error-code='8' Authentication problem on wireless network

Carmicklec
Here to help

error-code='8' Authentication problem on wireless network

I have deployed several MR70's, WPA2 Enterprise, radius server. Clients have been connecting but experiencing periods of disconnection. When investigating there seem to be three errors I am coming across.

1 -  auth_mode='wpa2-802.1x' radius_proto='ipv4' radius_ip='192.168.101.83' error_code='8' radio='1' vap='0' channel='44' rssi='22'

A list of error codes would be great, if one exists.

2 - auth_mode='wpa2-802.1x' vlan_id='150' radius_proto='ipv4' radius_ip='192.168.101.83' reason='eapol_timeout' reassoc='1' roam_ap='0E:7B:D8:EA:66:1A' radio='1' vap='0' channel='44' rssi='19'

Went down the 'eapol-timeout' rabbit hole yesterday with no resolution.

3 - Client made an 802.1X authentication request to the RADIUS server, but it did not respond.auth_mode='wpa2-802.1x' vlan_id='150' radius_proto='ipv4' radius_ip='192.168.101.83' reason='radius_timeout' radio='0' vap='0' channel='11' rssi='23'

This is the majority of the errors, the info bubble says "The RADIUS server didn't respond to this client's request. Check that the server is configured properly and that the server is reachable." The server is configured properly and is reachable or they would never be able to connect and this is intermittent. Unless I am missing something. 

 

8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal

Code 8 means Station has left the basic service area or extended service area and is disassociated. It's a very generic error, did you do a packet capture?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

You can try increasing the EAP time out values.

 

https://documentation.meraki.com/MR/Access_Control/MR_Meraki_RADIUS_2.0#EAP_Timers

 

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Carmicklec
Here to help

Changed the server timeout from 1 to 2 seconds. Changed the EAPOL key timeout from 500 to 1000 milliseconds

 

Reply to previous comment: 

The clients are literally surrounded by MR70's and my understanding is they are a fully mesh system so there should be no drops at all. Drop zone is within 100' of 2, possibly 3 AP's

I have android devices and Apple devices connecting to the Access points not sure where to run a packet capture from?

alemabrahao
Kind of a big deal
Kind of a big deal

More access points does not mean that your network will be better, everything will depend on whether the network was designed well.

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Packet_Capture_Overvi...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

This sounds like it could be a client issue.  What kind of client is it?

 

Does it have the latest driver for the WiFi chipset that it has?

Carmicklec
Here to help

Of the two devices that seem to have the issue one is an iPhone the other an android tablet

PhilipDAth
Kind of a big deal
Kind of a big deal

Does Wireless Health show anything interesting?

Carmicklec
Here to help

It is intereting to look through but it isn't showing me anything other than what I originally posted.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels