While connecting wpa2 enterprise ssid random users getting error "can't connect".
Tried for few users it works by creating manual adapter in client system.
But the same is still not working in few systems.
Collected sta logs for the client system.
=======================================
FGTRGITECHNIPLEX01 # 08462.987 20:2b:20:d1:7c:87 <ih> IEEE 802.11 mgmt::assoc_req <== 20:2b:20:d1:7c:87 ws (0-192.168.2.13:5246) vap RGIL rId 1 wId 0 74
:78:a6:65:9f:08
08462.987 20:2b:20:d1:7c:87 <ih> 20:2b:20:d1:7c:87 sta = 0xa51b7c0, sta->flags = 0x00000001, auth_alg = 0, hapd->splitMac: 1
08462.987 20:2b:20:d1:7c:87 cw_sta_load_chk ws (0-192.168.2.13:5246) rId 1 wId 0 sta 20:2b:20:d1:7c:87
08462.987 20:2b:20:d1:7c:87 cw_sta_balancing: ws (0-192.168.2.13:5246) 20:2b:20:d1:7c:87 enters balancing, rId 1, wId 0, fho 1, apho 1, 5G 1, sta_cnt 0,
sta_th 55
08462.987 20:2b:20:d1:7c:87 cw_sta_balancing: ws (0-192.168.2.13:5246) 20:2b:20:d1:7c:87 exits balancing, no need
08462.987 20:2b:20:d1:7c:87 <ih> IEEE 802.11 mgmt::assoc_resp ==> 20:2b:20:d1:7c:87 ws (0-192.168.2.13:5246) vap RGIL rId 1 wId 0 74:78:a6:65:9f:08
08462.987 20:2b:20:d1:7c:87 <ih> IEEE 802.11 mgmt::assoc_resp ==> 20:2b:20:d1:7c:87 ws (0-192.168.2.13:5246) vap RGIL rId 1 wId 0 74:78:a6:65:9f:08
08462.987 20:2b:20:d1:7c:87 <dc> STA add 20:2b:20:d1:7c:87 vap RGIL ws (0-192.168.2.13:5246) rId 1 wId 0 bssid 74:78:a6:65:9f:08 NON-AUTH band 0x5020
mimo 2*2
08462.987 20:2b:20:d1:7c:87 <cc> STA_CFG_REQ(239) sta 20:2b:20:d1:7c:87 add ==> ws (0-192.168.2.13:5246) rId 1 wId 0
08462.987 20:2b:20:d1:7c:87 <cc> STA add 20:2b:20:d1:7c:87 vap RGIL ws (0-192.168.2.13:5246) rId 1 wId 0 74:78:a6:65:9f:08 sec WPA2 RADIUS auth 0
08462.987 20:2b:20:d1:7c:87 cwAcStaRbtAdd: I2C_STA_ADD insert sta 20:2b:20:d1:7c:87 192.168.2.13/1/0/1
47350.987 20:2b:20:d1:7c:87 <eh> ***20:2b:20:d1:7c:87 AUTH_PAE DISCONNECTED***
47350.988 20:2b:20:d1:7c:87 <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=10
47350.988 20:2b:20:d1:7c:87 <eh> IEEE 802.1X (EAPOL 14B) ==> 20:2b:20:d1:7c:87 ws (0-192.168.2.13:5246) rId 1 wId 0 74:78:a6:65:9f:08
08462.989 20:2b:20:d1:7c:87 <cc> STA_CFG_RESP(239) 20:2b:20:d1:7c:87 <== ws (0-192.168.2.13:5246) rc 0 (Success)
47351.007 20:2b:20:d1:7c:87 <eh> IEEE 802.1X (EAPOL 5B) <== 20:2b:20:d1:7c:87 ws (0-192.168.2.13:5246) rId 1 wId 0 74:78:a6:65:9f:08
47351.007 20:2b:20:d1:7c:87 <eh> recv IEEE 802.1X ver=1 type=1 (EAPOL_START) data len=0
47352.004 20:2b:20:d1:7c:87 <eh> IEEE 802.1X (EAPOL 5B) <== 20:2b:20:d1:7c:87 ws (0-192.168.2.13:5246) rId 1 wId 0 74:78:a6:65:9f:08
47352.005 20:2b:20:d1:7c:87 <eh> recv IEEE 802.1X ver=1 type=1 (EAPOL_START) data len=0
47353.014 20:2b:20:d1:7c:87 <eh> IEEE 802.1X (EAPOL 5B) <== 20:2b:20:d1:7c:87 ws (0-192.168.2.13:5246) rId 1 wId 0 74:78:a6:65:9f:08
47353.014 20:2b:20:d1:7c:87 <eh> recv IEEE 802.1X ver=1 type=1 (EAPOL_START) data len=0
08465.017 20:2b:20:d1:7c:87 cwAcProcInputLocalMsg: cwAcKernDataDelSta failed 20:2b:20:d1:7c:87 rId 1 wId 0
08465.017 20:2b:20:d1:7c:87 <dc> STA del 20:2b:20:d1:7c:87 ws (0-192.168.2.13:5246) vap RGIL rId 1 wId 0
08465.017 20:2b:20:d1:7c:87 cwAcProcInputLocalMsg C2C_STA_DEL_WTP wl RGIL wId 0 sec 6
08465.017 20:2b:20:d1:7c:87 <ih> IEEE 802.11 mgmt::disassoc ==> 20:2b:20:d1:7c:87 ws (0-192.168.2.13:5246) vap RGIL rId 1 wId 0 74:78:a6:65:9f:08
08465.017 20:2b:20:d1:7c:87 <cc> STA_CFG_REQ(240) sta 20:2b:20:d1:7c:87 del ==> ws (0-192.168.2.13:5246) rId 1 wId 0
47354.017 20:2b:20:d1:7c:87 <eh> send IEEE 802.1X ver=2 type=0 (EAP_PACKET) data len=10
08465.017 20:2b:20:d1:7c:87 <cc> STA del 20:2b:20:d1:7c:87 vap RGIL ws (0-192.168.2.13:5246) rId 1 wId 0 74:78:a6:65:9f:08 sec WPA2 RADIUS action del_by
_wtp reason 503
47354.017 20:2b:20:d1:7c:87 <eh> IEEE 802.1X (EAPOL 14B) ==> 20:2b:20:d1:7c:87 ws (0-192.168.2.13:5246) rId 1 wId 0 74:78:a6:65:9f:08
47354.017 20:2b:20:d1:7c:87 <eh> ***WPA_PTK 20:2b:20:d1:7c:87 DISCONNECTED***
08465.017 20:2b:20:d1:7c:87 cwAcStaRbtDel: D2C/C2C_STA_DEL remove sta 20:2b:20:d1:7c:87 192.168.2.13/1/0/1 from staRbt
08465.018 20:2b:20:d1:7c:87 <cc> STA_CFG_RESP(240) 20:2b:20:d1:7c:87 <== ws (0-192.168.2.13:5246) rc 0 (Success)
=======================================
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Dear Hamesb2, sorry but didn't understand what you are telling.
Which FortiOS version?
Do you have admin access to FG for troubleshooting the issue? If so what do you see in related logs?
Is the RADIUS server and the use of the RADIUS at the SSID the same between the working system and non-working system? Then the problem must be on the RADIUS server side. They might not be set up properly to handle the 802.1X/port-based authentication, or more basic issue.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1669 | |
1081 | |
752 | |
446 | |
224 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.