Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

IAS Connection drops

Upon first login, it takes at minimum 2 to 3 login attempts within a 7 minute period before the connection is stable.

#

#

Environment:

- WLC2106; Software Version = 6.0.182.0

- IAS Server = Server 2003 Standard

- (2) 1242ag Access Points

- (1) 1131ag Access Point

- Used the following doc for configuring IAS: https://www.cisco.com/application/pdf/paws/100397/peap-ias.pdf

#

#

#

Here are the Events from the IAS server:

Event Type:      Information

Event Source:   IAS

Event Category:            None

Event ID:          5050

Date:                5/4/2010

Time:                8:35:01 AM

User:                N/A

Computer:        SERVER

Description:

A LDAP connection with domain controller server.domain.com for domain <omitted> is established.

#

#

#

Event Type:      Error

Event Source:   IAS

Event Category:            None

Event ID:          3

Date:                5/4/2010

Time:                8:35:02 AM

User:                N/A

Computer:        SERVER

Description:

Access request for user <doman\user> was discarded.

Fully-Qualified-User-Name = domain.com/OU1/OU2/Users/<user name>

NAS-IP-Address = 10.1.1.xx

NAS-Identifier = <identifier>

Called-Station-Identifier = 00-1f-55-55-55-55:WLAN

Calling-Station-Identifier = 90-4c-e5-33-33-33

Client-Friendly-Name = <Friendly>

Client-IP-Address = 10.1.1.xx

NAS-Port-Type = Wireless - IEEE 802.11

NAS-Port = 5

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Reason-Code = 1

Reason = An internal error occurred. Check the system event log for additional information.

#

#

#

Event Type:      Information

Event Source:   IAS

Event Category:            None

Event ID:          1

Date:                5/4/2010

Time:                8:35:16 AM

User:                N/A

Computer:        SERVER

Description:

User <doman\user> was granted access.

Fully-Qualified-User-Name = domain.com/OU1/OU2/Users/<user name>

NAS-IP-Address = 10.1.1.xx

NAS-Identifier = <identifier>

Client-Friendly-Name = <Friendly>

Client-IP-Address = 10.1.1.xx

Calling-Station-Identifier = 90-4c-e5-33-33-33

NAS-Port-Type = Wireless - IEEE 802.11

NAS-Port = 5

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = PEAP-Wireless

Authentication-Type = PEAP

EAP-Type = Secured password (EAP-MSCHAP v2)

#

#

#

Here is what I have done so far…

#

#

  1. Controller > WLANs > Advanced tab > disabled “Enable Session Timeout” (removed check mark)
  2. Controller > Security > “Server Timeout” – increased from 2 to 30 seconds
  3. Controller > Wireless > Each AP > Advanced tab > disabled “Rogue Detection” (removed check mark)
  4. IAS Service > Remote Access Policies > Edit Profile > Authentication tab > EAP Methods > Edit EAP Types (which is eap-mschapv2) > increased number of authentication retires from 2 to 5.

Thanks in advance

770
Views
0
Helpful
0
Replies
CreatePlease to create content