Hey All,
Anyone ever have an issue where a Windows machines are not able to connect to any SSID on a new controller but Macs are?
I’m working on installing a new 3400 (6.2.1.2) to replace the existing 3200 (6.1.3.6). Manually configured the new controller (did this so the random/unused bits of the old config aren’t copied over) and I am testing the setup before moving all our APs to the new controller. Mac laptops do not seem to have an issue at all, but our Windows machines are not connecting. I’ve verified the configs are relatively the same (minus some default changes between the OS versions), but I don’t see what the issue. From the logs it looks like the machines are hanging at the authentication phase. Any ideas what else I should look at? Thanks.
Config:
wlan virtual-ap "DSG-Guest_vap"
aaa-profile "DSG-Guest_aaa"
ssid-profile "DSG-Guest_ssid"
vlan 410
band-steering
broadcast-filter all
aaa profile "DSG-Guest_aaa"
authentication-dot1x "DSG-Guest_dot1x"
dot1x-server-group "DSG-Guest_server-group"
aaa authentication dot1x "DSG-Guest_dot1x"
machine-authentication enable
machine-authentication machine-default-role "authenticated"
machine-authentication user-default-role "authenticated"
termination enable
termination eap-type eap-peap
termination inner-eap-type eap-mschapv2
ca-cert "Bundle"
server-cert "WildcardCorp"
wlan ssid-profile "DSG-Guest_ssid"
essid "DSG-Guest_t"
opmode wpa2-aes
aaa server-group "DSG-Guest_server-group"
allow-fail-through
auth-server Internal
auth-server DSG-Guest-Raiden_radius
aaa authentication-server radius "DSG-Guest-Raiden_radius"
host "10.159.54.234"
key *******
authport 1645
acctport 1646
nas-identifier "DSG-Guest"
source-interface vlan 312
Logs:
Windows:
Jun 20 10:26:53 :501093: <NOTI> |AP RAP105-AP04@10.159.48.51 stm| Auth success: 58:94:6b:69:67:50: AP 10.159.48.51-d8:c7:c8:99:63:eb-RAP105-AP04
Jun 20 10:26:53 :501095: <NOTI> |stm| Assoc request @ 10:26:53.959420: 58:94:6b:69:67:50 (SN 645): AP 10.159.48.51-d8:c7:c8:99:63:eb-RAP105-AP04
Jun 20 10:26:53 :501095: <NOTI> |AP RAP105-AP04@10.159.48.51 stm| Assoc request @ 10:26:53.351284: 58:94:6b:69:67:50 (SN 645): AP 10.159.48.51-d8:c7:c8:99:63:eb-RAP105-AP04
Jun 20 10:26:53 :501100: <NOTI> |AP RAP105-AP04@10.159.48.51 stm| Assoc success @ 10:26:53.352374: 58:94:6b:69:67:50: AP 10.159.48.51-d8:c7:c8:99:63:eb-RAP105-AP04
Jun 20 10:26:53 :501100: <NOTI> |stm| Assoc success @ 10:26:53.962942: 58:94:6b:69:67:50: AP 10.159.48.51-d8:c7:c8:99:63:eb-RAP105-AP04
Jun 20 10:26:53 :522035: <INFO> |authmgr| MAC=58:94:6b:69:67:50 Station UP: BSSID=d8:c7:c8:99:63:eb ESSID=DSG-Guest_t VLAN=410 AP-name=RAP105-AP04
Jun 20 10:26:53 :522077: <DBUG> |authmgr| MAC=58:94:6b:69:67:50 ingress 0x0x1000d (tunnel 13), u_encr 64, m_encr 64, slotport 0x0x2000 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
Jun 20 10:26:53 :522246: <DBUG> |authmgr| Idle timeout should be driven by STM for MAC 58:94:6b:69:67:50.
Jun 20 10:26:53 :522083: <DBUG> |authmgr| Skip User-Derivation, mba:0 udr_exist:0,default_role:logon,pDefRole:0x0x10992d64
Jun 20 10:26:53 :524124: <DBUG> |authmgr| dot1x_supplicant_up(): MAC:58:94:6b:69:67:50, pmkid_present:False, pmkid:N/A
Jun 20 10:26:53 :522128: <DBUG> |authmgr| download-L2: acl=1/0 role=logon, tunl=0x0x1000d, PA=0, HA=1, RO=0, VPN=0.
