6100,4130,/Staff User Accounts/IT/Non - Filtered/Andrew Schulz,4132,Secured password (EAP-MSCHAP v2),4127,11,4136,1,4142,0

10.0.1.20,aschulz,06/13/2012,10:33:46,IAS,ALPHA,25,311 1 10.0.0.221 03/06/2012 15:52:19 6100,4132,Secured password (EAP-MSCHAP v2),4127,11,8100,0,4120,0x01534552564552,4130,/Staff User Accounts/IT/Non - Filtered/Andrew Schulz,6,2,4108,10.0.1.20,4116,0,4128,WLC,4155,1,4154,Use Windows authentication for all users,4129,SERVERS\aschulz,4149,PEAP-Wireless,4136,2,4142,0

10.0.1.20,aschulz,06/13/2012,10:35:29,IAS,ALPHA,5000,audit-session-id=0a000114000000c44fd8cf61,31,74-de-2b-37-50-d2,30,2c-3f-38-ab-08-a0:Library Staff,5,13,4,10.0.1.20,32,WLC,26,0x00003763010600000002,6,2,12,1300,61,19,64,13,65,6,81,40,4108,10.0.1.20,4116,0,4128,WLC,4155,1,4154,Use Windows authentication for all users,4129,SERVERS\aschulz,4149,PEAP-Wireless,25,311 1 10.0.0.221 03/06/2012 15:52:19 6108,4130,/Staff User Accounts/IT/Non - Filtered/Andrew Schulz,4132,Secured password (EAP-MSCHAP v2),4127,11,4136,1,4142,0

10.0.1.20,aschulz,06/13/2012,10:35:29,IAS,ALPHA,25,311 1 10.0.0.221 03/06/2012 15:52:19 6108,4132,Secured password (EAP-MSCHAP v2),4127,11,8100,0,4120,0x01534552564552,4130,/Staff User Accounts/IT/Non - Filtered/Andrew Schulz,6,2,4108,10.0.1.20,4116,0,4128,WLC,4155,1,4154,Use Windows authentication for all users,4129,SERVERS\aschulz,4149,PEAP-Wireless,4136,2,4142,0

Re: Clients not able to connect to WPA2 AES wireless network

So I am not super strong on the IAS, I work on ACS. Is there a fail log. I dont see the reason codes why these guys are failing, as for the last 2.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: Clients not able to connect to WPA2 AES wireless network

I have all logging options turned on in IAS including Rejected authentication requests. I too am not seeing a failed connection. Interesting though, I created a new log and tried connecting with the laptop that will not connect at all and the log is the same as above. No indication of a rejected authentication request.

Re: Clients not able to connect to WPA2 AES wireless network

On your WLC, go to show clients and see what PEM state the failing clients are in,  802.1X_REQ state?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: Clients not able to connect to WPA2 AES wireless network

Sorry about this, but I think I may need a bit more detail on how to do that. I logged into the WLC and under the Monitor tab go to Clients. I don't see PEM state.

New Member

Re: Clients not able to connect to WPA2 AES wireless network

Do I need to enable debugging on the controller to get the PEM state.

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a008091b08b.shtml#pem

New Member

Re: Clients not able to connect to WPA2 AES wireless network

I figured out what the issue was both with the clients that would not connect and the clients that would prompt for double authentication. The issue was my DHCP scope 10.0.10.10 - 250, my interface for that connection was 10.0.10.20, the client that was not able to connect was beign handed the address of the WLC interface and all other clients would hit that one then be hanned the next available IP. I changed the interface to 10.0.10.9 and all issues went away.

Stupid mistake, but easy fix.

840
Views
0
Helpful
8
Replies