Hello,
In the ZoneDirector I get multiple messages of clients who fails to authenticate too many times in a row when joining a WLAN. We configured multiple Open WLAN networks and it happens by all of them. In the Syslog Guide the action is to check the user credentials, but it's an open network with no encryption.
We use firmware version 9.10.0.0 build 218, but these messages where already their in firmware 9.8.1.0.101
Access-points type mostly T300 and ZF7762.
Has anybody experienced this before?
- 5 Posts
- 0 Reply Likes
Posted 5 years ago
Primož Marinšek, AlphaDog
- 413 Posts
- 49 Reply Likes
Have you checked if the cable is OK, that there isn't some big interference there, captured some packets to see if authentication and association go through or if a failure happens there already?
Michael Brado, Official Rep
- 3073 Posts
- 442 Reply Likes
- 5 Posts
- 0 Reply Likes
@PrimoZ: Checked the cables are OK. It is possible for me to sniff with a macbook and pcap the authentication process. I shall contact support for this too
@Michael: Clients who are failing are from multiple manufacturers, it isn't only one manufacturer.
- 52 Posts
- 3 Reply Likes
Primož Marinšek, AlphaDog
- 413 Posts
- 49 Reply Likes
Can you check if there is any DHCP discovery for that client before it fails?
Michael Brado, Official Rep
- 3073 Posts
- 442 Reply Likes
- 68 Posts
- 4 Reply Likes
- 6 Posts
- 1 Reply Like
2016/07/02 20:07:41 High User[AA:MM:AA:CC:AD] fails authentication too many times in a row when joining WLAN[SHOTGUN] at AP[T300SHOTGUN]. User[AA:MM:AA:CC:AD] is temporarily blocked from the system for [10 minutes].2016/07/02 20:06:33 Medium User[AA:MM:AA:CC:AD] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02 19:55:16 High User[AA:MM:AA:CC:AD] fails authentication too many times in a row when joining WLAN[SHOTGUN] at AP[T300SHOTGUN]. User[AA:MM:AA:CC:AD] is temporarily blocked from the system for [10 minutes].
2016/07/02 19:54:12 Medium User[AA:MM:AA:CC:AD] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02 19:43:10 High User[AA:MM:AA:CC:AD] fails authentication too many times in a row when joining WLAN[SHOTGUN] at AP[T300SHOTGUN]. User[AA:MM:AA:CC:AD] is temporarily blocked from the system for [10 minutes].
2016/07/02 19:42:05 Medium User[AA:MM:AA:CC:AD] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02 19:31:09 High User[AA:MM:AA:CC:AD] fails authentication too many times in a row when joining WLAN[SHOTGUN] at AP[T300SHOTGUN]. User[AA:MM:AA:CC:AD] is temporarily blocked from the system for [10 minutes].
2016/07/02 19:30:03 Medium User[AA:MM:AA:CC:AD] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02 19:17:08 Medium User[08:66:98:62:9d:b0] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02 18:54:29 Medium User[90:b6:86:3c:8c:08] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02 15:30:13 Medium User[90:b6:86:3c:8c:08] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02 15:05:55 High User[AA:MM:AA:CC:AD] fails authentication too many times in a row when joining WLAN[SHOTGUN] at AP[T300SHOTGUN]. User[AA:MM:AA:CC:AD] is temporarily blocked from the system for [10 minutes].
2016/07/02 15:04:09 Medium User[AA:MM:AA:CC:AD] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
2016/07/02 14:53:18 High User[AA:MM:AA:CC:AD] fails authentication too many times in a row when joining WLAN[SHOTGUN] at AP[T300SHOTGUN]. User[AA:MM:AA:CC:AD] is temporarily blocked from the system for [10 minutes].
2016/07/02 14:51:52 Medium User[AA:MM:AA:CC:AD] repeatedly fails authentication when joining WLAN[SHOTGUN] at AP[T300SHOTGUN].
Michael Brado, Official Rep
- 2920 Posts
- 406 Reply Likes
And what kind of Clients are these?
The AA:MM:AA:CC:AD client appears to be missing a byte in their MAC address and MM
is outside the 0-F range for Hex characters???
08-66-98 = Apple
90-b6-86 = Murata Mfg Co Ltd
- 6 Posts
- 1 Reply Like
WPA2 set to Open. The devices connect freely to the Network without issue on the H500. I am downgrading to 101 today.
- 6 Posts
- 1 Reply Like
a4:b8:05:OSSobes-iPhone Outside SHOTGUN136802.11a/n/ac 72%
Authorized
Connectivity18:b4:30:Amazon Kindle Outside SHOTGUN CH108 802.11a/n 99% Authorized OPEN
Michael Brado, Official Rep
- 2920 Posts
- 406 Reply Likes
Glad to get your update, thanks. Did you have 9.12.2.0.219 (MR2 Refresh), and downgraded one
release to 9.12.2.0.101 (MR2) as the only difference? And restored your previous .101 backup, right?
No issue on an indoor H500 on either version, and only on the T300 with latest showed these errors?
DSE, you saw similar on outdoor 7782, and on what version of ZD?
- 6 Posts
- 1 Reply Like
- 68 Posts
- 3 Reply Likes
- 6 Posts
- 1 Reply Like
- 71 Posts
- 22 Reply Likes
the network (ssid) is open without any authentication.
i dont understand why we get an "fails authentication" if we dont have any authentication at all.
- 3 Posts
- 0 Reply Likes
- 98 Posts
- 25 Reply Likes
- 3 Posts
- 0 Reply Likes
Using the
Access Controls configuration options, you define Layer2/MAC address ACLs,
which can then be applied to one or more WLANs (upon WLAN creation or edit).
ACLs are either allow-only or deny-only; that is, an ACL can be set up to allow
only specified clients or to deny only specified clients. MAC
addresses that are in the deny list are blocked at the AP, not at the
ZoneDirector.
To configure an L2/MAC ACL:
1. Go to Configure > Access Control.
2. In L2/MAC Access Control, click Create
New.
a. Type a Name
for the ACL.
b. Type a
Description of the ACL.
c. Select
the Restriction mode as either allow or deny.
d. Type a
MAC address in the MAC Address text box,
and
then click Create New to save the address.
The new MAC address that you added appears next
to the Stations field.
You can enter up to 128 MAC addresses.
3. Click OK to save the L2/MAC based ACL.
You can create up to 32 L2/MAC ACL rules and
each rule can contain up to 128 MAC addresses.
You can apply the ACL for a specific WLAN in
Configure>WLAN>Create New or Edit a WLAN>Advanced Options>Access
Control.
Related Categories
-
ZoneDirector
- 2636 Conversations
- 776 Followers