Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

enter credentials twice

Hello,
I  have a cisco 4402 controller with version 4.2.176.0 with an SSID  configured with Security Policies [WPA WPA2] [Auth (802.1X)],
since a few days many users who connect to this SSID asked twice access credentials, the first time says can not connect to this SSID and the next time the client is connected correctly. I made a debug for a client but all I can see is:


Thu  Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Received EAP Response from  mobile 00:1 f: 3c: 09: cb: c8 (EAP Id 14, EAP Type 21)
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Entering Backend Auth Response state for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Processing Access-Challenge for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Entering Backend Auth Req state (id = 15) for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Sending EAP Request from AAA to mobile 00:1 f: 3c: 09: cb: c8 (EAP Id 15)
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 EAPPKT Received EAPOL from mobile 00:1 f: 3c: 09: cb: c8
Thu  Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Received EAP Response from  mobile 00:1 f: 3c: 09: cb: c8 (EAP Id 15, EAP Type 21)
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Entering Backend Auth Response state for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Processing Access-Challenge for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Entering Backend Auth Req state (id = 16) for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Sending EAP Request from AAA to mobile 00:1 f: 3c: 09: cb: c8 (EAP Id 16)
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 EAPPKT Received EAPOL from mobile 00:1 f: 3c: 09: cb: c8
Thu  Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Received EAP Response from  mobile 00:1 f: 3c: 09: cb: c8 (EAP Id 16, EAP Type 21)
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Entering Backend Auth Response state for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Processing Access-Challenge for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Entering Backend Auth Req state (id = 17) for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Sending EAP Request from AAA to mobile 00:1 f: 3c: 09: cb: c8 (EAP Id 17)
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 EAPPKT Received EAPOL from mobile 00:1 f: 3c: 09: cb: c8
Thu  Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Received EAP Response from  mobile 00:1 f: 3c: 09: cb: c8 (EAP Id 17, EAP Type 21)
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Entering Backend Auth Response state for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Processing Access-Challenge for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Entering Backend Auth Req state (id = 18) for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Sending EAP Request from AAA to mobile 00:1 f: 3c: 09: cb: c8 (EAP Id 18)
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 EAPPKT Received EAPOL from mobile 00:1 f: 3c: 09: cb: c8
Thu  Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Received EAP Response from  mobile 00:1 f: 3c: 09: cb: c8 (EAP Id 18, EAP Type 21)
Thu Sep 30 12:45:18 2010: 00:1 f: 3c: 09: cb: c8 Entering Backend Auth Response state for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:20 2010: 00:1 f: 3c: 09: cb: c8 Processing Access-Reject for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:20 2010: 00:1 f: 3c: 09: cb: c8 Sending EAP-Failure to mobile 00:1 f: 3c: 09: cb: c8 (EAP Id 18)
Thu Sep 30 12:45:20 2010: 00:1 f: 3c: 09: cb: c8 Entering Backend Auth Failure state (id = 18) for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:20 2010: 00:1 f: 3c: 09: cb: c8 Setting quiet timer for 5 seconds for mobile 00:1 f: 3c: 09: cb: c8
Thu Sep 30 12:45:20 2010: 00:1 f: 3c: 09: cb: c8 dot1x - moving mobile 00:1 f: 3c: 09: cb: c8 Into Unknown state
Thu Sep 30 12:45:23 2010: 00:1 f: 3c: 09: cb: c8 Association on mobile Receive From AP 00:0 b: 85:6 e: bf: 90
Thu Sep 30 12:45:23 2010: 00:1 f: 3c: 09: cb: c8 STA - rates (8): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
Thu Sep 30 12:45:23 2010: 00:1 f: 3c: 09: cb: c8 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0

In the WCS the report for this client there is not errors...what can be the reason of this behaviour?

thanks in advance!

  • Other Wireless - Mobility Subjects
3 REPLIES

Re: enter credentials twice

What does the SBR, I'm guessing it's SBR as you're doig TTLS, say is happening?  From the debug we see " Processing Access-Reject for mobile", so the AAA rejected for some reason.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: enter credentials twice

Thanks for a quick response.

the credentials entered by users are the same the first and the second time, but the first time the user is rejected ...

is necessary to make a debug aaa in the WLC?

Re: enter credentials twice

You could, but I think you would be better served by checking the AAA server to see why it rejected the authentication the first time.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
671
Views
0
Helpful
3
Replies
This widget could not be displayed.