Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

EAP Auth problems....

Hello

I'm trying to do EAP-TLS and for some reason every time I start authentication, the first time it tries, it fails with this error message:

EAP retry limit reached for Station (StationName)

And then almost exactly 1 minute later, it will try to auth again and this time, it usually works fine. Any ideas. Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: EAP Auth problems....

Jason, I feel your pain but I think I know your answer. The newest client software stores your credentials. If you go into ACU and edit your profile you will see, if you scroll down, a listing for Username, Password, and Domain. You will find that your user name is filled in after you login the first time but not your password. What happens the next time you login, I think, is that the client tries to log you in with the incomplete credentials and only after it fails will it come up and ask you for you to enter them. When you enter them you are then given access to the network and allowed to reach the DHCP server. If your remove all credential info from your profile it will ask you to login immediately. If you enter all three you will be logged in automatically, which of course has major security issues. Remove all traces of credential info from your profile and try it. Let me know.

4 REPLIES
Cisco Employee

Re: EAP Auth problems....

Hi Jason,

You will need to look at the EAP diag on the AP and also the debugs on the server to try and establish the cause of the first failure. You may have too bigger delay in contacting your certificate server but this is only a guess without more information

New Member

Re: EAP Auth problems....

Jason, I feel your pain but I think I know your answer. The newest client software stores your credentials. If you go into ACU and edit your profile you will see, if you scroll down, a listing for Username, Password, and Domain. You will find that your user name is filled in after you login the first time but not your password. What happens the next time you login, I think, is that the client tries to log you in with the incomplete credentials and only after it fails will it come up and ask you for you to enter them. When you enter them you are then given access to the network and allowed to reach the DHCP server. If your remove all credential info from your profile it will ask you to login immediately. If you enter all three you will be logged in automatically, which of course has major security issues. Remove all traces of credential info from your profile and try it. Let me know.

New Member

Re: EAP Auth problems....

Well I dont really know what the solution to my problem was, but it is working now and what you said regarding cached logon info sounds like it could have been the culprit. I basically installed the ACU and wireless card into a couple of different notebooks which have never had the ACU installed on them before and all of them seemed to work just fine. Although, we now use PEAP for authentication to the Windows 2000 IAS server and find it much easier to scale for new users etc. thanks for all your help though.

New Member

Re: EAP Auth problems....

Hello,

sorry for this way, but I read you now use PEAP for authentication to the Windows 2000 IAS server. Could you please have a look to my contribution, just one row below yours, called PEAP authentication problems and give me any idea.

Thank you very much.

144
Views
0
Helpful
4
Replies