Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WLC and AP 802.1x fails

Hi all,

I am trying to gather some information on how to pin point the issue that we are facing with.

after creating a new WLAN ID (same as BODY) which is applied to the same interface as BYOD interface the APs are sometimes associated with the new WLAN ID for a short time. then it get disconnected. with following

Exclusion reason : 802.1x failed

I have to mention, BYOD works fine.

I have deb the aaa all and could not see any valid information there.

any idea what i could do next

ps also ran the following without any indication to the AP Mac address

deb mac add <add>

deb capwap event

deb capwap error

any other ideas?


thanks in advance



  • Getting Started with Wireless

 Hi, to make it simple, just




to make it simple, just get a debug client <MAC> and look into the logs after the EAP challenges, you should see the following



-access reject


-access challenge


if you get access-accept, then everything is fine with the .1x

if you get reject, check your AAA server logs and the supplicant configuration


if the issue appears after access accept and the clients disconnect the logs might show you why "you need a timestamp"


for the .1x exclusion, it seems that the client is using wrong credentials multiple times and the WLC block it to prevent the AAA queue to be full.


Please refer to the link-http

Please refer to the link-

Cisco Employee

debug client mac address is

debug client mac address is needed to solve  the problem and its not possible that radius auth is failing and BYOD is working..

This widget could not be displayed.