I've posted this on the Cisco forum as well - but as yet no one has come forward - so hoping someon here might have an insight they can share?
cheers
Morning all,
I have an issue which I just can't seem to resolve so any help or pointers would be much appreciated.
Firstly the setup:
I have an ASA 5510 that sits between the 'Inside' (core) network and the wireless network.
I have 2 x WLC 5508 that between them support 50 1142 APs that sit in the wireless network.
I have 2 x MS NAP RADIUS servers on the 'Inside network' for AAA. The ASA is configured to pass AAA as well as DHCP and DNS requests.
The wireless network historically has been WPA2 -PSK with MAC filtering. However as time has progressed ,more and more users are using the wireless so the WPA-PSK with MAC filtering was an administrative head ache.
So I opted to set up PEAP - though a little daunting at first, the WPA2-Enterprise solution is now up and running. Users can use any device so long as they can provide their correct credentials.
We are able to support Apple devices, Chrombooks, Andriod and Windows 8 without any fuss ( all non-domain ).................however Windows 7 will not connect!
I have been all over the net and though there seem to be many people in the same boat there doesn't seem to be a solution.
I have mimicked the settings from Windows 8 directly onto windows 7 and it still won't work. I had heard that some Intel chips had issues - so I took a Windows 7 device that didn't work on the wireless and loaded Windows 8 - worked perfectly. I thought it may be a driver issue, so I changed the Intel chip to a Broadcom in Windows 7 - still no joy. I have tried various laptops, different makes, chipsets, drivers.......
I'm thinking now that perhaps the supplicant doesn't work in windows 7 with WPA2 - Enterprise. That Windows 7 itself is the issue?
Has anyone else come across this, if so how did you fix it?
Many thanks in advance.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
EDIT*****
I have done some packet sniffing and run through the logs on the WLCs - there seems to be an endless loop going on where the 'access-challenge' is received from the RADIUS server which is followed by a 'Successful transmission of Authentication Packet' - which then eventually culminates in an error.
This ONLY happens with Windows 7, all the other OSes work perfectly. This is going a bit beyond my skillset so if anyone has any experience in dealing with this some help would be appreciated.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
*radiusTransportThread: May 23 10:06:12.928: ****Enter processRadiusResponse: response code=11
*radiusTransportThread: May 23 10:06:12.928: 1c:65:9d:6e:a9:e9 Access-Challenge received from RADIUS server 10.5.107.250 for mobile 1c:65:9d:6e:a9:e9 receiveId = 32
*Dot1x_NW_MsgTask_1: May 23 10:06:12.937: apfVapRadiusClientInfoGet: Client 1C:65:9D:6E:A9:E9 dynamic int attributes srcAddr: 0.0.0.0 , gw: 0.0.0.0 mask: 0.0.0.0 , vlan:0, dpPort:0, srcPort:0
*aaaQueueReader: May 23 10:06:12.938: 1c:65:9d:6e:a9:e9 Successful transmission of Authentication Packet (id 200) to 10.5.107.250:1812, proxy state 1c:65:9d:6e:a9:e9-00:01
*radiusTransportThread: May 23 10:06:12.939: ****Enter processIncomingMessages: response code=11
*radiusTransportThread: May 23 10:06:12.939: ****Enter processRadiusResponse: response code=11
*radiusTransportThread: May 23 10:06:12.939: 1c:65:9d:6e:a9:e9 Access-Challenge received from RADIUS server 10.5.107.250 for mobile 1c:65:9d:6e:a9:e9 receiveId = 32
*Dot1x_NW_MsgTask_1: May 23 10:06:12.956: apfVapRadiusClientInfoGet: Client 1C:65:9D:6E:A9:E9 dynamic int attributes srcAddr: 0.0.0.0 , gw: 0.0.0.0 mask: 0.0.0.0 , vlan:0, dpPort:0, srcPort:0
*aaaQueueReader: May 23 10:06:12.957: 1c:65:9d:6e:a9:e9 Successful transmission of Authentication Packet (id 201) to 10.5.107.250:1812, proxy state 1c:65:9d:6e:a9:e9-00:01
*radiusTransportThread: May 23 10:06:12.958: ****Enter processIncomingMessages: response code=11
*radiusTransportThread: May 23 10:06:12.958: ****Enter processRadiusResponse: response code=11
*radiusTransportThread: May 23 10:06:12.958: 1c:65:9d:6e:a9:e9 Access-Challenge received from RADIUS server 10.5.107.250 for mobile 1c:65:9d:6e:a9:e9 receiveId = 32
*Dot1x_NW_MsgTask_1: May 23 10:06:12.982: apfVapRadiusClientInfoGet: Client 1C:65:9D:6E:A9:E9 dynamic int attributes srcAddr: 0.0.0.0 , gw: 0.0.0.0 mask: 0.0.0.0 , vlan:0, dpPort:0, srcPort:0
*aaaQueueReader: May 23 10:06:12.982: 1c:65:9d:6e:a9:e9 Successful transmission of Authentication Packet (id 202) to 10.5.107.250:1812, proxy state 1c:65:9d:6e:a9:e9-00:01
*radiusTransportThread: May 23 10:06:12.984: ****Enter processIncomingMessages: response code=3
*radiusTransportThread: May 23 10:06:12.984: ****Enter processRadiusResponse: response code=3
*radiusTransportThread: May 23 10:06:12.984: 1c:65:9d:6e:a9:e9 Access-Reject received from RADIUS server 10.5.107.250 for mobile 1c:65:9d:6e:a9:e9 receiveId = 32
*radiusTransportThread: May 23 10:06:12.984: 1c:65:9d:6e:a9:e9 [Error] Client requested no retries for mobile 1C:65:9D:6E:A9:E9
*radiusTransportThread: May 23 10:06:12.985: 1c:65:9d:6e:a9:e9 Returning AAA Error 'Authentication Failed' (-4) for mobile 1c:65:9d:6e:a9:e9