07-15-2015 10:56 AM
Im sure everyone has had an Ahhhh Haaa moment when stuck in the back of a data center all alone. I have 2 that stick out.
1. As a very fresh network engineer I was trying to get some APs provisoned. Problem was they wouldnt get to the controller. Even though i wasted hours checking switch config, controller port config, and everything else. Except one thing..... Controller Plane Security. Lesson Learned
2. Worked for hours trying to get the first authenticated client on a new network. I checked the groups in the radius policy half a billion times, they were all there. So why no authentication? I had configured it to x-group AND x-group instead of x-group OR x-group
07-16-2015 05:23 AM
recently had a client who's devices wouldn't authenticate to radius using eap-tls, this was a carbon copy deployment of other buildings so the guy who built the config used the same flashbackup as another building but changed interface IPs etc.
error message was that wrong protocol was used eap-peap not tls, when checking the client configuration everything was fine because they would go to another building and would authenticate just fine.!!
the culprit....termination. radius failover and termination was checked off disabling that did the trick and allowed the user to authenticate.
didn't spend hours on it but was a head scratcher for a good 30 min...
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
11-06-2015 04:55 AM
Mine is super stupid... But after weeks upon weeks of trying to get Machine Authentication to work with our OpenLDAP/Samba setup we were able to get it going. That trailing dollar sign will forever haunt my dreams.