802.1x issue

Similar Messages

• 802.1x issues PEAP +Security Update

  This is the error I get when I try to join our network with PEAP authentication. I cannot seem to find out what this means. It has worked before; however, ever since the last security update I have not been able to connect.
  2006-12-12 15:03:35.133 Internet Connect[239] Error: Unable to join 802.1x wireless network 88001000!
  So I was thinking that it might be the network issue. So I took out my old TiBook with a Aria Extreme card and it hooked up with no problems. I also tried it with another Macbook Pro and it was unable to connect also. I'm sooooo lost.
  ~D

  I have been having similar problems on my MBP C2D recently. My iMac C1D gets about 12mbps on the same wireless connection where my MBP gets about 500kbps. They are both connected to an AirPort Express connected directly to a cable modem.
  At home today, on my MBP I have been having problems connecting to the internet and staying connected. When I am connected it is very slow. This is on a d-link modem.
  I first noticed these problems after installing the airport update and bringing my MBP to my uncles, getting around 500kbps on a linksys wired/wireless router.
  2 of these 3 networks have passwords, (the last one I talked about didn't)
  MBP 17" 2.33GHz 2GB, iMac Core Duo 17" 1.83GHz 1GB   Mac OS X (10.4.8)  

• 802.1X Issues with Macbook Pro Core 2 Duo

  I've read a lot threads involving wireless issues with new Macbook Pros. I just received my MBP a week ago and have had issues with getting 802.1X to work consistently over 802.11g. It will authenticate and stay connected for an hour or so then the status will goto "Authenticating" and stick like that until I disconnect or restart the computer. The network I'm trying to connect to uses PEAP authentication through 802.1X. I have no problems with my wireless when I connect to an unsecured network. I've read about the driver fix for Macbook Pro wireless problems, but that does not apply to my Macbook since I'm using a later version of the Airport Card with 802.11N support. Does anyone have more information on this? Thanks
  Ryan

  Update: If I have no router password, "N" works.

• New Time Capsule (802.11ac) issues reading files on USB drive

  My 802.11ac Time Capsule reguarly fails to read .mp4 files stored on an external HDD drive connected to the Time Capsule via USB. All the files were tested as working when they were copied over, then for some unexplained reason the Time Capusle refuses to recognise them when they are accessed at a later time. This happens for about 1 out of 3 files (sometimes more). All the files are .mp4 format video files. Detacthing the Seagate drive from the Time Capsule and connecting it directly to the MacBook Air fixes the problem and allows the files to be read and played normally – this indicates the problem is with the Time Capsule, not the Segate drive.
  Symptoms;
  1) iTunes generates a file error with trying playing the video from iTunes,
  2) selecting the file from Finder no longer generates a playable preview thumbnail as the Finder preview box remains blank (white),
  3) attempting to play the file from Finder generates an unrecognisable file error in QuickTime,
  4) connecting the external drive directly to the MacBook fixes the problem (the file can be read and played normally),
  5) the files remain readable after reconnecting the external drive back to the Time Capsule, however the problem just reoccurs again later.
  My normal use case is playing movies and TV programmes from iTunes to my television via Apple TV. Apple TV plays the video files over WiFi from the iTunes Library on my MacBook Air. The video files in my library are physically located on the Seagate external HDD attached to my Time Capsule.
  I use a mid-2012 MacBook Air 13" running Mountain Lion 10.8.5. I have an 802.11ac (2 TB) Time Capsule (latest firmware 7.7.1) with a Seagate (1 TB) GoFlex drive attached (to the Time Capsule) via USB 2.0 (USB powered). The Seagate is my media drive and holds all my movies and TV programmes (all in .mp4 format). Both drives are Mac OS Extended (Journaled) with single partions. Time Capsule network is set to Bridged mode to resolve double NAT. I have an Airport Express extending the wireless netowrk to my MacBook Air. Prior to errors occuring, all files tested ok as follows; file plays ok locally on MacBook Air, files play ok from Finder after being moved to the Seagate, files play ok from iTunes library (pointing to Seagate).
  Disk Utility verifies the Seagate drive has being OK. No other network issues.

  Problem Solved!
  The 1TB external HDD attached to my Time Capsule was divided into 2 equal partitions. The first partition used to be my Time Machine backup which I deleted and made available as free space. The second partition was the one I was copying to. It seems the Time Capsule has a problem with blank partitions on an external HDD. Once I repartioned the drive into a single 1TB partition, everything worked fine and my Time Capsule no longer crashes.

• Intel vPro with wired 802.1x issue with domain name

  Hello guys,
  this issue is may not related to SCCM directly, but intel forums are really poor so i´d like to ask here...
  The Case: We are currently provisioning our vPro chips with SCCM SP2 R3 and almost everthing worked as expected (Provisioning OK, OOB Console OK, PowerControl OK even TLS and Kerberos are working. But there is an issue with the 802.1x authentication. It
  seems the vPro chips are not using the correct domain name. Lets say our DNS domain name is
  vpro.com and the NETBIOS Name is coprvro . There are no child or other domains. vPro chips are presenting now
  vpro\COMPUTERNAME$iME instead of vpro.com oder corpvro
  so the Radius Server (Windows Server 2008 R2 - NPS) is saying ReasonCode 7 "...domain is not existing...". AuthenticationType and EAP Type are correct. Usually user- and computeraccounts are using
  corpvro as domain name.

  Hi Dan,
  thank you for your reply. I've already done this in the second place using the SDK and winrm ($8021XProfileInstance.GetProperty("Domain")). I've no idea were SCCM is getting this domain name from. Its cutting off the top level domain extension,
  may be SCCM is assuming that this equals the NETBIOS domain name but that is not the case. This is only a guess, in detail I need to know in fact on what basis SCCM is choosing the domain name, then i can fix this...
  Intels SCS putting the correct NETBIOS domain name in the amt config, used certificates are the same...

• 802.1x - Issue with command: authentication open

  The issue we are running into is that when we initially deployed 802.1x we had the command “authentication open” on all of our switch ports. We ran a CscoWorks job last week Thursday to remove that command from all of our ports. Since that time we have ran into a couple of weird issues where the device was powered up but the switch port would show notconnect when doing a show int status but the speed would show a-1000 and duplex would show a-full. There would be no mac address listed when doing a “show mac add int ‘interface’” and the device would be in the MAB running state. This is happening on devices that are supposed to be doing 802.1x and MAB authentication, if we put the command “authentication open” back onto the port it showed connected and mac address. Now we have over 1000 switches on the network with this command removed and so far have only ran into a couple of these odd ball problem ports so at this time it is not happening widespread but would like to take care of the issue or figure out why this happening before it does.

  On the 2960's we are running 12.2(55)SE5, on the 6500's we are running 15.1(1)SY
  We didn't use any kind of ACL because we start all of our switch ports into a black hole vlan. I have been watching sessions from Cisco Live 2012 and looks like Cisco is now recommending that you don't go closed mode unless absolutely necessary because it is hard to maintain and function.

• MAB and 802.1x issues with IP-phone

  I'm trying to use 802.1x to authenticate clients on my network with dynamic VLAN assignment from RADIUS. We have IP-Phones(powered by PoE) that only supports EAP-MD5, and we would rather use MAB(it also uses LLDP-MED for some settings) to authenticate the phones using the MAC-range from the phones vendor. The following scenario works perfect:
  Connect the phone and let it boot up(takes a while) and authenticate with MAB.
  Connect a computer in the phones data-port and let it authenticate with 802.1x(or fail and reach guest-vlan)
  However, the following scenario doesn't work:
  The computer is already connected to the phone
  The phone is then connected to the switch
  What happends now is that the computer is authenticated using 802.1x before the phone boots up and get's authenticated with MAB. When the phone is ready, it's authenticated with MAB and everything works. However, after a short period(let's say a minute), using `debug authentication all`, we see a "NEW LL MAC: phones mac" message(which is weird since the mac has already been MAB-authenticated), and then we are unable to contact the phone using ping. When I check `show mac address-table` it has now moved the mac from `Port Gi 0/12` to `Port Drop`. However, if I check `show mab interface Gi 0/12` or `show authentication sessions` it lists the phones-mac as `mab auth sucess `.
  Can anyone explain why the first scenario works, and not the second?
  The switch is a 3560E PoE 24p with IOS 12.2.58SE2. Sample of the switch-config:
  network-policy profile 1
  voice vlan 90
  interface GigabitEthernet0/12
  switchport mode access
  network-policy 1
  authentication control-direction in
  authentication event fail retry 1 action authorize vlan 60
  authentication event server dead action authorize vlan 60
  authentication event no-response action authorize vlan 60
  authentication event server alive action reinitialize
  authentication host-mode multi-domain
  authentication order mab dot1x
  authentication priority mab dot1x
  authentication port-control auto
  authentication periodic
  authentication violation replace
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 5
  dot1x max-reauth-req 1
  spanning-tree portfast
  Btw, when we tried authenticating the phones using 802.1x too (EAP-MD5), there are NO problems in any of the scenarios. However, we want to use MAB instead of 802.1x to avoid the requirement of configuring the phones with a username and password. The RADIUS response was the same when using 802.1x as it is with MAB for the phones (including device-traffic-class=voice AV-pair).

  Hey. Yes, as specified in the last sentence in my post, the phone is placed in the Voice Domain, and both RADIUS and LLDP-MED (network policy profile 1) specifies voice vlan as 90.
  The weird thing is that everything works fine if both use 802.1x, and that there is only a problem when phone(using MAB) already has the computer connected to it, when the phone is turned on(connected to PoE-switch). It must be because the computer boots up and authenticates first I think.
  The phones are Snom 821.

• Airport 802.11n issues

  I have 4 macs and 3 of which cannot access the Airport extreme 802.11n.
  The only one that can is the MacBook 10.5.4
  I need to connect a g5 (intel) 10.5.2, PowerBook (PowerPC G4) 10.4.11 and MacBook Pro 10.5.4
  Is this info helpful, or do you need to know anything about the airport card each comp has?
  Can you point me towards some troubleshooting help?
  Thanks so much!

  "I need to connect a g5 (intel) 10.5.2" did not think Apple ever made this one has a B/G card not N
  "PowerBook (PowerPC G4) 10.4.11" has a B/G card not N
  "MacBook Pro 10.5.4" should be able to connect to N
  Use Airport Utility and set your network for 2.4 GHZ N+B/G speed you will not get N speed at 5 GHZ your devices are mixed so the N peed will not be there.

• Airport Extreme (802.11g) Issue

  I have two Airport Extreme (802.11g) that have been working flawlessly for many years.  Recently one of them started flashing all three light rabidly and I can't connect to it wirelessly with the Airport Admin Utility.
  When I power cycle it, the middle light blinks once, then the outer two lights blink once, then all three lights come on momentarily and then start blinking super fast.  I think that a power surge or old age have killed it as I can't hard reset it and the link light on the switch it is connected to does not illuminate either.
  So, I think it's dead but I thought someone may have some information.
  Thanks.

  Sorry to say, but based on your description, your 802.11g AirPort Extreme Base Station (AEBS) has (or will soon) failed.

• 802.1X Re-authentication Question

  Hello,
  I have a switch-C960X version 15.0 (2r) EX, and I was looking at the securit config guide for 15.0(2) EX.There's suppose to be a command to force a port to re-authenticate itself as I'm trouble shooting 802.1X issues. The command is "dot1x re-authenticate interface" now I have gone under an interface and looked at all 802.1X commands and I have looked at just the 802.1X commands, nothing I can find has this for an option. I'm wondering if anyone else knows why this is or If I'm looking in the wrong place? 
  Thanks,

  Hi ngtransge,
  Thanks for rating the replies. You need to select "User Authentication". I am pasting some screenshots which might help you out.

• WMM for AirPort Extreme (802.11n) - UMA T-Mobile not working...

  Is there any chance we'll see WMM (WiFi Multi-Media) in a firmware upgrade anytime soon? I noticed that according to the WiFi Alliance's website, when the AirPort Extreme was certified, it supported WMM!
  http://certifications.wi-fi.org/wbcscertified_products.php?search=1&advanced=1&lang=en&filter_company_id=&filter_cat egory_id=&filter_subcategory=&filter_cid=&date_from=&date_to=&x=30&y=18&selectedcertifications%5B%5D=33
  As an early adopter, I just got a BlackBerry 8320 from T-Mobile, which does UMA, so you can use the phone over WiFi. Works awesome with wireless routers that do WMM, basically doesn't work with my AirPort Extreme... As you might imagine, this is quite frustrating, as I have particular desire to have two APs, for basically no reason!
  --Donald

  I shot this across... let's see if anything comes of it:
  ~*~
  To: [email protected], [email protected], [email protected]
  Subject: a rather pressing Airport Extreme (802.11n) issue
  i'm not sure if the person receiving this email will have any power (or will
  care enough) to do anything about sorting this problem out, but hey...
  better to try and fail than not trying at all, right?
  anyway... here goes:
  i am a die-hard apple user- heck, even a long-time stockholder- and recently
  bought an airport extreme (802.11n) router for my house. it worked
  flawlessly and i thought it was the best thing since sliced bread... well,
  until i picked up a UMA phone from T-Mobile.
  UMA is a service that routes your calls over WiFi. for some reason the UMA
  service worked everywhere except over my Airport Extreme base station. as a
  surprise, it even worked over my neighbour's older Airport Extreme (802.11g)
  connection.
  i swapped base stations (ie, brought his base station to my house, connected
  it to my network) and it worked. so, it is an issue that is clearly
  isolated to the new 802.11n base stations.
  thinking it was only me with this issue, i dug around the internet and found
  this discussion:
  http://discussions.apple.com/thread.jspa?threadID=1152014&tstart=15
  (if you want more, just google the keywords 'airport extreme UMA')
  obviously there's no resolution and people are getting quite peeved that a
  state-of-the-art base station can't do something than an older base station
  can clearly do. so, can someone please look into this?
  thanks!
  pramit
  ~*~

• Printing from CS3 under Vista to Windows 2003 server print que very slow

  I just upgraded one of my machines to vista with CS3. I normally print to a windows 2003 server print spool que. When I go to print it takes forever to pull up my different printers and then go to properties. On my XP machines there is no problem, I can select the print que, go into properties for my printer and it works fine. Something with Vista, CS3 and WIndows 2003 server?
  Thanks

  shadeDream
  Im curious about your 802.1x issues are. Im testing user profiles VS login window profiles for 802.1x on our Cisco wi-fi LAN right now, and I'm scratching my head on how the login window profile is actually supposed to work. Its a chicken-and-the-egg situation for me. I cant use user login window profiles, I have to use user profiles, which don't work very well in my environment for various reasons. Granted, it has improved since 10.5.3, but its still not working as I expect it to work. Do you have a Apple Discussion post related to this issue I can read?
  Sorry for hijacking this discussion with off-topic content...

• Voice clients per AP

  Hi Experts,
  I would like to know how many voice clients can be supported in a Cisco 3700 AP?  I have seen a document (Document ID:8103);
  Q. How many wireless IP telephony handsets are recommended per AP?
  A. IP telephony network sizing is essential to ensure that adequate bandwidth and resources are available to carry mission-critical voice traffic. In addition to the usual IP telephony design guidelines for sizing components, such as PSTN gateway ports, transcoders, WAN bandwidth, and so forth, also consider these 802.11b issues when sizing your wireless IP telephony network:
  Number of 802.11b devices per AP: Cisco recommends that you have no more than 15 to 25
  The number of 802.11b phones you can deploy per Layer-2 subnet or VLAN depends on these factors:
  Use no more than seven G.711 or eight G.729 active calls per AP.
  On 7925G IP phones, I have read in an article not to use WPA2/PSK encryption.  Is this still true?
  Regards,
  Manuelito

  Hi
  Refer this document for more information.
  http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf
  Here is the numbers as per this doc
  On 7925G IP phones, I have read in an article not to use WPA2/PSK encryption. Is this still true?
  No, it is not true.
  I think this is the document you referring where Cisco recoomends WPA2/802.1X over PSK, but still you can use WPA2/PSK with 7925G
  https://supportforums.cisco.com/document/112171/how-get-your-792x-wireless-phones-performing-reliably
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Slow Wireless LAN in Leopard

  All right, I've spent the past 12 hours (on and off, of course) looking through all the threads in here, doing a lot of experimentation, and a bunch of clean installs and whatnots, and I've decided to start a new thread, since in many of the said threads, some people seemed to have similar issues, but the other issues in the same threads seem to be different problems, and it just becomes confusing when you try to trouble shoot something and people are talking about different problems.
  So, this thread is specifically for people who satisfy these criteria under Leopard:
  1) You're having issues with very slow file transfers in your *local network* when at least one end is connected wirelessly; that is to say, when both ends are connected to the router via ethernet, you see no problem at all.
  2) Your wireless connection doesn't display problems when connecting to the internet.
  3) It is not specifically an 802.11n issue; i.e., the problem can be duplicated when in Mixed b/g only mode and/or using an 802.11g router.
  4) It's not a router connection issue; i.e., your wireless connection isn't being dropped, and you are able to find your AP and connect to it without any problems.
  So basically, that more or less sums up my problem. My equipments:
  MacBook Core2Duo 2.2GHz, 802.11b/g/n, OSX 10.5.2
  iMac Core2Duo 2.13GHz, 802.11b/g/n, OSX 10.5.2
  Router 1: TRENDnet TEW-631BRP (Draft N router), H/W V3.0R, FW v.1.0.3.7
  Router 2: NETGEAR WGR614 v.5 (g), FW v.1.0.3_1.0.3
  Internet: RCN Cable, 20Mbps/2Mbps
  In my usual setup, the iMac is connected via Ethernet and the Macbook is connected wirelessly.
  I know that this is a Leopard problem, but I'm not so sure it's a 10.5.2 specific problem. Let me explain.
  I'd been using the TRENDnet more or less happily for the last couple of months. My iMac and Macbook have been in sync in terms of Leopard versions, so I know things were OK till last night when I first noticed problems. Transferring a large video file from the iMac to the Macbook would start off fine, then really slow down, and finally almost completely halt. Naturally, I blamed 10.5.2.
  After trying all the different "fixes" in the Leopard/network related threads with no avail, I tried booting my laptop into Tiger (10.4.11) installed on an external HDD. Voila, wireless file transfer speed is fast at around 8MB/sec (obviously using N). I did a fresh install of 10.5, and the speed immediately dropped down to 1-2MB/sec, although not necessarily stalling. Then, updating to 10.5.2 slowed it down more, and now the transfers will sooner or later almost completely stall.
  Again, I tried all the suggested remedies (use b/g Only mode, adjust RTS/Fragmentation thresholds, use WEP instead of WPA, delete all the Network Services in System Preferences -> Network, etc., etc.). Nothing helps. I tried swapping the router to an older Netgear (802.11g/b), and it's the same deal, so it's not a router issue.
  A definite characteristic is that the transfer seems to stall after a certain period of sustained transferring; i.e., this will usually only happen when transferring large files (>200MB). If I were to download a folder with 600 JPEG files @ 1MB each, there won't be a problem, and the transfer rate will be pretty fast (although not as fast as under Tiger @ 7-8MB/sec), and it won't stall. It's only when I try to transfer big video files, etc., that this problem occurs.
  If you are having similar issues, please share your experiences, suggest remedies, offer insights. I will try to answer any question you may have and that I may have missed to address.
  PLEASE: if your symptoms are different from what's listed up there, please try to refrain from posting here, unless you are absolutely certain that the issues are related. Thanks.

  I'll concur, network streaming since 10.5.X is painful at best and has gotten worse with every dot release. Apple, I've spent thousands of dollars on your equipment in the 13 years I've been using it and this is unacceptable.
  Here's the home network for reference:
  12MB uplink to Internet via Cox Cable --> brand new (yesterday) Airport Extreme (to replace a Linksys WRT 54G, which I had originally suspected was the culprit) 100MB Ethernet to Core 2 (single) Mac Mini. Media lives on a Lacie 500GB RAID1 array connected via Firewire 400. The Mini shares out to a Macbook Core 2 Duo @ 2GhZ, Airport Extreme and an iMac Core 2 Duo @ 2.16GhZ.
  Movies stutter and die when streaming to the MacBook or the iMac, regardless of codec. The iTunes application can no longer stream mp3s from my shared library (on the Lacie array) to either of those two machines without constant rebuffering.
  I have verified the Lacie array isn't suspect by copying known good (by test play on the Mini) files from it to the Desktop on the Mini and streaming from there. I've verified the MacBook and iMac aren't suspect by copying those same known good files to the Desktop on each and playing from there. I don't have issues opening a connection from one machine to any other on the network, but any sustained connection is an issue, regardless of networking protocol (AFP, SMB) or connection\authentication method (Finder sidebar or "Connect to Server" dialog.)
  Apple, you have an obligation to your customers to resolve this. I've been a networking professional for 17 years and setting up the Airport Extreme was far from a challenge.

• Issue with new Airport Extreme Base Station 802.11ac

  I just purchased an AEBS (new model with 802.11ac).  I'm using it with Comcast internet service using a Motorola Surfboard SB6121.
  I have a very odd and frustrating issue.  The internet simply blips in and out.  I have it set up with WiFi and have connected devices such as my iPhone, iPad, Mac Pro, and a Chromebook to it.  I have the issue on all devices so I know it's not device specific.
  The network itself never goes away.  When I look at the WiFi area on my Mac even when the internet isn't working it shows it's connected to the WiFi network.  Also, when the internet is not working the green light is on and staying lit (not blinking) on the AEBS so it appears the WiFi Network part of it works fine.
  As mentioned it's the internet service itself that blips in and out.  What I mean by this is it may come on for 40 secs, go off for 20 secs, back on again, and off, just like that. I have not timed it and that would be hard but it seems to be very regular, something like 40 on, 20 off, and it may not even vary at all.  It's a very bizarre issue.  I have also direct connected the modem via ethernet to my Mac Pro. I used it for several problems with no problem so I know it's not the modem.
  The only thing I can think of is I received a defective AEBS.  I purchased it through Amazon and I almost contacted them to do a replacement and send this one back.  Yet I'm hoping it's something simple with the settings.  Now I have already done a factory reset of the AEBS and that did not help.  Yet I'm hoping it's simply a setting that I need to modify or wipe out.  Any idea of what's causing this or is it simply a defective base station?
  Thanks for your help.

  There is a bug with the modem where the ethernet is not syncing properly.. The bug is particularly bad with SB6121 and SB6141.. so you got it right.. welcome to the bug farm..
  https://discussions.apple.com/search?q=sb6121
  https://discussions.apple.com/search?q=sb6141
  There is no solution.. a new one could do the same. It is not 100% consistent.. I have recommended people use a small 10/100 switch between the modem and the AEBS.. or use a cross over cable. It works for some but not everyone.
  Some modems seem to work better.. but IMHO it is not your problem it is apple's.. and they are keeping quiet as they do.
  Send the AEBS back either for replacement.. and hope for a better one.. or just get a refund and buy something better.. eg Netgear R7000 or Asus RT-AC68U.