Re: Cisco WPA2-PEAP IAS/AD does not authenticate right away aftera reboot
Re: Cisco WPA2-PEAP IAS/AD does not authenticate right away aftera reboot. Discuss Re: Cisco WPA2-PEAP IAS/AD does not authenticate right away aftera reboot, on Wireless Forums.
Re: Cisco WPA2-PEAP IAS/AD does not authenticate right away aftera reboot
wayneTurnquist wrote:
> I have Cisco access points with just G radios running the following
> version
> Cisco IOS Software, C1200 Software (C1200-K9W7-M), Version
> 12.3(8)JEB1,
>
> I have laptops running XP sp2 with all the patches that I could find
>
> I’m using the Intel 3945abg wireless Adapters and the Proset/wireless
> manager with the admin tool kit
>
> I have 2 Cisco access points setup for primary and secondary WDS
>
> I have a SSID setup to do WPA2-PEAP
>
> I authenticate again Microsoft IAS and AD
>
> In general it works except for the following
>
>
> I will be doing machine authentication against IAS/AD when they boot up
> and before the windows login prompt, which will be just like if they are
> wired into our network. This way, group policy’s, at machine level will
> get applied, network scans and etc can take place.
>
> It works great if a device has never been connected to the network or
> the time out flushes the cache authenticated/credentials from the WDS
> access point. Or if you reapply the Intel Proset/wireless profile before
> a reboot.
>
> Otherwise if on the network and do a reboot and let it sit at the (wait
> until credentials are flushed) windows login prompt and wait until you
> can ping the device (ping device –t), the following is what you get on
> the access point log. Windows does not support EAPOL-Stop or PEAP-Stop
> because of denial of service attacks, which would solve this problem if
> windows would issue these commands during a reboot.
>
> The following is the logs from cisco access point if I just wait for
> the flush timer
>
> Dec 12 08:20:02.429 CST: %DOT11-6-DISASSOC: Interface Dot11Radio0,
> Deauthenticating Station 0016.6fca.fb69 Reason: Sending station has left
> the BSS
>
> Dec 12 08:20:33.979 CST: %DOT11-7-AUTH_FAILED: Station 0016.6fca.fb69
> Authentication failed
> Dec 12 08:21:04.012 CST: %DOT11-7-AUTH_FAILED: Station 0016.6fca.fb69
> Authentication failed
> Dec 12 08:22:07.040 CST: %DOT11-7-AUTH_FAILED: Station 0016.6fca.fb69
> Authentication failed
> Dec 12 08:22:37.087 CST: %DOT11-7-AUTH_FAILED: Station 0016.6fca.fb69
> Authentication failed
> Dec 12 08:23:07.184 CST: %DOT11-7-AUTH_FAILED: Station 0016.6fca.fb69
> Authentication failed
> Dec 12 08:24:11.275 CST: %DOT11-6-ASSOC: Interface Dot11Radio0, Station
> MACCESS14 0016.6fca.fb69 Associated KEY_MGMT[WPAv2]
>
> -) Is there a reg key for Intel or Microsoft that will help in this
> issue?
> -) Is it a configuration problem?
> -) is there even a way to fix this issue
>
>
> ------------------------------------------------------------------------
> View this thread: http://www.wirelessforums.org/troubleshooting/cisco-wpa2-peap-ias-ad-does-not-authenticate-right-away-after-reboot-34763.html
> http://www.wirelessforums.org
>
Suggest you ask on comp.dcom.sys.cisco
Re: Cisco WPA2-PEAP IAS/AD does not authenticate right away aftera reboot 
Linear Mode
