Wireless Access

Good morning,

 

Is there any reasoning as to why I may be seeing so many of the maximum Number of retries messages in the log below?  They come up constantly.  Should I be concerned?  Any way to suppress them or figure out why these machines are trying to authenticate so frequently and failing?

 

Thanks!

 

Mar 22 07:51:38 authmgr[1668]: <132053> <ERRS> |authmgr| Dropping the radius packet for Station e8:99:c4:65:a4:68 00:24:6c:05:6a:c9 doing 802.1x
Mar 22 07:51:38 authmgr[1668]: <132053> <ERRS> |authmgr| Dropping the radius packet for Station e8:99:c4:65:a4:68 00:24:6c:05:6a:c9 doing 802.1x
Mar 22 07:51:38 authmgr[1668]: <132207> <ERRS> |authmgr| RADIUS reject for station vanja111 e8:99:c4:65:a4:68 from server Campus.
Mar 22 07:51:38 authmgr[1668]: <132207> <ERRS> |authmgr| RADIUS reject for station vanja111 e8:99:c4:65:a4:68 from server Campus.
Mar 22 07:52:08 authmgr[1668]: <132030> <ERRS> |authmgr| Dropping EAPOL packet sent by Station e8:99:c4:65:a4:68 00:24:6c:05:6a:c9
Mar 22 07:52:08 authmgr[1668]: <132030> <ERRS> |authmgr| Dropping EAPOL packet sent by Station e8:99:c4:65:a4:68 00:24:6c:05:6a:c9
Mar 22 07:52:10 authmgr[1668]: <132053> <ERRS> |authmgr| Dropping the radius packet for Station e8:99:c4:65:a4:68 00:24:6c:05:6a:c9 doing 802.1x
Mar 22 07:52:10 authmgr[1668]: <132053> <ERRS> |authmgr| Dropping the radius packet for Station e8:99:c4:65:a4:68 00:24:6c:05:6a:c9 doing 802.1x
Mar 22 07:52:10 authmgr[1668]: <132207> <ERRS> |authmgr| RADIUS reject for station vanja111 e8:99:c4:65:a4:68 from server Campus.
Mar 22 07:52:10 authmgr[1668]: <132207> <ERRS> |authmgr| RADIUS reject for station vanja111 e8:99:c4:65:a4:68 from server Campus.
Mar 22 07:52:25 sapd[667]: <404085> <WARN> |AP AHS-WAP-01-13-54ab@10.110.44.72 sapd| AM 00:24:6c:05:4a:b8: ARM HT Channel Interference Trigger new 153-149/57 old 36/40-122 new_rra 153/149-6 TCI 10
Mar 22 07:52:28 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 58:b0:35:7c:8d:61 d8:c7:c8:29:3b:fa, deauthenticating the station
Mar 22 07:52:28 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 58:b0:35:7c:8d:61 d8:c7:c8:29:3b:fa, deauthenticating the station
Mar 22 07:52:39 authmgr[1668]: <132093> <ERRS> |authmgr| WPA2 Key message 2 from Station d4:9a:20:9a:42:1d 00:24:6c:05:6a:e1 AHS-WAP-03-08-56ae did not match the replay counter 01 vs 02
Mar 22 07:52:39 authmgr[1668]: <132093> <ERRS> |authmgr| WPA2 Key message 2 from Station d4:9a:20:9a:42:1d 00:24:6c:05:6a:e1 AHS-WAP-03-08-56ae did not match the replay counter 01 vs 02
Mar 22 07:52:55 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 00:17:f2:37:e3:db 00:24:6c:05:6a:49, deauthenticating the station
Mar 22 07:52:55 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 00:17:f2:37:e3:db 00:24:6c:05:6a:49, deauthenticating the station
Mar 22 07:53:43 sapd[719]: <404098> <WARN> |AP AHS-Room-211-AP@10.110.44.4 sapd| AM d8:c7:c8:96:60:c8: ARM - HT decreasing power cov-index 5/7 tx-power 5 new_rra 157-161/4
Mar 22 07:53:47 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 58:b0:35:7c:8d:61 d8:c7:c8:29:3b:fa, deauthenticating the station
Mar 22 07:53:47 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 58:b0:35:7c:8d:61 d8:c7:c8:29:3b:fa, deauthenticating the station
Mar 22 07:54:15 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 00:17:f2:37:e3:db 00:24:6c:05:6a:49, deauthenticating the station
Mar 22 07:54:15 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 00:17:f2:37:e3:db 00:24:6c:05:6a:49, deauthenticating the station
Mar 22 07:54:49 authmgr[1668]: <132030> <ERRS> |authmgr| Dropping EAPOL packet sent by Station 58:55:ca:71:49:e9 00:24:6c:05:61:e3
Mar 22 07:54:49 authmgr[1668]: <132030> <ERRS> |authmgr| Dropping EAPOL packet sent by Station 58:55:ca:71:49:e9 00:24:6c:05:61:e3
Mar 22 07:55:07 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 58:b0:35:7c:8d:61 d8:c7:c8:29:3b:fa, deauthenticating the station
Mar 22 07:55:07 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 58:b0:35:7c:8d:61 d8:c7:c8:29:3b:fa, deauthenticating the station
Mar 22 07:55:35 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 00:17:f2:37:e3:db 00:24:6c:05:6a:49, deauthenticating the station
Mar 22 07:55:35 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 00:17:f2:37:e3:db 00:24:6c:05:6a:49, deauthenticating the station
Mar 22 07:55:37 authmgr[1668]: <132093> <ERRS> |authmgr| WPA2 Key message 2 from Station 64:20:0c:cd:0e:a2 00:24:6c:05:62:b8 AHS-WAP-02-18-562b did not match the replay counter 01 vs 03
Mar 22 07:55:37 authmgr[1668]: <132093> <ERRS> |authmgr| WPA2 Key message 2 from Station 64:20:0c:cd:0e:a2 00:24:6c:05:62:b8 AHS-WAP-02-18-562b did not match the replay counter 01 vs 03
Mar 22 07:56:00 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 60:33:4b:1d:35:f4 00:24:6c:05:50:49, deauthenticating the station
Mar 22 07:56:00 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 60:33:4b:1d:35:f4 00:24:6c:05:50:49, deauthenticating the station
Mar 22 07:56:26 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 58:b0:35:7c:8d:61 d8:c7:c8:29:3b:fa, deauthenticating the station
Mar 22 07:56:26 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 58:b0:35:7c:8d:61 d8:c7:c8:29:3b:fa, deauthenticating the station
Mar 22 07:56:53 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 00:17:f2:37:e3:db 00:24:6c:05:6a:49, deauthenticating the station
Mar 22 07:56:53 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 00:17:f2:37:e3:db 00:24:6c:05:6a:49, deauthenticating the station
Mar 22 07:57:45 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 58:b0:35:7c:8d:61 d8:c7:c8:29:3b:fa, deauthenticating the station
Mar 22 07:57:45 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 58:b0:35:7c:8d:61 d8:c7:c8:29:3b:fa, deauthenticating the station
Mar 22 07:58:12 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 00:17:f2:37:e3:db 00:24:6c:05:6a:49, deauthenticating the station
Mar 22 07:58:12 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 00:17:f2:37:e3:db 00:24:6c:05:6a:49, deauthenticating the station
Mar 22 07:58:26 authmgr[1668]: <132094> <WARN> |authmgr| MIC failed in WPA2 Key Message 2 from Station 88:32:9b:08:50:19 00:24:6c:05:4a:48 AHS-WAP-01-14-54a4
Mar 22 07:58:27 sapd[667]: <404097> <WARN> |AP AHS-WAP-01-13-54ab@10.110.44.72 sapd| AM 00:24:6c:05:4a:b8: ARM - HT increasing power cov-index 6/1 tx-power 6 new_rra 153-149/7
Mar 22 07:59:04 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 58:b0:35:7c:8d:61 d8:c7:c8:29:3b:fa, deauthenticating the station
Mar 22 07:59:04 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 58:b0:35:7c:8d:61 d8:c7:c8:29:3b:fa, deauthenticating the station
Mar 22 07:59:32 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 00:17:f2:37:e3:db 00:24:6c:05:6a:49, deauthenticating the station
Mar 22 07:59:32 authmgr[1668]: <132197> <ERRS> |authmgr| Maximum number of retries was attempted for station 00:17:f2:37:e3:db 00:24:6c:05:6a:49, deauthenticating the station

Is this an 802.1X network?   Have you had a look at the Radius side of things?  What are those logs telling you?   

My radius server is spitting out this in the log...

 

Fri Mar 22 07:29:18 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:29:28 2013 : Error: rlm_mschap: authentication failed -14090
Fri Mar 22 07:29:29 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:29:49 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:30:00 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:30:29 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:30:31 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:31:01 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:31:03 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:31:32 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:31:34 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:32:03 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:32:34 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:33:05 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:33:36 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:34:07 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:34:39 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:35:09 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:35:40 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:36:11 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:36:42 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:37:00 2013 : Error: rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0
Fri Mar 22 07:37:13 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:37:44 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:38:12 2013 : Error: rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0
Fri Mar 22 07:38:15 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:38:46 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:39:10 2013 : Error: rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0
Fri Mar 22 07:39:18 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:39:20 2013 : Error: rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0
Fri Mar 22 07:39:44 2013 : Error: rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0
Fri Mar 22 07:39:49 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:39:54 2013 : Error: rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0
Fri Mar 22 07:39:58 2013 : Error: rlm_mschap: authentication failed -14090
Fri Mar 22 07:40:18 2013 : Error: rlm_mschap: authentication failed -14090
Fri Mar 22 07:40:20 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:40:51 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:41:22 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:41:52 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:41:56 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:42:00 2013 : Error: rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0
Fri Mar 22 07:42:10 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:42:41 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:43:09 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:43:12 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:43:43 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:44:04 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:44:14 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:44:43 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:44:45 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:45:13 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:45:16 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:45:34 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:45:47 2013 : Error: TLS Alert read:warning:close notify
Fri Mar 22 07:46:18 2013 : Error: TLS Alert read:warning:close notify

I'm assuming that the second MAC address in the list is the MAC of the AP.

 

Maximum number of retries was attempted for station 58:b0:35:7c:8d:61 d8:c7:c8:29:3b:fa, deauthenticating the station

 

Am I right in saying that?  

 

I do a show ap database long | include d8:c7:c8:29:3b:fa

 

and it doesn't show up.  Is that the Wired Mac Address of the AP that is being reported?

That's possibly the bssid

Run a show ap bssid | include

you are right.  it is the BSSID.  Thanks for pointing that out.

Amazingly enough the machine that was trying to connect is the one I'm sitting in front of.  I had to reboot my controller last night and hadn't got to my office until now.  It had kicked me off of 802.1x so when I got here it was sitting at an 802.1x auth window.  So it tried to authenticate every minute it looks like with whatever...  Now at least I know how to track some things down!

 

By the way the new command is

 

show ap bss-table 

 

in 6.2.0.2

That error message looks like a cert issue on that client

Looks like client configuration issue of some sort; definitely not an Aruba issue.   I would check the configuration of those devices to make sure they are setup correctly; including certificate trusts, etc.

Thanks a lot for your guys help.  It definitely was a client issue...and now I can track it down if I really need to.

 

 

You should check in radius and see why are those failing , password or maybe the user is not accepting the cert