Security

Reply
Occasional Contributor II
Posts: 22
Registered: ‎11-21-2011

Users using 802.1X can not connect to the wireless network

Hi everyone;

 

User using 802.1X can not connect to the wireless network and looking on the logs is showing the following message:

 

 

<ERRS> |authmgr|  Dropping the radius packet for Station 00:21:6a:4f:f6:8c d8:c7:c8:11:05:91 doing 802.1x

 

 

Thank you for your help

 

 

Wilson

Retired Employee
Posts: 234
Registered: ‎04-19-2011

Re: Users using 802.1X can not connect to the wireless network

Please check the number of timeouts on the radius server using the following command

 

"show aaa authentication-server radius statistics"

 

Also, check the event viewer on the RADIUS server and see if Access-Request is making it to the server. 

 

--
HT
Occasional Contributor II
Posts: 22
Registered: ‎11-21-2011

Re: Users using 802.1X can not connect to the wireless network

Hi Hthakker,

 

I have issued the command "show aaa authentication-server radius statistics" is showing 48 timeout, but I have tested a ping from the controller to the radius server and it answer well. the user on LAN autheticate using the same Radius server and they don't have any problem.

 

I appreciated if you have any other suggestion.

 

 

Thanks for your help

 

 

 

 

Wilson

Aruba Employee
Posts: 117
Registered: ‎09-21-2010

Re: Users using 802.1X can not connect to the wireless network

Another command that would be useful is the "show auth-tracebuf" which will show you the deatils for the authentication process

 

Regards,

Sathya

 

Retired Employee
Posts: 234
Registered: ‎04-19-2011

Re: Users using 802.1X can not connect to the wireless network

Wison, 

 

Pick as user that is not able to authenticate and enable debugging for that particular user 

config terminal 

logging level debugging user-debug <user-mac> 


As mentioned in the previous post, it would be beneficial to look into the event viewer of the RADIUS server and check for the users that are not able to authenticate. The event viewer should have an event for authentication response. 

 

Also, as mentioned by Sathya, run the command "show auth-tracebuf" command that will show the sequence of steps for the user authentication. 

 

 

 

--
HT
Search Airheads
Showing results for 
Search instead for 
Did you mean: