PEAP clients --- rapid re-authentication

charles wainwright · ‎09-01-2010

We are deploying a large number of IV pumps with internal wireless NICs( dlink)

Clients can successfuly authenticate...then re-authenticate every few seconds..

controller code 6.0.188

ACS version 4.2

authenticating to microsoft AD

Clients are configured for WPA2, PEAP, MSCHAPv2,

each has a unique identity/password

ACS is the CA( using self signed cert)

Any know of a timer value or setting that my trigger this ?

Kayle Miller · ‎09-01-2010

Charles,

Just a thought on this, is WPA AES enabeld on the SSID? If so try disabling it if you can. I have run into several instances where when that was enabled even though not being used it caused thousands of re-authentications per second. I actually saw it take down 2 seperate client facilities, in both cases I had TAC Cases open and TAC couldn't understand why it was happening, only that once we disabled WPA AES it immediately stopped and the clients only re-authed on the timer set in the WLC for Session timeout.

Hope this helps.. Please rate useful posts.

Thanks,

Kayle

George Stefanick · ‎09-03-2010

for starters, do a client debug and see what is going on ...

from the WLC

debug client XXXXXXXXXX

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________