Wireless Access

Reply
Occasional Contributor II

Authentication Failure

Following is the error message received when am trying to Connect SSID (Which 802.1x Authentication) over MPLS Network

  EAP-ID mismatched 2:1 for station 00:1a:73:08:35:8e d8:c7:c8:74:42:c1
   |authmgr|  Dropping EAPOL packet sent by Station 00:1a:73:08:35:8e d8:c7:c8:74:42:c1

 

Can you explain more why am getting this tye of error message ?

 

AP is resource Constrained , AP age out

Frequent Contributor II

Re: Authentication Failure

http://community.arubanetworks.com/t5/ArubaOS-and-Mobility-Controllers/auth-trace-buffer-showing-eap-id-mismatch/td-p/50194

Andrea Consadori
ACMP 5.0 and 6.3


-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor II

Re: Authentication Failure

Means is it client Misleading Configuration ?????/

Frequent Contributor II

Re: Authentication Failure

This looks like an issue on the client side configuration or on the AAA server.

     1 - EAP type not supported/configured on the client side.

     2 - The client wants to use an EAP method that the AAA server does not support.

Andrea Consadori
ACMP 5.0 and 6.3


-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Frequent Contributor II

Re: Authentication Failure

can you try on a local ap not over MPLS?

 

if locally work and over MPLS fail can also be an MTU issue

 

you can try looking this values:

 

http://technet.microsoft.com/en-us/library/cc755205%28WS.10%29.aspx

 

http://technet.microsoft.com/en-us/library/cc771164%28WS.10%29.aspx

 

(i suppose your radius it's microsoft ias server)

Andrea Consadori
ACMP 5.0 and 6.3


-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor II

Re: Authentication Failure

First thing is that it feel good to discuss these thing with you .

 

What is deafult Maximum Transfer Unit  of packet which are going from Acess-point ?

 

From Server side the value of MTU is 1500 bytes.

 

Frequent Contributor II

Re: Authentication Failure

from Microsoft docs:

 

This maximum size for the EAP payload can create RADIUS messages that require fragmentation by a router or firewall between the NPS server and a RADIUS client. If this is the case, a router or firewall positioned between the RADIUS client and the NPS server might silently discard some fragments, resulting in authentication failure and the inability of the access client to connect to the network.

Use the following procedure to lower the maximum size that NPS uses for EAP payloads by adjusting the Framed-MTU attribute in a network policy to a value no greater than 1344:

Andrea Consadori
ACMP 5.0 and 6.3


-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: