AP doesn't see client authentication/connection attempt on SSID after a handful of failures

Crocker
A model citizen

AP doesn't see client authentication/connection attempt on SSID after a handful of failures

Hopefully this is a simple enough thing and I'm just missing something obvious.

 

We have an SSID that requires a valid, domain-issued computer certificate to authenticate to. Occasionally, GP fails and doesn't properly configure the 'Network' in windows (y'know, like it doesn't set the security type to 802.1X, doesn't set the auth method to EAP-TLS, that sorta thing).

 

Fixing this via a group policy update is pretty quick and simple; However, in the few instances this issue has cropped up, I only see a handful of failed authentication attempts and then radio silence regarding whichever client is acting up. So, I'll see client JohnPublicPC fail 802.1X a couple times and then nothing else at all. Like either Windows isn't even attempting to join the SSID, or the AP is straight-up refusing to even listen to the attempt. Hopefully this makes sense...

 

Anyways, this 'lock out' seems to clear up within an hour or two and (assuming we've fixed the 'network' settings for the SSID in windows) everything works fine from that point forward.

 

 

5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal

The problem is more likely to be on the device side than on Meraki.

Have you checked your radius server logs?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Crocker
A model citizen

Yeah, totally blank there too - no further attempts after the couple tries.

 

I agree, probably some device-side thing...just I'm not aware of any mechanism for that in Windows. Hoped casting a net on the forums might fish up some clues.

PhilipDAth
Kind of a big deal
Kind of a big deal

Make sure you are running a current stable or better firmware on the AP.

 

You could try doing a packet capture on the AP on the WiFi side to see what is being transmitted (if anything).

Crocker
A model citizen

Not much useful coming out of a packet capture. All I see are probes, no actual attempt to connect. Bummer.

PhilipDAth
Kind of a big deal
Kind of a big deal

Sorry man - client issue.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels