We have configured 802.1X authentication for a corporate SSID. Wireless health shows that there are some Authentication failures.
If shows that the authentication has failed along with some attributes and values. Is anyone have idea on this attributes?
(I need to know the highlighted fields)
type='802.1X auth fail'
num_eap='0'
associated='true'
radio='1'
vap='0'
It usually means a device is failing to authenticate ...
This is common if it is for smart phones and the user changes their AD password and have not updated the password on their phone yet.
Hi @Shawqy,
Do you have "WPA1 and WPA2" enabled on your SSID WPA encryption mode? If so, I would maybe try "WPA2 Only" and change the minimum bitrate to 24 Mbps (unless you have a need for lower).
Obviously the tale of caution applies; need to pre-check/pro-check any specific hardware after for connectivity.
Thank you,
Peter James
Come to find out the Radius box was only running TLS V1.0 once 1.2 was enabled no more auth errors.
Hi,
Thank you for the solution.
Just one question about enabling TLS 1.2 on NPS. Should I just add "fc0"(4032) into "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13" and restart the server? Or there are some more steps to do?
"vap" is the virtual AP number. Look at your Wireless SSIDs Configuration overview and show all SSIDs. Reading from left to right they are vap=0, 1, 2, 3, etc