Meraki

Community

AP doesn't see client authentication/connection attempt on SSID after a handful of failures

Crocker
A model citizen
‎May 21 2024 12:46 PM
‎May 21 2024 12:46 PM

AP doesn't see client authentication/connection attempt on SSID after a handful of failures

Hopefully this is a simple enough thing and I'm just missing something obvious.

 

We have an SSID that requires a valid, domain-issued computer certificate to authenticate to. Occasionally, GP fails and doesn't properly configure the 'Network' in windows (y'know, like it doesn't set the security type to 802.1X, doesn't set the auth method to EAP-TLS, that sorta thing).

 

Fixing this via a group policy update is pretty quick and simple; However, in the few instances this issue has cropped up, I only see a handful of failed authentication attempts and then radio silence regarding whichever client is acting up. So, I'll see client JohnPublicPC fail 802.1X a couple times and then nothing else at all. Like either Windows isn't even attempting to join the SSID, or the AP is straight-up refusing to even listen to the attempt. Hopefully this makes sense...

 

Anyways, this 'lock out' seems to clear up within an hour or two and (assuming we've fixed the 'network' settings for the SSID in windows) everything works fine from that point forward.

 

 

0 Kudos
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 21 2024 1:50 PM
‎May 21 2024 1:50 PM

The problem is more likely to be on the device side than on Meraki.

Have you checked your radius server logs?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
Crocker
A model citizen
‎May 21 2024 1:58 PM
‎May 21 2024 1:58 PM

Yeah, totally blank there too - no further attempts after the couple tries.

 

I agree, probably some device-side thing...just I'm not aware of any mechanism for that in Windows. Hoped casting a net on the forums might fish up some clues.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 22 2024 5:32 AM
‎May 22 2024 5:32 AM

Make sure you are running a current stable or better firmware on the AP.

 

You could try doing a packet capture on the AP on the WiFi side to see what is being transmitted (if anything).

0 Kudos
In response to PhilipDAth
Crocker
A model citizen
‎May 22 2024 7:12 AM
‎May 22 2024 7:12 AM

Not much useful coming out of a packet capture. All I see are probes, no actual attempt to connect. Bummer.

0 Kudos
In response to Crocker
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 22 2024 11:38 AM
‎May 22 2024 11:38 AM

Sorry man - client issue.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.