Jun 20 10:26:53 :522050: <INFO> |authmgr| MAC=58:94:6b:69:67:50,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=layer 2 event driven download
Jun 20 10:26:53 :522242: <DBUG> |authmgr| MAC=58:94:6b:69:67:50 Station Created Update MMS: BSSID=d8:c7:c8:99:63:eb ESSID=DSG-Guest_t VLAN=410 AP-name=RAP105-AP04
Mac:
Jun 20 10:25:01 :501093: <NOTI> |AP RAP105-AP04@10.159.48.51 stm| Auth success: e0:f8:47:3c:55:8a: AP 10.159.48.51-d8:c7:c8:99:63:eb-RAP105-AP04
Jun 20 10:25:01 :501095: <NOTI> |stm| Assoc request @ 10:25:01.861402: e0:f8:47:3c:55:8a (SN 3317): AP 10.159.48.51-d8:c7:c8:99:63:eb-RAP105-AP04
Jun 20 10:25:01 :501095: <NOTI> |AP RAP105-AP04@10.159.48.51 stm| Assoc request @ 10:25:01.461527: e0:f8:47:3c:55:8a (SN 3317): AP 10.159.48.51-d8:c7:c8:99:63:eb-RAP105-AP04
Jun 20 10:25:01 :501100: <NOTI> |AP RAP105-AP04@10.159.48.51 stm| Assoc success @ 10:25:01.462624: e0:f8:47:3c:55:8a: AP 10.159.48.51-d8:c7:c8:99:63:eb-RAP105-AP04
Jun 20 10:25:01 :501100: <NOTI> |stm| Assoc success @ 10:25:01.865113: e0:f8:47:3c:55:8a: AP 10.159.48.51-d8:c7:c8:99:63:eb-RAP105-AP04
Jun 20 10:25:01 :522035: <INFO> |authmgr| MAC=e0:f8:47:3c:55:8a Station UP: BSSID=d8:c7:c8:99:63:eb ESSID=DSG-Guest_t VLAN=410 AP-name=RAP105-AP04
Jun 20 10:25:01 :522077: <DBUG> |authmgr| MAC=e0:f8:47:3c:55:8a ingress 0x0x1000d (tunnel 13), u_encr 64, m_encr 64, slotport 0x0x2000 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
Jun 20 10:25:01 :522246: <DBUG> |authmgr| Idle timeout should be driven by STM for MAC e0:f8:47:3c:55:8a.
Jun 20 10:25:01 :522083: <DBUG> |authmgr| Skip User-Derivation, mba:0 udr_exist:0,default_role:logon,pDefRole:0x0x10992d64
Jun 20 10:25:01 :524124: <DBUG> |authmgr| dot1x_supplicant_up(): MAC:e0:f8:47:3c:55:8a, pmkid_present:False, pmkid:N/A
Jun 20 10:25:01 :522128: <DBUG> |authmgr| download-L2: acl=1/0 role=logon, tunl=0x0x1000d, PA=0, HA=1, RO=0, VPN=0.
Jun 20 10:25:01 :522050: <INFO> |authmgr| MAC=e0:f8:47:3c:55:8a,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=layer 2 event driven download
Jun 20 10:25:01 :522242: <DBUG> |authmgr| MAC=e0:f8:47:3c:55:8a Station Created Update MMS: BSSID=d8:c7:c8:99:63:eb ESSID=DSG-Guest_t VLAN=410 AP-name=RAP105-AP04
Jun 20 10:25:01 :522042: <NOTI> |authmgr| User Authentication Failed: username=TimS MAC=e0:f8:47:3c:55:8a IP=0.0.0.0 auth method=802.1x auth server=Internal
Jun 20 10:25:01 :522038: <INFO> |authmgr| username=TimS MAC=e0:f8:47:3c:55:8a IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=DSG-Guest-Raiden_radius
Jun 20 10:25:01 :522044: <INFO> |authmgr| MAC=e0:f8:47:3c:55:8a Station authenticate(start): method=8021x-User, role=logon///logon, VLAN=410/410/0/0/0/0, Derivation=0/0, Value Pair=1
Jun 20 10:25:01 :522136: <DBUG> |authmgr| {L2} authenticated from profile \"DSG-Guest_aaa\".
...
#3400#3200