Cisco Wireless :: 5508 WLC Excessive Client Authentication Association Failure

Jan 29, 2013

I have been noticing in my trap logs that there are an excessive amount of Client Association/Authentication Failures. I cannot figure out why. I have a Cisco 5508 WLC with 81 AP's (1131ag, 1142abgn, 1262N) models. The wireless devices are on a Windows Domain and use 802.1x EAP authentication, authenticating the user and computer info with a RADIUS Server. I look at the logs and all it can tell me is Reason:Unspecified ReasonCode:1. I read that the Reason Code is due to "Client associated but no longer authorized" but to be honest I am not sure what that means.

View 9 Replies


ADVERTISEMENT

Cisco :: WLC 5508 - Client Association Failure Null

Feb 21, 2013

I am running WLC 5508 and WCS version 7.0.98.  We are noticing with some of our handheld devices that have Sychip Wireless cards that they constantly have issues communicating.  The error I see on the WCS side is shown below:     
 
Client '00:0b:6c:2f:d0:32 (0.0.0.0)' failed to associate with interface  '802.11b/g' of AP 'HO-BRSales'. The reason code is '0(null)'.

View 11 Replies View Related

Cisco :: 5508 WLC - Concept Of Association And Authentication

Sep 15, 2010

We have a 5508 WLC with a few WAP's (1131's and 1242's).  Our wireless clients use certificate base authentication against our AD (i.e. both computer cert and user cert are required).  However, from time to time I see clients being associated but not authenticated as reported by the WLC.  Could it be possible, as some literatures indicate that a client can only be "associated" after it's successfully authenticated?  Perhaps I'm not quite clear about the concept.

View 7 Replies View Related

Cisco Wireless :: 5508 - AAA Authentication Failure

Aug 3, 2011

I've set up several local network users (Security > Local Net Users) on the WLC (5508 running 7.0.98.0). Whenever I try to connect with one of these user accounts (I'm testing this out for now), the attempt is unsuccessful and I see an "AAA Authentication Failure for UserName: xxxxxxx User Type: WLAN USER" in the Trap Log. I thought that after trying to authenticate through a RADIUS server, the local user database would be polled and then a user account in that database would be able to authenticate.

View 1 Replies View Related

Cisco Wireless :: New 5508 WLC And 3602i Access Points / Client De-authentication

Jan 25, 2013

Installed a new 5508 WLC last week, and finished bringing 68 new 3602i access points online in our College Dorms. We are seeing a lot of "Client De-authenticated" errors "Reason: Unspecified Reason: Code 1. Years ago I asked about error code 1. The reply from Cisco was: "The programers put the code in. It basically means we don't know what the problem is."Got a call from one of the dorms stating that students were getting knocked off the network while going to sites. If a student is wired, network is solid.Walked the dorm in question and was getting full bars of signals at all times, and was able to stream a movie from my Ultraviolet account without any break or slowdown as I moved from access point to access point. So.. my device, an iPad, was fully mobile and did not experience any disconnects.Did observe one student using a MacBook Pro. This student was constantly loosing connection to the access point. Checked the controller for the MAC of the student's computer. I did find deauthentication errors. BUT... this student's error was the computer was receiving an IP address from the DHCP that was already in use. At the computer the error message was a timeout issue.I am just learning the ropes on the 5508. Have used 3 4404s for the past six years.

View 2 Replies View Related

Cisco Wireless :: 5508 - Client Authentication Fails For Wrong EAP-type

Jan 16, 2012

I have setup the WLC to authenticate to a MS Server2008 NPS for a WPA2/AES SSID. The connection is successful, but client authentication fails for wrong EAP-type. I believe this indicates a Windows7 client issue. What is the required client setup to satisfy the MS NPS?

View 8 Replies View Related

Cisco :: WLC 5508 How To Enhance Client Security Authentication

Dec 20, 2012

Security during client authentication is enhanced by applying both 802.1X and Web Authentication for a WLAN." 

View 7 Replies View Related

Cisco Wireless :: Client Association Syslog Message With 5500 Wlc

Sep 16, 2012

It is a Customer requirement to send 802.11 client association/disassociation logs to the Syslog server in a Unified Wireless system. (AIR-CT5508 + LAP1142) [code] Unfortunately I didn't find such logs even in Msg Log with the severity level set to debugging.I was able to do client assoc/disassoc logging with SNMP trap + trap receiver software, BUT is there any way to do this with Syslog?

View 1 Replies View Related

Cisco Wireless :: 6500 / Association Request From P2P Client Process?

Dec 4, 2012

I'm trying to do some basic troubleshooting on our WiSMS. Some clients on a working network are unable to connect in the afternoons, debugging the client on the wism shows this message:
 
*apfMsConnTask_2: Dec 05 14:23:44.018: Association request from the P2P Client Process P2P Ie and Upadte CB
 
It keeps repeating with the Task_X changing.What does that mean?We have two controllers in our 6500's running this software ver. 7.3.101.0

View 9 Replies View Related

Cisco Wireless :: Migrate All Access Point Association From 4404 To 5508

Sep 17, 2012

In our current Setup we have  one WLC 4404 with 100 Access point license, now we have bought 3 number of 5508 WLC each supporting 100 Access point. Our plan is to Migrate all the Access point assosiation from 4404 to 5508. [code]

View 4 Replies View Related

Cisco Wireless :: AAA Authentication Failure On WLC 4402?

Jun 13, 2012

Error: AAA Authentication Failure for UserName:radiususername User Type: WLAN USER
 
I am using a window radius server. I have added my WLC 4402 as a radius client on my radius server.
 
I followed the instructions on the MS link : [URL]
 
I want to use my windows raduis authentication for WLC management login and Web-Auth for guest WLAN user login.

View 2 Replies View Related

Linksys Wireless Router :: E4200v2 - Bizarre WPA2 Authentication Failure

May 3, 2012

Just installed 2 E4200v2's for a customer today.  Was very optimistic because they worked great in my lab, both for my Win7 laptop  a MacBook.  And after installing 1 on-site and testing w/ my laptop, it worked fine.BUT problems arose when I installed both at the same time (I don't think I ever did this in the lab) and then I tested some computers.  Every computer that I tested (except mine of course), cannot authenticate correctly using the WPA2 password.
 
For the Mac's they get the error "The wi-fi network... requires a WPA2 password" then after entering the *correct* pswd, it says "Invalid password".  They're a Mac shop, but I did try one other Win laptop and that also had a problem, and the error was something like "security mismatch" although I was rushed and didn't write it down.

View 2 Replies View Related

Cisco Wireless :: AP3502 Registration Failure On WLC 5508

Oct 11, 2011

I am having issues registering Cisco 3502 APs with a WLC 5508. They initially register and then disassociate with the controller and fail to re-register. Is it possible to telnet to AP and factory rest the AP. I get connection refused when I try

View 1 Replies View Related

Cisco Wireless :: Client Can't Get DHCP Address When On-MAC-Filter-failure

Aug 21, 2012

The wireless client can't get the DHCP address when I enable the On-MAC-Filter-failure, MAC Filtering and Web Auth. Client can get the DHCP address when I only enable the Web Auth in the same WLAN SSID. The WiSM verion is v7.0.235.0. [code]

View 1 Replies View Related

Cisco Wireless :: Why Is Web Page Auth On MAC Filter Failure Also Not Working On 5508

Jul 22, 2012

I have implemented a Guest WLAN solution as per the recommended design from Cisco. We have two internal WiSM2 controllers providing services for Internal secure SSIDs. Both these controllers are members of a Mobility and RF management group.
 
Two 5508 controllers have been installed in our DMZ for resilience and have been placed into a separate Mobility group. All controllers (internal and external) have been linked together as mobility neighbours in a full mesh and a new SSID for Web Guest traffic has been anchored to the controllers in the DMZ.
 
Web page authentication works perfectly fine, but I cannot for the life of me get the MAC filtering override to work, i.e. if a MAC address is present, do not redirect to the splash page for web auth. I know I can get around this by just creating two separate SSIDs. But the business is used to just having the one SSID for all guest traffic. Is this a known limitation when anchoring SSIDs to controllers in the DMZ ?

View 1 Replies View Related

Cisco Wireless :: 5508 - WebPage Auth On MAC Filter Failure Not Working On Anchor

Nov 1, 2011

I have implemented a Guest WLAN solution as per the recommended design from Cisco. We have two internal WiSM2 controllers providing services for Internal secure SSIDs. Both these controllers are members of a Mobility and RF management group.
 
Two 5508 controllers have been installed in our DMZ for resilience and have been placed into a separate Mobility group. All controllers (internal and external) have been linked together as mobility neighbours in a full mesh and a new SSID for Web Guest traffic has been anchored to the controllers in the DMZ.
 
Web page authentication works perfectly fine, but I cannot for the life of me get the MAC filtering override to work, i.e. if a MAC address is present, do not redirect to the splash page for web auth.

View 6 Replies View Related

Cisco :: VRRP Authentication Failure

Jan 1, 2013

I have a following question. I configured different authentication passwords in Master and slave VRRP setup.

View 2 Replies View Related

Cisco Application :: ANM 5.2 Authentication Failure

Apr 15, 2013

I'm using the Cisco ANM 5.2 version and I'm trying to import the configurations from ACE modules of Cisco switches. The first step is to import the configuration from Cisco switch and the second one is to import the ACE module in the ANM software. I'm getting an authentication problem to import the configuration from Cisco switch and of course I cannot import the ACE as well. The switches and the ACE are using AAA authentication and I have created a specific username to authenticate and import the configurations in the ANM. If I remove the AAA configurations from the switches and ACE modules it works fine.
 
Is there some problem with the AAA configurations in the switches or ACE module?

View 7 Replies View Related

Cisco :: SSH Authentication Failure CiscoWorks LMS 4.0

Oct 24, 2012

I am trying to get CiscoWorks LMS 4.0 to connect to my routers in order to back up configurations, but I am getting SSH authentication failures reported in the router logs (and archiving fails).
 
The credentials LMS is using is a username and password with priviledge 15: the account is established in TACACS+. I can log into the devices directly with this user account.However, I cannot TFTP from the routers to the LMS either (I get a permission denied message in the router).
 
LMS did manage to fetch some configs, but 90% of my devices are having this issue.

View 4 Replies View Related

Cisco VPN :: 5510 Anyconnect SSL VPN Authentication Failure

Dec 26, 2012

I have configured an Asa 5510 as SSL vpn gataway ver 8.2(4) Anyconnect Essential. The clients are authenticated via Radius and OTP password.All work well since yesterday. When I have did same configuration changes. My objective was has that the clients accept the self signed certificate issued by the Asa whitout give the warning about the private cert.
 
So I have try to generaste a new certificate with FQDN equal to myasa.mydomain.com and also a CN=myasa
 
Then I have change the profile XML file of my anyconnect in this way: [code]

View 1 Replies View Related

AAA/Identity/Nac :: ACS 5.2 AD Authentication Restriction Failure?

Aug 24, 2011

I've my ACS linked with AD to give administration access to few network devices and I've created an access policy to link my AD groups with those network devices and command sets.
 
Unfortunately I found I can use any user from my AD to login to my devices. Only LOGIN, the authorization definition is restricting the command set for those users.
 
How can I restrict the LOGIN to an specific AD group?

View 2 Replies View Related

Cisco Routers :: PEAP Authentication Failure With RV120W

Jul 31, 2012

I have a Cisco Small bussiness RV120w and I setup the radius server , WPA2 Enterprise with a windows 2008 NPS radius server . The big problem is that the authentication fails .This is the error that I see in event viewer / server roles / Network policy and access services: reason-code 49 "The connection attempt did not match any connection request policy".The radius key is matching between the server and the client . The radius server is reachable and I don't find any routing issues .Does anybody tested this router with this type of wireless security?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 / 2851 / There Is Authentication Failure With Error No 254

Nov 22, 2011

we have ACS 4.2 and 2851 router with IOS 15.0(1)M4. There is authentication failure with error no 254. Is there any compatibilty issue with 15.0(1)M4 IOS

View 1 Replies View Related

Cisco Wireless :: AP1242 Excessive Transmit Discards And Performance Complaints

Apr 15, 2013

I have an AP1242 near a couple of conference rooms.  I get complaints when we have a large contingent in there and some try to download documents.  The bandwidth consumption is meage - less than 2Mbps.  But there could be say 50 people in those training rooms.  I see no errors at the FE interface on the AP but I do see a good number of Transmit Discards.
 
Are 50 users connected to an AP1242 simply more than should be expected of the device?  802.11g is the radio.
 
Are transmit discards indicative of some kind of configuration problem?  The users in these cases are generally very close to the access point - within a few feet even.
 
If it is indicative of a configuration problem would that be an issue of the configuration of the laptop wifi cards or a problem at the AP? 

