Print

WA4320-ACN-E 802.1X repeated authentication problem

2020-08-20 Published

Network Topology

NULL

Problem Description

An office uses WA4320-ACN-E as a fat AP to provide wireless access. In order to improve security, 802.1X authentication is turned on. Multiple sites have been deployed on site and they are all operating normally, but one site has duplicates In the case of certification, check the on-site configuration and there is no obvious abnormality.  

Process Analysis

Check the configuration and there is no obvious abnormality, which is consistent with the configuration of other sites, the handshake mechanism is also closed, and there is no problem with the radius configuration. Finally, it is recommended to collect debug information and feedback on site. Check the debug information and find that the billing server does not respond. It is suspected that there is a problem with the billing server. It is recommended to close the test on site.

interface WLAN-BSS50
port access vlan 20
port-security port-mode userlogin-secure-ext
port-security tx-key-type 11key
undo dot1x handshake
dot1x mandatory-domain 802.1x
undo dot1x multicast-trigger

radius scheme 802.1x
primary authentication 192.168.0.x
primary accounting 192.168.0.x
key authentication cipher $c$3$JBBOpOK0rv9HU+VX62ROxx9lKsOgH7Kv5V/+
key accounting cipher $c$3$gBfZd10d9zUgMiiWK2ohuO+86AHDv08ti5pa
user-name-format without-domain
nas-ip 192.168.20.x
#
domain 802.1x
authentication lan-access radius-scheme 802.1x
authorization lan-access radius-scheme 802.1x
accounting lan-access radius-scheme 802.1x

Key debug information:

Jan 10 15:25:33:397 2009 AP-06 RDS/7/DEBUG: Recv MSG,[MsgType=PKT acct_timeout Index = 36, ulParam3=0]
*Jan 10 15:25:33:398 2009 AP-06 RDS/7/DEBUG:
Event: Begin to switch RADIUS server when sending 1 packet.
*Jan 10 15:25:33:398 2009 AP-06 RDS/7/DEBUG:
Event: No active RADIUS server is available for switching when sending packet (pkt-flag = 1).
*Jan 10 15:25:33:398 2009 AP-06 RDS/7/DEBUG: Free seed:122 in 192.168.0.241 for User ID: 36
*Jan 10 15:25:33:398 2009 AP-06 RDS/7/DEBUG:
Error: Accounting server no response.(AAAID = 36, Req-ID = 0)
  

Solution

domain 802.1x
 authentication lan-access radius-scheme 802.1x
 authorization lan-access radius-scheme 802.1x
 accounting lan-access none