Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
654
Views
0
Helpful
1
Replies

EAP-Request/Identity to mobile e4:ce:8f:13:e4:de (EAP Id 20)

Hosam Badreldin
Level 1
Level 1

‎05-18-2012 01:09 PM - edited ‎07-03-2021 10:11 PM

Hello,

I'm facing a problem related to devices authenticating to our wireless network. Below are how it is setup:

WLC 4404 pass authentication to ACS 5.3 (PEAP + MsChapV2) then to AD server.

Client can get stock in this status and it keeps repeating from 1 to 20:

*Dot1x_NW_MsgTask_0: May 18 19:57:47.477: e4:ce:8f:13:e4:de dot1x - moving mobile e4:ce:8f:13:e4:de into Connecting state

*Dot1x_NW_MsgTask_0: May 18 19:57:47.477: e4:ce:8f:13:e4:de Sending EAP-Request/Identity to mobile e4:ce:8f:13:e4:de (EAP Id 19)

*Dot1x_NW_MsgTask_0: May 18 19:57:47.481: e4:ce:8f:13:e4:de Received EAPOL EAPPKT from mobile e4:ce:8f:13:e4:de

*Dot1x_NW_MsgTask_0: May 18 19:57:47.483: e4:ce:8f:13:e4:de Received EAPOL EAPPKT from mobile e4:ce:8f:13:e4:de

*Dot1x_NW_MsgTask_0: May 18 19:58:17.482: e4:ce:8f:13:e4:de Received EAPOL START from mobile e4:ce:8f:13:e4:de

*Dot1x_NW_MsgTask_0: May 18 19:58:17.482: e4:ce:8f:13:e4:de dot1x - moving mobile e4:ce:8f:13:e4:de into Connecting state

*Dot1x_NW_MsgTask_0: May 18 19:58:17.482: e4:ce:8f:13:e4:de Sending EAP-Request/Identity to mobile e4:ce:8f:13:e4:de (EAP Id 20)

*Dot1x_NW_MsgTask_0: May 18 19:58:17.485: e4:ce:8f:13:e4:de Received EAPOL EAPPKT from mobile e4:ce:8f:13:e4:de

*Dot1x_NW_MsgTask_0: May 18 19:58:17.487: e4:ce:8f:13:e4:de Received EAPOL EAPPKT from mobile e4:ce:8f:13:e4:de

*Dot1x_NW_MsgTask_0: May 18 19:58:47.488: e4:ce:8f:13:e4:de Received EAPOL START from mobile e4:ce:8f:13:e4:de

I have the Max EAP identity request retries set to 20, that is why it stops in 20.

I checked the WLC logs and I'll I can see is:

May  18 14:45:59 10.3.1.10/10.3.1.10 MG-LWAPP-C1: *Dot1x_NW_MsgTask_0: May  18 19:45:59.306: %APF-1-USER_ADD_FAILED: apf_ms.c:5665 Unable to create  username joe132 for mobilee4:ce:8f:13:e4:de

The  strange thing is on the ACS I can't see any authentication attempts. I  think the WLC is trying to use the PMK cache for this but I'm not sure  why and how??

Anybody seen something like this??

Labels:
0 Helpful
1 Reply 1

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎05-18-2012 04:12 PM

From that debug the WLC sends the identity request an the clue t sends two eap packet then the client sends an EAPOL start which tells the WLC to start all over.

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card