I have installed a WLC4402 with AP 1242, a ACS 4,0 and authenticating with PEAP and the AD he is external.
The problem that I have, is the following one. This disconnecting the users to me constantly and I have seen that it happens when it does roaming and also when I have a single AP, there is an option so that it does roaming but fast or it is transparent.
Aid if I install patch KB885453?
Is fast reconnect enabled , if not then enable it,
To do so goto "System Configuration" -> "Global Authentication Setup" : Enable Fast Reconnect
Do the same on suplicant and see if that make any difference.
This configuration already tries, the problem also is that constantly disconnects them even being near AP (7 mts.) and the time is variable.
If there are registries of unknown User, handshake invalid, but in the end authenticates it, the problem is that it disconnects them between 20, 30 0 40 minutes. and it connects them again.
But the problem is the disconnection.
I found out today that you cannot use the windows client at all. It will force a re-auth every roam.
Mine dropped way too many pings even with credential cashing on. I fixed that with some help from TAC and upgrading the intel driver to the latest ver.
John, We have clients who are having the same reauth issue using the Intel drivers. Got some of them up to 11.x and still the occasional reauth. What were the other issues TAC worked on with you? Were they on the controllers/APs? Running 4.0. last version, upgrading to 4.1 soon. No Cisco ACS, using FUNK on the RSA servers for RADIUS and using PEAP with EAP-GTC using one-time-passwords from tokens. Just curious, thanks in advance.
I just did the clients since the controller is on the correct version that makes the spectralink phone work properly so I am not touching that.
I still am not comfortable with using PEAP. after the driver upgrade we still saw one or two more pings with PEAP than with WPA-PSK. I am not confident that the various applications will survive the extra ping or two.
Once the roll out is underway, I will get better data. but no PEAP until I am comfortable with it.
yes..you must apply the Microsoft patch AND latest Intel drivers for stability on the client side. On the network side, I am using the latest 4.0 code and PEAP works like a charm.
I am struggling with like that as well.
ACS 4.1 - WLC - Oddysey 4.6- Intel 2200~ 3945
Suddenly requsting re-authentication
MS fix is just for MS protocol with the third vendor Radius. Not for GTC.
crazy.. cause of this
Which MS patch are we talking about?
I have a similar situation at a client site and recommended a few steps. Would appreciate if you could give MS patch number.
I have the same issue using the a local group authenication to the AP. The laptop shows an ip address, full speed at 54mbps but I can not browse to the web. I can access the IOS fine. The log shows DOT11-4-Maxtries, DOT11-6-ASSOC, DOT11-6-ROAMED, DOT11-6-DISASSOC.
After 5 - 10 minutes I get access to the web back. This happens early in morning and mid of day.