Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
960
Views
0
Helpful
7
Replies

WLC 4402 slow authentication

Go to solution
james-mccarthy
Level 1
Level 1

‎12-26-2007 12:35 PM - edited ‎07-03-2021 03:08 PM

We just upgraded to software version 4.2.61.0 and some users are experiencing very long delays during authentication. We use 8021x with RADIUS authentication. When they log into the computer, it hangs for about 60 seconds after entering the password. After that it will hang at the "applying computer settings" screen for anywhere from 10 minutes to forever. This does not happen if the computer is plugged into the wired network. It's random. I can move the AP's to the other controller and it will work for a day or two and then start acting up again. I move them back to the primary controller and it is ok for a day or two. I can't seem to figure this out so I thought I'd get some input from you guys since you have always been a great deal of help.

Thanks

James

EDIT: after the upgrade we have been receiving TONS of MFP anomally detections and Broadcast Deauth events......could this be related?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to james-mccarthy

‎12-27-2007 05:02 PM

In the Security tab under Wireless Protection Policies | AP Authentication / MFP, Protection Type set to none for now. How do you have your WLC setup... primary and backup or are the two spliting the load? What radius server are you running and how many? What do you see in the logs in the radius server?

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎12-27-2007 02:13 PM

Try setting the timeout to 30:

config advanced eap identity-request-timeout 30 and disable MFP.

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
james-mccarthy
Level 1
Level 1
In response to Scott Fella

‎12-27-2007 03:19 PM

I'll try that right now....The problem is that it is a random occurence. Most laptops have no problems but a few just refuse to connect. I'll let you know what I come up with.

Thanks

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to james-mccarthy

‎12-27-2007 03:34 PM

if few refuse to connect, do you mean that it never was able to. Verify that you have the latest drivers on the client side and if using some old devices, make sure you have data rates 1mb and 2.2mb set as mandatory, which is required on some of the legacy devices. This is also required on the Intel 2200 wifi cards with old drivers.

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
james-mccarthy
Level 1
Level 1
In response to Scott Fella

‎12-27-2007 03:40 PM

First off, in your first post, did you want me to disable the MFP infrastructure or disable MFP Frame Validation on the AP?

And all of our laptops are identical with the same driver for the intel 2915ABG ProWireless. All the laptops have the same XP Pro image.

Someone had a laptop yesterday that wouldn't connect. It had the problem I stated earlier. As soon as I moved it to a different AP on a different controller, it worked. So I moved all 38 AP's over to that controller and everything was fine until today. There are two other computers that can't log on. It's very random.

Thanks for all your help. I have already disabled MFP Infrastructure and set the timeout to 30. I'll post with more info....

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to james-mccarthy

‎12-27-2007 05:02 PM

In the Security tab under Wireless Protection Policies | AP Authentication / MFP, Protection Type set to none for now. How do you have your WLC setup... primary and backup or are the two spliting the load? What radius server are you running and how many? What do you see in the logs in the radius server?

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
james-mccarthy
Level 1
Level 1
In response to Scott Fella

‎12-27-2007 05:06 PM

they are splitting the load technically. If I restart either controller all the AP's default to the other one and stay there. But I've been testing the wireless after I disabled MFP and it seems to be working. I tested a laptop on 10 random AP's and it worked fine.

But under the AP Authentication section, it was set to AP authentication and not MFP. I just disabled MFP per WLAN earlier.

EDIT: We have two radius servers and I don't have access to the logs. The server guy went home hours ago.

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to james-mccarthy

‎12-27-2007 07:07 PM

The reason I asked about how many ACS, is because depending on which one the user hits, their might be an issue. How are you syncing the database between the two? I would set the radius on the WLC to only one ACS and veify that ACS is fine and then vice versa to eliminate ACS issues. Take a look at the pass attemps and failed attempts. You might have to enable this logging if you do not see any logs.

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card