Wireless Access

Reply
Contributor I

Steps in troubleshooting

How do I Troubleshoot if client is unable to connect to an SSID with 802.1x authentication. I face frequent issues when it comes to authenticating. I use the Microsoft NPS role for 802.1x authentication.

 

WPA 2 Enterprise mode

Authentication Protocol: PEAP

Encrytion type: AES

 

Unable to find a permanent solution.

Re: Steps in troubleshooting

Hi,

Good morning,

Take a look on the attached PDF (Troubleshooting Cheat Sheet)  - it will assist you to tourbelshoot your auth issues.

 

Have a lovley day.

me

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Aruba

Re: Steps in troubleshooting

First line of troublshooting 802.1X is to look at the Radius log entry for the failure.  Typically it will provide a reason for the failure.  It may explain it right away or may be a bit cryptic, but it should point you in the right direction.    Let us know if you can post a failure event log entry from NPS.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Contributor II

Re: Steps in troubleshooting

I have a question about the show auth-tracebuf command. For example

 

Aug 02 11:10:40  eap-resp              ->  24:77:03:1d:b1:10  00:24:6c:05:88:20        55     6


What is the direction of this message? Is it coming from the radius server to the client or client to the radius server? I cannot understand why Aruba did not place the arrow between the 2 MACs to make it clear. Thanks.

Guru Elite

Re: Steps in troubleshooting


baboyero wrote:

I have a question about the show auth-tracebuf command. For example

 

Aug 02 11:10:40  eap-resp              ->  24:77:03:1d:b1:10  00:24:6c:05:88:20        55     6


What is the direction of this message? Is it coming from the radius server to the client or client to the radius server? I cannot understand why Aruba did not place the arrow between the 2 MACs to make it clear. Thanks.


That is from the client to the radius server.  The arrow is going left to right the first mac is the client and the second mac is the BSSID of the access point.

 

No matter where we placed the arrow, we were going to make someone unhappy.  There are alot of people at Aruba working to make sure you never have to examine output like this, period.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: