Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Windows phones unable to connect to WLC

 

Hi all,

When we try to connect any windows mobile to wlc (code-7.2.103.0), it doesnt connect and stay in '802.1X REQD' status. What could be the issue.?

SSID settings

 

WPA+WPA2, AES, 802.1X security.

MFP is "optional"

 

I have also attached the debug logs.Quick response is appreciated.

 

3 REPLIES
Hall of Fame Super Silver

802.1X REQD means that the

802.1X REQD means that the layer 2 authentication has failed.  I would look at the radius server to see what failed and how it failed.  Might just be an issue with how windows mobile is trying to authenticate.

Post your show wlan <wlan id>

-Scott
*** Please rate helpful posts ***
New Member

Is there any bug to this

Is there any bug to this current version..?  coz all others are working fine..?

VIP Purple

Hi 

Hi 

It's looks like "Access-Reject" is getting for this client from RADIUS server

*Dot1x_NW_MsgTask_0: Mar 10 16:54:43.369: a8:44:81:2b:d0:08 Entering Backend Auth Response state for mobile a8:44:81:2b:d0:08
*Dot1x_NW_MsgTask_0: Mar 10 16:54:43.373: a8:44:81:2b:d0:08 Processing Access-Reject for mobile a8:44:81:2b:d0:08
*Dot1x_NW_MsgTask_0: Mar 10 16:54:43.373: a8:44:81:2b:d0:08 Removing PMK cache due to EAP-Failure for mobile a8:44:81:2b:d0:08 (EAP Id 6)
*Dot1x_NW_MsgTask_0: Mar 10 16:54:43.373: a8:44:81:2b:d0:08 Sending EAP-Failure to mobile a8:44:81:2b:d0:08 (EAP Id 6)
*Dot1x_NW_MsgTask_0: Mar 10 16:54:43.373: a8:44:81:2b:d0:08 Entering Backend Auth Failure state (id=6) for mobile a8:44:81:2b:d0:08
*Dot1x_NW_MsgTask_0: Mar 10 16:54:43.373: a8:44:81:2b:d0:08 Setting quiet timer for 5 seconds for mobile a8:44:81:2b:d0:0

This is happening multiple time & then it hit "max-AAA failure" condition 

*Dot1x_NW_MsgTask_0: Mar 10 16:55:10.663: a8:44:81:2b:d0:08 Scheduling deletion of Mobile Station:  (callerId: 9) in 10 seconds
*Dot1x_NW_MsgTask_0: Mar 10 16:55:10.663: a8:44:81:2b:d0:08 Max AAA failure for mobile a8:44:81:2b:d0:08
*Dot1x_NW_MsgTask_0: Mar 10 16:55:10.663: a8:44:81:2b:d0:08 Setting quiet timer for 5 seconds for mobile a8:44:81:2b:d0:08
*Dot1x_NW_MsgTask_0: Mar 10 16:55:10.663: a8:44:81:2b:d0:08 dot1x - moving mobile a8:44:81:2b:d0:08 into Unknown state
*osapiBsnTimer: Mar 10 16:55:15.521: a8:44:81:2b:d0:08 802.1x 'quiteWhile' Timer expired for station a8:44:81:2b:d0:08 and for message = M0
*osapiBsnTimer: Mar 10 16:55:20.521: a8:44:81:2b:d0:08 apfMsExpireCallback (apf_ms.c:589) Expiring Mobile!

 

If you are usnig ACS as RADIUS check the ACS logs detail to see exact reason for AUTH failures

 

HTH

Rasika

*** Pls rate all useful responses ****

199
Views
15
Helpful
3
Replies
CreatePlease login to create content