Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

802.1x authentication fails

Setup: two 5500 (v6.0.188.0, mix of 1131 and 1141 AP`s

Laptops running fine for random number of weeks suddenly can´t connect to the wireless network. The output from Client troubleshoot shows:

05/07/2010 07:03:14 CESTINFO10.1.1.101Controller association request message received.
05/07/2010 07:03:14 CESTINFO10.1.1.101Association request received from a client has an invalid RSN IE.(One reason could be mismatch in WPA2 algorithm).
05/07/2010 07:03:14 CESTINFO10.1.1.101Received reassociation request from client.
05/07/2010 07:03:14 CESTINFO10.1.1.101The wlan to which client is connecting requires 802 1x authentication.
05/07/2010 07:03:14 CESTINFO10.1.1.101Client moved to associated state successfully.
05/07/2010 07:03:14 CESTINFO10.1.1.101Received EAP Response from the client.
05/07/2010 07:03:14 CESTINFO10.1.1.101Received EAPOL start message from client.
05/07/2010 07:03:14 CESTINFO10.1.1.101Received EAP Response from the client.
05/07/2010 07:03:14 CESTINFO10.1.1.101EAP response from client to AP received.
05/07/2010 07:03:14 CESTINFO10.1.1.101EAP response from client to AP received.
05/07/2010 07:03:14 CESTINFO10.1.1.101Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
05/07/2010 07:03:14 CESTINFO10.1.1.101Received Access-Challenge from the RADIUS server for the client.
05/07/2010 07:03:14 CESTINFO10.1.1.101Sending EAP request to client from radius server.
05/07/2010 07:03:14 CESTINFO10.1.1.101EAP response from client to AP received.
05/07/2010 07:03:14 CESTINFO10.1.1.101Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
05/07/2010 07:03:14 CESTINFO10.1.1.101Received Access-Challenge from the RADIUS server for the client.
05/07/2010 07:03:14 CESTINFO10.1.1.101Sending EAP request to client from radius server.
05/07/2010 07:03:14 CESTINFO10.1.1.101EAP response from client to AP received.
05/07/2010 07:03:14 CESTINFO10.1.1.101Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
05/07/2010 07:03:14 CESTINFO10.1.1.101Received Access-Challenge from the RADIUS server for the client.
05/07/2010 07:03:14 CESTINFO10.1.1.101Sending EAP request to client from radius server.
05/07/2010 07:03:14 CESTINFO10.1.1.101EAP response from client to AP received.
05/07/2010 07:03:14 CESTINFO10.1.1.101Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
05/07/2010 07:03:14 CESTINFO10.1.1.101Received Access-Challenge from the RADIUS server for the client.
05/07/2010 07:03:14 CESTINFO10.1.1.101Sending EAP request to client from radius server.
05/07/2010 07:03:14 CESTINFO10.1.1.101EAP response from client to AP received.
05/07/2010 07:03:14 CESTINFO10.1.1.101Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
05/07/2010 07:03:14 CESTINFO10.1.1.101Received Access-Challenge from the RADIUS server for the client.
05/07/2010 07:03:14 CESTINFO10.1.1.101Sending EAP request to client from radius server.
05/07/2010 07:03:14 CESTINFO10.1.1.101EAP response from client to AP received.
05/07/2010 07:03:14 CESTINFO10.1.1.101Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
05/07/2010 07:03:14 CESTINFO10.1.1.101Received Access-Challenge from the RADIUS server for the client.
05/07/2010 07:03:14 CESTINFO10.1.1.101Sending EAP request to client from radius server.
05/07/2010 07:03:14 CESTINFO10.1.1.101EAP response from client to AP received.
05/07/2010 07:03:14 CESTINFO10.1.1.101Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
05/07/2010 07:03:14 CESTINFO10.1.1.101Received Access-Challenge from the RADIUS server for the client.
05/07/2010 07:03:14 CESTINFO10.1.1.101Sending EAP request to client from radius server.
05/07/2010 07:03:14 CESTINFO10.1.1.101EAP response from client to AP received.
05/07/2010 07:03:14 CESTINFO10.1.1.101Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
05/07/2010 07:03:14 CESTINFO10.1.1.101Received Access-Challenge from the RADIUS server for the client.
05/07/2010 07:03:14 CESTINFO10.1.1.101Sending EAP request to client from radius server.
05/07/2010 07:03:44 CESTERROR10.1.1.101Retransmitting EAP-ID request to client,retransmission timer expired.
05/07/2010 07:04:14 CESTERROR10.1.1.101Retransmitting EAP-ID request to client,retransmission timer expired.
05/07/2010 07:04:44 CESTERROR10.1.1.101Authentication failed for client as EAP ID request from AP reached maxmium retransmissions.
05/07/2010 07:04:44 CESTERROR10.1.1.101De-authentication sent to client. slot 0 (claller 1x_ptsm.c:467)
05/07/2010 07:04:44 CESTERROR10.1.1.101
05/07/2010 07:04:44 CESTERROR10.1.1.101EAPOL-key is invalid, scheduling client for deletion.

3 REPLIES

Re: 802.1x authentication fails

You don't say what form of 802.1X you are using, but if you are using PEAP or EAP-TLS, your RADIUS server certificate may have expired (or something else has happened to make the clients not trust the RADIUS server's certificate).

Community Member

Re: 802.1x authentication fails

We are using PEAP-MS-CHAP v2 . The IAS certificate is valid to 2014. We have about 300 laptops, but now and then some of them fails to authenticate. Yesterday I noticed that if I had one of the failing computers connected with wire, after some minutes it suddenly authenticated wireless!

Community Member

Re: 802.1x authentication fails

I guess I found the cause of the problem:

http://support.microsoft.com/kb/904943

2815
Views
0
Helpful
3
Replies
CreatePlease to create content