M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

MSM 720 and fast roaming, connection problems

 
Highlighted
Markus Lamminmaki
Occasional Visitor

MSM 720 and fast roaming, connection problems

Hi all,

 

I've got a problem with clients not able to authenticate to a VSC with WPA2 opportunistic key caching and WPA2/Dynamic key exchange enabled. VSC is called "fastroam" and i've created a user in the local User storage called "markus". As I understand it from the logs the user is able to authenticate but right after that the session is disconnected from the VSC.

 

I've tried with Windows 8.1 and Android 4.4.2 clients.

 

This is the unfiltered log fron the Controller (I left out a lot of Radius challenges and so fort...), this should be the most interesting part:

 

Apr 1 13:34:41.557 debug iprulesmgr: Sending RADIUS Packet (Length:'375',Code:'Access-Request',Id:'144', calling-station-id='5C-2E-59-36-D1-2D') to RADIUS Server (Ip:'127.0.0.1',Port:'1645') for User (nas-port:'184',username:'markus').
Apr 1 13:34:41.594 debug radiusd: A:Login OK: [markus] (from client localhost port 184 cli 5C-2E-59-36-D1-2D)
Apr 1 13:34:41.601 debug radiusd: A:Login OK: [markus] (from client localhost port 184 cli 5C-2E-59-36-D1-2D)
Apr 1 13:34:41.604 debug iprulesmgr: Received RADIUS Packet (Length:'210',Code:'Access-Accept',Id:'144', Calling-Station-id='5C-2E-59-36-D1-2D') from RADIUS Server (Ip:'127.0.0.1',Port:'1645') for User (nas-port:'184',username:'markus').
Apr 1 13:34:41.604 debug iprulesmgr: Sending RADIUS Access Reject (id='207') to RADIUS Client (ip-address='169.254.0.6',port='34504').
Apr 1 13:34:42.320 debug iprulesmgr: Removed association of station (mac-address='00:80:77:50:8F:81') that was attached to (virtual-ap-index='1',vlan='0').
Apr 1 13:34:42.372 debug iprulesmgr: Updated the association of station (mac-address='88:44:F6:F1:5B:D8') attached to Access-Point (virtual-ap-index='3',ap-mac-address='14:58:D0:36:24:F0',ssid='dermowlan',phytype='ieee802.11n',group='Default Group',interface-name='',vlan='0').
Apr 1 13:34:43.362 debug iprulesmgr: Updated the association of station (mac-address='88:44:F6:F1:5B:D8') attached to Access-Point (virtual-ap-index='3',ap-mac-address='14:58:D0:36:13:80',ssid='dermowlan',phytype='ieee802.11n',group='Default Group',interface-name='',vlan='0').
Apr 1 13:34:43.712 info eventmgr: EVENT[199751] Client (mac='5C:2E:59:36:D1:2D') has successfully authenticated using 802.11 authentication on interface (value='r1v4') using SSID (value='fastroam')
Apr 1 13:34:43.713 info eventmgr: EVENT[199752] No PMKID found in association request sent by client (mac='5C:2E:59:36:D1:2D') on interface (value='r1v4')
Apr 1 13:34:43.715 info eventmgr: EVENT[199753] Client (mac='5C:2E:59:36:D1:2D') associated successfully on interface (value='r1v4') using SSID (value='fastroam')
Apr 1 13:34:43.716 info eventmgr: EVENT[199754] AP sent a deauthentication request to client (mac='5C:2E:59:36:D1:2D') on interface (value='r1v4') using SSID (value='fastroam') with a reason code (value='Unspecified')
Apr 1 13:34:43.718 info eventmgr: EVENT[199755] Request to RADIUS server from client (mac='5C:2E:59:36:D1:2D') on interface (value='r1v4') was rejected while performing 802.1x Authentication
Apr 1 13:34:43.720 info eventmgr: EVENT[199756] AP received a disassociation request from client (mac='14:58:D0:36:24:63') on interface (value='r1v4') using SSID (value='fastroam'). Reason code: (value='Sending station is leaving BSS'). Total number of clients: (value='0')

 

 

I've checked the configuration several times, removed it, redone but I'm starting to feel that I'm missing something here. The controller is a MSM 720, Software version: 6.5.0.1-19720.

 

Markus