Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Frequent reauthentications with 4402 WLC

We're having an odd problem with web authentication on a 4402 WLC. Users have to reauthenticate several times before it seems to "stick." After logging in, they'll have to log in again after 2-5 minutes, and then possibly a few more times in the same kind of intervals (sometimes as few as 2-3 reauthentications, once as many as nine times).

Here's an odd wrinkle: we also have a 2106 controller, identically configured (as far as I can verify. They should have the same configuration, except for IP addresses of course). It's rock solid.

Both controllers are pointing to a Cisco ACS (the same one for both) for authentication, which in turn does an LDAP lookup.

Has anyone seen something like this? Digging into the WLC logs shows messages that the user failed authentication (note that the user never gives a bad username/password combo, so it looks as if something internal is forgetting the previous auth). Here's a sample line:

Apr 17 10:03:32.564 aaa.c:1184 AAA-5-AAA_AUTH_NETWORK_USER: Authentication failed for network user '<redacted>'

I also see a lot of messages like this, but again I have no idea if they're connected to my problem:

Apr 17 10:04:13.563 apf_foreignap.c:1278 APF-4-REGISTER_IPADD_ON_MSCB_FAILED: Could not Register IP Add on MSCB. MSCB still in init state. Address:<redacted>

Apr 17 10:03:14.090 apf_foreignap.c:1285 APF-1-CHANGE_ORPHAN_PKT_IP: Changing orphan packet IP address for station00:<redacted> from <redacted> ---><redacted>

Apr 17 10:03:14.090 apf_foreignap.c:1278 APF-4-REGISTER_IPADD_ON_MSCB_FAILED: Could not Register IP Add on MSCB. MSCB still in init state. Address:<redacted>

Any insights would be appreciated. Like I said, the fact that this setup is working fine on one WLC but not on the other is creating much head-scratching.

Thanks.

3 REPLIES
Community Member

Re: Frequent reauthentications with 4402 WLC

Having the same issue, WLC 4402s with 5.0.148, only with internal user DB (guest users)

Community Member

Re: Frequent reauthentications with 4402 WLC

Did you guys find out what the problem was?

Community Member

Re: Frequent reauthentications with 4402 WLC

I'll bet your 2106 is not running 5.148 code. My first suggestion is to not use the 5.x code in a production environment. If that is not feasible then find out why the session is failing to move into the RUN state. Is there some other requirement for the client ? For example, did you enable the DHCP REQUIRED checkbox in the advanced wlan setting?

548
Views
0
Helpful
3
Replies
CreatePlease to create content