Connection problem with 802.1x PEAP/MSCHAP v2 (AP330/Radius IAS)

  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hello,

I have problems with our Wifi corporate network connection.
It works with 802.1x enterprise/WPA2 with PEAP/MSCHAP v2 configured on AP 330 and radius IAS for Windows 2003.
There are some different issues :
a) The laptop Wifi client (windows vista or 7) seems to be authenticated (it receives the good IP address with the default profile), but it is not possible to ping the corportate network (the gateway is unreachable), the message on the laptop is "limited access".
Do you have a idea why it is not possible to access the network ? (PMK, WIPS, certificate, problem )
b) The laptop Wifi connects good to the network , but after a time, it disconnets from the network or it is again "limited access" despite the laptop does not change of place (good signal)
c) Outlook 2010, sql applications, have problems (there are no problem when the laptops are connected with cable)
d) Laptop can not connect to Wifi : it is said that the certificate is not valid, but after I do a reboot of the AP or the laptop changes of AP sometimes it works.

Could you help me on these issues ?
Thanks,
Regards,

Dominique

NB : the AP are configured with version 6.1r1 (and with HM) , I notice that some AP are in the orange status alarm (message : Default DTLS passphrase is in use. Push a complete config to update the passphrase automatically, or set it manually and push a complete)
Photo of Dom

Dom

  • 23 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
Sounds like several different problems.

I would suggest working on one at a time.

know the flow of 802.1X to look where to troubleshoot. Also use wireshark and client monitor tool to help see where the issue may reside.

maybe these will help

http://blogs.aerohive.com/blog/the-wi...

http://blogs.aerohive.com/blog/the-wi...
Photo of Ken Maynard

Ken Maynard

  • 3 Posts
  • 0 Reply Likes
We've just converted to 802.1x and have this problem now. The links above are stale. Is the info still around?
Photo of Dom

Dom

  • 23 Posts
  • 0 Reply Likes
Hello Andrew,

Thanks for your answer and the doc.
I will check with client monitor and wireshark, and I will post the results.
Photo of Dawn Douglass

Dawn Douglass

  • 67 Posts
  • 3 Reply Likes
I find that using IAS Log Viewer on the Radius server is huge help along with client monitor for troubleshooting these types of problems. 
Photo of Ken Maynard

Ken Maynard

  • 3 Posts
  • 0 Reply Likes
Ok thanks. RADIUS server is Windows 2012 R2. I have enabled logging so we'll see if the Event Viewer helps. But problem is intermittent and affects random PCs and APs