User fails authentication too many times in a row when joining WLAN

Think support would be better suited for this than this forum, but here's a few thoughts.

Have you checked if the cable is OK, that there isn't some big interference there, captured some packets to see if authentication and association go through or if a failure happens there already?

Curious too, if you check the OUI of the client MACs who are failing to authenticate, is it any one manufacturer, or many?

I was having this problem on R700 with 9.8 branch on 5 GHz radios. I eventually disabled 5 GHz on those until I can do more testing due to negative impact on users.

Do you know where it fails? There was an error reported (not on this forum) about clients not connecting, but the problem was that it failed at the DHCP stage not at the radio stage. So the auth/asoc phase went through, but when trying to get the IP it suddenly decided the connection was poor. It was an android Lollipop 5.1. Other clients worked fine.

Can you check if there is any DHCP discovery for that client before it fails?

And more 802.11ac AP features are enabled in 9.9.1 (soon), or 9.10 (now) if you can upgrade for further evaluation too. I'm sure tech support would like to know your findings.

i'm having a similar problem also in an total open wlan. Wouter Beens did you get any conclusion?

Seems to be T300, I have a H500 close by and it connects no issue: Latest build .219, ZD1200

2016/07/02  20:07:41 High User[AA:MM:AA:CC:AD] fails authentication too many times in a row when joining WLAN[SHOTGUN] at AP[T300SHOTGUN]. User[AA:MM:AA:CC:AD] is temporarily blocked from the system for [10 minutes].2016/07/02  20:06:33 Medium User[AA:MM:AA:CC:AD] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02  19:55:16 High User[AA:MM:AA:CC:AD] fails authentication too many times in a row when joining WLAN[SHOTGUN] at AP[T300SHOTGUN]. User[AA:MM:AA:CC:AD] is temporarily blocked from the system for [10 minutes].
2016/07/02  19:54:12 Medium User[AA:MM:AA:CC:AD] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02  19:43:10 High User[AA:MM:AA:CC:AD] fails authentication too many times in a row when joining WLAN[SHOTGUN] at AP[T300SHOTGUN]. User[AA:MM:AA:CC:AD] is temporarily blocked from the system for [10 minutes].
2016/07/02  19:42:05 Medium User[AA:MM:AA:CC:AD] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02  19:31:09 High User[AA:MM:AA:CC:AD] fails authentication too many times in a row when joining WLAN[SHOTGUN] at AP[T300SHOTGUN]. User[AA:MM:AA:CC:AD] is temporarily blocked from the system for [10 minutes].
2016/07/02  19:30:03 Medium User[AA:MM:AA:CC:AD] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02  19:17:08 Medium User[08:66:98:62:9d:b0] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02  18:54:29 Medium User[90:b6:86:3c:8c:08] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02  15:30:13 Medium User[90:b6:86:3c:8c:08] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02  15:05:55 High User[AA:MM:AA:CC:AD] fails authentication too many times in a row when joining WLAN[SHOTGUN] at AP[T300SHOTGUN]. User[AA:MM:AA:CC:AD] is temporarily blocked from the system for [10 minutes].
2016/07/02  15:04:09 Medium User[AA:MM:AA:CC:AD] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02  14:53:18 High User[AA:MM:AA:CC:AD] fails authentication too many times in a row when joining WLAN[SHOTGUN] at AP[T300SHOTGUN]. User[AA:MM:AA:CC:AD] is temporarily blocked from the system for [10 minutes].
2016/07/02  14:51:52 Medium User[AA:MM:AA:CC:AD] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].

I experience this on ZD-1100 9.10.2.0 build 53 on zf7982 and on a zf7363 in Mesh.
the network (ssid) is open without any authentication.
i dont understand why we get an "fails authentication" if we dont have any authentication at all.

I know this is an old post, but I couldn't find anything related to my question.  I want to block users who have tried to authenticate too many times and were then blocked.  Does anyone know how to do that?  We are a seasonal business and during the busy season we have dozens of cell phones trying to authenticate.  I just want to block them permanently.    Thanx!

You are right and I have set one up.  Much easier than I Thought.  Instructions are below. I set up a deny list this morning.  I can cut and paste mac addresses of users (cell phones) that continually bang on the door but do not get authenticated.  It has been working since this morning and no one has screamed yet. So, i must have set it up correctly.   Thanx!

Using the Access Controls configuration options, you define Layer2/MAC address ACLs, which can then be applied to one or more WLANs (upon WLAN creation or edit). ACLs are either allow-only or deny-only; that is, an ACL can be set up to allow only specified clients or to deny only specified clients.   MAC addresses that are in the deny list are blocked at the AP, not at the ZoneDirector.


To configure an L2/MAC ACL:

1.  Go to Configure > Access Control.

2.  In L2/MAC Access Control, click Create New.

     a.  Type a Name for the ACL.
     b.  Type a Description of the ACL.
     c.   Select the Restriction mode as either allow or deny.
     d.   Type a MAC address in the MAC Address text box, 
           and then click Create New to save the address.

The new MAC address that you added appears next to the Stations field.
You can enter up to 128 MAC addresses.

3.  Click OK to save the L2/MAC based ACL.

You can create up to 32 L2/MAC ACL rules and each rule can contain up to 128 MAC addresses.

You can apply the ACL for a specific WLAN in Configure>WLAN>Create New or Edit a WLAN>Advanced Options>Access Control.
 

We can apply only 1 ACL per WLAN.