View 2 Replies View Related

Cisco :: ASA5500 - Wireless Client Authentication Using ISE

Jul 24, 2012

I am designing wireless controller solution for one of our customer network with Cisco 5500 series controller, wireless client authentication part.
 
1.       There are 25 departments around the campus, each will be given one or two access points.
2.       One Cisco AIR-CT5508-50-K9 Controller shall be used.
3.       Single SSID/ VLAN shall be used for entire campus.
4.       Wireless Authentication credentials used by one department shouldn’t work for other department

View 7 Replies View Related

Cisco :: 5508 - AD Authentication For Wireless Networks

Mar 12, 2013

We've recently boughten new equipment to upgrade/replace some of our aging wireless hardware. We're moving to a pair of 5508 controllers and changing over to ACS 5.4. Currently we're just doing MAC filtering with ACS 4.2 and local users. I'd like to move most of our SSIDs to some type of AD authentication. Are there any all encompassing guides that layout the design behind that? So far I haven't had much luck finding one!
 
Also, would it be possible to maintain some of the local ACS users/MAC filtering? We have some mechanical equipment that connects to our network (separate SSID) but cannot join a domain.

View 5 Replies View Related

Cisco Wireless :: WLC 5508 - Web Authentication With Gingerbread 2.3.6?

Jan 7, 2013

I having some troubles with Web Authentication in a WLC 5508 version 7.2 to make authentication with the corporative phones, ANDROID GingerBread 2.3.6 model SAMSUNG GT-S7500L. When I try to connect to the VisitorsWirelessLAN in order to authenticate with web authentication the page never comes, in fact the phone never gets the IP. I have an iPhone and I have not problems, I have a Samsung Galaxy S2 with ICS 4.0.1 and works perfect, is only with gingerbread

View 2 Replies View Related

Cisco Wireless :: 5508 / How To Configure Web Authentication

Jun 9, 2012

Can we configure the wireless controller 5508 to authenticate the clients using both of MAC address Filtering (layer 2 security) and Web authentication (layer 3 security). and what is the difference between (Web policy --> authentication) and (Web policy --> on MAC filter failure)

View 6 Replies View Related

Cisco :: ACS 4.2.1 - Alteon 3408 L4 Switch Authentication Failure By RADIUS Protocol?

Jul 25, 2012

I have a question about ACS RADIUS authentication with Alteon 3408 L4 Switch.
 
I configured a ACS 4.2.1(build 15 patch 4) software for windows on Windows Server 2008 Server STD.TACACS authentication with CISCO product was successfully passed.but RADIUS (IETF) authentication with NORTEL 3408 Switch was failed. ACS Authentication Failure Code was a " ACS password invalid "
 
I read the post that RADIUS VSA is needed in my environment.but i can not search any sample Nortel VSA dictionary configuration. Need Notel specific VSA configuration.

View 4 Replies View Related

Cisco :: Wireless Controller 5508 Authentication To AD Server?

Sep 11, 2012

We just got a new 5508 wireless controller and the question we have is :  can we get wireless users to authenticate to an Active Directory server to get access to the network?  I know we can get the authentication done with an RSA server, but what about plain AD?

View 9 Replies View Related

Cisco Wireless :: 5508 - EAP-FAST Authentication In WLC With ACS-LDAP

May 9, 2012

We are using WLC-5508 in our corporate. For authenication we have implemented ACS with LDAP configured as external user database. We can able to get authenicated for Web based authenication. When it is configured for EAP-FAST, authenitication is not happening.

View 3 Replies View Related

Cisco Wireless :: 5508 Web Authentication With Encryption And LDAP?

Jul 18, 2012

From what I've read, it doesn't seem possible to use Web Authentication and obtain encryption unless using a Radius server.
 
I have a client asking for web auth, encryption, and ldap connection to their AD servers.

View 4 Replies View Related

Cisco Wireless :: WLC 5508 No Further RADIUS Authentication Requests?

Mar 18, 2013

I'm working on a project where a wi-fi client is tracked and located using RADIUS authentication requests. The problem I'm running into is that the WLC (5508) sends an RADIUS authentication request to my freeradiusd, which is ok so far, but if the client roams to another accesspoint (3602AG, 1131AG, 1252AG), the WLC does not send a further RADIUS auth. request - and the client is allowed to connect to the next ap.Is there an option like RADIUS-cache which I can disable, so that the WLC sends everytime an authentication request when a client tries to connect to an ap or roams from one ap to another one?

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved