Wireless Health - Failed Connections (Failure reason)

Shawqy
Getting noticed

Wireless Health - Failed Connections (Failure reason)

We have configured 802.1X authentication for a corporate SSID. Wireless health shows that there are some Authentication failures. 

 

If shows that the authentication has failed along with some attributes and values. Is anyone have idea on this attributes?

 

(I need to know the highlighted fields)

type='802.1X auth fail'

num_eap='0'

associated='true'

radio='1'

vap='0'

 

Auth.PNG

 

 

7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal

It usually means a device is failing to authenticate ...

 

This is common if it is for smart phones and the user changes their AD password and have not updated the password on their phone yet.

PeterJames
Head in the Cloud

Hi @Shawqy,

 

Do you have "WPA1 and WPA2" enabled on your SSID WPA encryption mode? If so, I would maybe try "WPA2 Only" and change the minimum bitrate to 24 Mbps (unless you have a need for lower).

 

Obviously the tale of caution applies; need to pre-check/pro-check any specific hardware after for connectivity.

 

Thank you,
Peter James

Shawqy
Getting noticed

Thanks Peter. There is a requirement for Lower devices
TD888
Conversationalist

Come to find out the Radius box was only running TLS V1.0 once 1.2 was enabled no more auth errors.

Ehsan_Rahimi
Comes here often

Hi,

Thank you for the solution.

Just one question about enabling TLS 1.2 on NPS. Should I just add "fc0"(4032) into "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13" and restart the server? Or there are some more steps to do?

randhall
Getting noticed

"vap" is the virtual AP number. Look at your Wireless SSIDs Configuration overview and show all SSIDs. Reading from left to right they are vap=0, 1, 2, 3, etc

Shawqy
Getting noticed

Thanks for your response. Is there any idea of num_eap= value?
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels