+ Post New Thread
Page 7 of 7 FirstFirst ... 34567
Results 91 to 99 of 99
Wireless Networks Thread, RADIUS and IAS in Technical; Originally Posted by SYNACK Each switch/ap has its own built in clock, have these been set or setup to grab ...
  1. #91

    broc's Avatar
    Join Date
    Jan 2006
    Location
    England
    Posts
    2,046
    Thank Post
    104
    Thanked 401 Times in 265 Posts
    Rep Power
    150
    Quote Originally Posted by SYNACK View Post
    Each switch/ap has its own built in clock, have these been set or setup to grab their time of an NTP server?
    Interesting idea, unfortunately the WAPs (or DMAPs as 3Com call them) are pretty 'dumb' devices with a single profile all managed by a single WX2200 WLAN controller. Also we can see machines that have successfully connected using the same DMAP simultaneously as the ones with problems.

    The WX2200 is set up to use the DC as a time source.

  2. #92
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,421
    Thank Post
    10
    Thanked 486 Times in 426 Posts
    Rep Power
    110
    IMPORTANT

    Procurve users who update switches beyond I.10.40, K12.25 etc (June 2008 onwards) may find 802.1x stops working completely. The procurves now drop packets with a MTU that is too big, despite working perfectly with older versions). I know this will affect IAS as mine stopped working.

    To fix this you can change the Frame MTU size in IAS.

    On the policy add Frame-MTU in advanced and give it a value of 1400, the procuve should now accept any EAP responses from that matching policy.

    I've had to update all my policies with the mtu setting and all is working again. The change is listed as a fix so it's easy to miss!

  3. #93

    Join Date
    Feb 2007
    Location
    Four Oaks
    Posts
    283
    Thank Post
    37
    Thanked 10 Times in 9 Posts
    Rep Power
    21
    Quote Originally Posted by DMcCoy View Post
    IMPORTANT

    Procurve users who update switches beyond I.10.40, K12.25 etc (June 2008 onwards) may find 802.1x stops working completely. The procurves now drop packets with a MTU that is too big, despite working perfectly with older versions). I know this will affect IAS as mine stopped working.

    To fix this you can change the Frame MTU size in IAS.

    On the policy add Frame-MTU in advanced and give it a value of 1400, the procuve should now accept any EAP responses from that matching policy.

    I've had to update all my policies with the mtu setting and all is working again. The change is listed as a fix so it's easy to miss!
    Hey McCoy,

    I started to experience wireless problems this week, our core switch reports the following error message which seems to relate to your fix.


    Too Many Undersized/Giant Packets on port A15
    30-Jan-2009 11:11:52

    Description:
    A device on port A15 is transmitting packets shorter than 64 bytes or longer than 1518 bytes (longer than 1522 bytes if tagged), with valid CRCs.

    Possible causes:
    The possible causes include a misconfigured NIC or malfunctioning NIC, NIC driver, or transceiver.

    Actions:
    Check the NIC for a misconfiguration.
    Update the NIC driver software.
    Replace the malfunctioning NIC or transceiver.
    Check for a short-circuit in the cable path connected to this port.

    im getting these messages on ports which have Netgear AP's plugged into our Hp Procurve.

    can you confirm this?

  4. #94
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,010
    Thank Post
    196
    Thanked 42 Times in 34 Posts
    Rep Power
    30

    Given up - too unreliable

    I've spent two whole days on this, this half term. I finally got it working, but it's just too unreliable.

    Even with computer-only authentication, users frequently get the domain-is-not-available message (even when the IAS server's system log confirms that the machine has been granted access). Users also frequently get profiles and group policies failing to load. It is rare that a user can log on successfully.

    I've removed the group policy setting wireless security and changed the AP back to 'open'.

    Any suggestions?

  5. #95

    broc's Avatar
    Join Date
    Jan 2006
    Location
    England
    Posts
    2,046
    Thank Post
    104
    Thanked 401 Times in 265 Posts
    Rep Power
    150
    Take a look at Microsoft KB904943. We have been suffering from a problem for ages where wireless laptops 'randomly' lose the ability see the domain. The wireless infrastructure seems ok, the Wireless LAN controller can see the client. If you plug in a network cable the problem melts away.... until the next time....

    KB904943 explains how machine only authentication may fail using PEAP-MS-CHAP-V2 and 802.1X because the computer account password on the domain may expire while the computer is offline and subsequent attempts to authenticate fail. Providing the computer with a network connection allows it to reset its domain password, allowing the wireless authentication.

    The KB article suggests some work-arounds..... either use both user & computer authentication or use EAP-TLS instead of PEAP-MS-CHAP-V2

    I guess a third option would be to prevent the computer password from expiring....

    I have switched to using both computer & user authentication for the moment to see if it fixes our problem. Fingers crossed

  6. Thanks to broc from:

    OverWorked (30th April 2009)

  7. #96

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,273
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412
    We solved 99% of our wireless network issues by using a proper supplicant on the clients in our case we went for the Juniper Oddessey client.

    This thing is so configurable and you can see what is going on unlike with the built in windows supplicant.

    In fact you can tell the wireless is up and authenticated by the machine when they are booting becuase they'll even install software over the wireless.

    Ben

  8. 2 Thanks to plexer:

    contink (30th April 2009), OverWorked (30th April 2009)

  9. #97
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,010
    Thank Post
    196
    Thanked 42 Times in 34 Posts
    Rep Power
    30
    Thanks broc & plexer. I'll look into it later - perhaps when I get all my APs replaced with something decent like 3com or Cisco.

    I was trailling RADIUS on an old D-Link AP, so I still wonder if that was part of the problem.

    At the moment, I have a Cisco and D-Link APs. The only common security method they share is 128-bit WEP, or RADIUS, so I'm using the WEP. WEP isn't great, but it's the best I can do right now.

  10. #98

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Quote Originally Posted by plexer View Post
    We solved 99% of our wireless network issues by using a proper supplicant on the clients in our case we went for the Juniper Oddessey client.

    This thing is so configurable and you can see what is going on unlike with the built in windows supplicant.

    In fact you can tell the wireless is up and authenticated by the machine when they are booting becuase they'll even install software over the wireless.

    Ben
    The oddessey client is a cost option, not sure about the cost but yes it is more configurable. I think most of the time the windows built-in supplicant is pretty good but its let down by badly written drivers by NIC vendors. The way odessey and other supplicant solve this problem is by installing an intermediate driver which communicates to the lower and upper level in TCP.

    Ash.

  11. #99

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,273
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412
    Approx 35 a client I think we bought a 100 user client to do all the student laptop trolleys.

    Ben

SHARE:
+ Post New Thread
Page 7 of 7 FirstFirst ... 34567

Similar Threads

  1. radius with guests
    By strawberry in forum How do you do....it?
    Replies: 9
    Last Post: 16th July 2008, 04:10 PM
  2. How does Radius work?
    By ranj in forum Wireless Networks
    Replies: 3
    Last Post: 4th January 2008, 12:42 PM
  3. Radius Testing Software
    By plexer in forum Wireless Networks
    Replies: 0
    Last Post: 25th September 2007, 04:00 PM
  4. HP NX6325 Radius PEAP
    By plexer in forum Wireless Networks
    Replies: 0
    Last Post: 1st December 2006, 10:15 AM
  5. ISA Server 2004 and RADIUS
    By spc-rocket in forum Wireless Networks
    Replies: 0
    Last Post: 11th December 2005, 12:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •