I have a client that cannot connect to our production wireless network but can connect to a development network on the same access point. The client is using the same machine and 802.1x authentication for each network. I have debug logs for a successful (dev) and a failed (prd) session but the main difference I see is:
//a success
Mar 20 13:24:56 :522035: <INFO> |authmgr| MAC=68:a3:c4:c9:xx:xx Station UP: BSSID=d8:c7:c8:xx:2f:41 ESSID=dev VLAN=2 AP-name=ab208
Mar 20 13:24:56 :522004: <DBUG> |authmgr| MAC=68:a3:c4:c9:xx:xx ingress 0x10f1 (tunnel 145), u_encr 16, m_encr 4112, slotport 0x1000
Mar 20 13:25:25 :522038: <INFO> |authmgr| MAC=68:a3:c4:c9:xx:xx IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=ACS-B
//role, IP and other good stuff happen
//a failure
Mar 20 13:24:12 :522035: <INFO> |authmgr| MAC=68:a3:c4:c9:xx:xx Station UP: BSSID=d8:c7:c8:xx:2f:40 ESSID=prd VLAN=2 AP-name=ab208
Mar 20 13:24:12 :522004: <DBUG> |authmgr| MAC=68:a3:c4:c9:xx:xx ingress 0x11b6 (tunnel 342), u_encr 16, m_encr 4112, slotport 0x1000
//repeat the previous message five more times, then
Mar 20 13:24:31 :501106: <NOTI> |stm| Deauth to sta: 68:a3:c4:c9:xx:xx: Ageout AP 10.xxx.70.210-d8:c7:xx:xx:2f:40-ab208 handle_sapcp
//followed by similar messages
Anybody have an idea?