Wireless Access

Hello All,

I seem to be experiencing a weird issue with the ENET1 to ENET4 Ports on the AP93H APs as it relates to my applied AAA Wired Profile.

On my AAA Profile, I have a Server Group which includes a RADIUS Server and the Internal DB (Controller's Database).

However, anytime I plug in my laptop to the Ports, and I input my Credentials which should match the Internal DB, it either works or keeps going into a loop asking me to re-input my Credentials.

Now, assuming it worked and I then unplugged and re-plugged my Laptop into the same Port but this time input the 2nd credential that I have in the Database, it either goes back into the loop cycle again or it fails my authentication.

Has anyone experienced this? Or is there something I'm doing wrong?

What AOS code are you using ?

Can you please share your port config ?

Please enable logging level debugging security process aaa and then share the show log security | include <devicemac>

I am running AOS 6.3.

See below:

aaa server-group "Aruba-RADIUS"
allow-fail-through
auth-server Internal
auth-server RADIUS
!
aaa profile "Campus-WLAN-aaa_prof"
authentication-dot1x "Aruba-dot1x"
dot1x-default-role "Student"
dot1x-server-group "Aruba-RADIUS"

ap wired-ap-profile "default"
wired-ap-enable
switchport access vlan 931
switchport trunk native vlan 931

ap wired-port-profile "default"
no rap-backup
aaa-profile "Campus-WLAN-aaa_prof"
spanning-tree

Aug 9 08:18:44 :199802: <ERRS> |authmgr| gsm_auth.c, auth_gsm_delete_mac_user:258: AUTH GSM: failed delete for mac-user 00:24:81:3b:db:46 with error ERROR_HTBL_KEY_NOT_FOUND
Aug 9 08:20:23 :132149: <ERRS> |authmgr| MAC User Table Lookup Failed mac=00:24:81:3b:db:46 bssid=01:80:c2:00:00:03

What I have noticed too is that if I stop re-attempting to authenticate for awhile and I come back to it, it finally works.

But I have to unplug and plug back in so that I get the window to input my credentials.

Additional Info:

Aug 9 08:27:56 :132009: <ERRS> |authmgr| Station's dot1x context not initialized 00:24:81:3b:db:46 01:80:c2:00:00:03
Aug 9 08:27:56 :132030: <ERRS> |authmgr| Dropping EAPOL packet sent by Station 00:24:81:3b:db:46 01:80:c2:00:00:03
Aug 9 08:28:01 :199802: <ERRS> |authmgr| gsm_auth.c, auth_gsm_delete_mac_user:258: AUTH GSM: failed delete for mac-user 00:24:81:3b:db:46 with error ERROR_HTBL_KEY_NOT_FOUND
Aug 9 08:28:01 :132009: <ERRS> |authmgr| Station's dot1x context not initialized 00:24:81:3b:db:46 01:80:c2:00:00:03
Aug 9 08:28:01 :132030: <ERRS> |authmgr| Dropping EAPOL packet sent by Station 00:24:81:3b:db:46 01:80:c2:00:00:03
Aug 9 08:28:06 :199802: <ERRS> |authmgr| gsm_auth.c, auth_gsm_delete_mac_user:258: AUTH GSM: failed delete for mac-user 00:24:81:3b:db:46 with error ERROR_HTBL_KEY_NOT_FOUND
Aug 9 08:28:06 :132009: <ERRS> |authmgr| Station's dot1x context not initialized 00:24:81:3b:db:46 01:80:c2:00:00:03
Aug 9 08:28:06 :132030: <ERRS> |authmgr| Dropping EAPOL packet sent by Station 00:24:81:3b:db:46 01:80:c2:00:00:03
Aug 9 08:28:23 :199802: <ERRS> |authmgr| gsm_auth.c, auth_gsm_delete_mac_user:258: AUTH GSM: failed delete for mac-user 00:24:81:3b:db:46 with error ERROR_HTBL_KEY_NOT_FOUND

And all this time, it failed to authenticate me. Then I disabled and re-enabled the NIC and then got prompted to login. Then put in my credentials and then it continously went through a loop without successfully authenticating me.

Please try removing the failthrough config and removing the radius authentication if you are not using it and just using the internal database or remove the internal database and just leave Radius if you are planning to just use radius

Same thing.

Created another AAA profile that only has the Internal DB and tested on a different Laptop (MAC) and it fails.

You are doing 802.1x right ? or Mac auth ?

If you are doing 1x are you doing PEAP termination on the controller ?

Please read this

http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/802.1x.php

Finally found out what the issue is.

It has to do with the "User Idle Timeout" on the Controller. It's set to 5mins!

Interesting