On 30/03/12 11:58, Morris, Andi wrote:
Hi Ricardo, Sorry it was a brief answer but I'm also unsure of where
to turn next with this, especially as you are seeing the same issue
with different network hardware.
Well, you guys need to debug your network hardware (and Ricardo needs to
use a threaded email client!)
It's not a FreeRADIUS issue if no packets are arriving at FreeRADIUS.
Some possible things to consider:
1. Some wireless platforms have a feature where they will try to "nudge"
clients onto either a different access point, or 5GHz rather than
2.4GHz. This might be implemented using vendor extensions (CCX) or it
might be implemented by simply "rejecting" the client. Some clients
treat a number of successive rejections as "bad password", because they
can't distinguish between radio-layer and eap-layer rejections.
On Cisco lightweight, this feature tends to interop badly with e.g.
Linux clients, using the default values.
2. Some wireless platforms vertically integrate the whole protocol stack
(radio, eap, arp/dhcp/ip, etc.) and will reject clients at the
bottom-most layer for violations at upper layers. This can confuse
clients, and make them think auth has "failed"
3. Interference can cause dropped EAP packets. Check your EAP timeout
values, and look for radio-layer problems. Get a decent wireless test
tool - the Fluke AirCheck is excellent, and allows you to force auth to
a specific BSSID/SSID combination, so you can track problems down.
...and so on.
No-one said wireless was easy. But this is not a FreeRADIUS problem.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
