Wireless Networks Thread, RADIUS and IAS in Technical; Originally Posted by SYNACK
Each switch/ap has its own built in clock, have these been set or setup to grab ...
28th November 2008, 02:11 PM #91
Interesting idea, unfortunately the WAPs (or DMAPs as 3Com call them) are pretty 'dumb' devices with a single profile all managed by a single WX2200 WLAN controller. Also we can see machines that have successfully connected using the same DMAP simultaneously as the ones with problems.
Originally Posted by SYNACK
The WX2200 is set up to use the DC as a time source.
6th December 2008, 10:43 PM #92
Procurve users who update switches beyond I.10.40, K12.25 etc (June 2008 onwards) may find 802.1x stops working completely. The procurves now drop packets with a MTU that is too big, despite working perfectly with older versions). I know this will affect IAS as mine stopped working.
To fix this you can change the Frame MTU size in IAS.
On the policy add Frame-MTU in advanced and give it a value of 1400, the procuve should now accept any EAP responses from that matching policy.
I've had to update all my policies with the mtu setting and all is working again. The change is listed as a fix so it's easy to miss!
30th January 2009, 08:43 PM #93
Originally Posted by DMcCoy
I started to experience wireless problems this week, our core switch reports the following error message which seems to relate to your fix.
Too Many Undersized/Giant Packets on port A15
A device on port A15 is transmitting packets shorter than 64 bytes or longer than 1518 bytes (longer than 1522 bytes if tagged), with valid CRCs.
The possible causes include a misconfigured NIC or malfunctioning NIC, NIC driver, or transceiver.
Check the NIC for a misconfiguration.
Update the NIC driver software.
Replace the malfunctioning NIC or transceiver.
Check for a short-circuit in the cable path connected to this port.
im getting these messages on ports which have Netgear AP's plugged into our Hp Procurve.
can you confirm this?
20th February 2009, 04:28 PM #94
Given up - too unreliable
I've spent two whole days on this, this half term. I finally got it working, but it's just too unreliable.
Even with computer-only authentication, users frequently get the domain-is-not-available message (even when the IAS server's system log confirms that the machine has been granted access). Users also frequently get profiles and group policies failing to load. It is rare that a user can log on successfully.
I've removed the group policy setting wireless security and changed the AP back to 'open'.
30th April 2009, 08:29 AM #95
Take a look at Microsoft KB904943. We have been suffering from a problem for ages where wireless laptops 'randomly' lose the ability see the domain. The wireless infrastructure seems ok, the Wireless LAN controller can see the client. If you plug in a network cable the problem melts away.... until the next time....
KB904943 explains how machine only authentication may fail using PEAP-MS-CHAP-V2 and 802.1X because the computer account password on the domain may expire while the computer is offline and subsequent attempts to authenticate fail. Providing the computer with a network connection allows it to reset its domain password, allowing the wireless authentication.
The KB article suggests some work-arounds..... either use both user & computer authentication or use EAP-TLS instead of PEAP-MS-CHAP-V2
I guess a third option would be to prevent the computer password from expiring....
I have switched to using both computer & user authentication for the moment to see if it fixes our problem. Fingers crossed
Thanks to broc from:
OverWorked (30th April 2009)
30th April 2009, 09:04 AM #96
We solved 99% of our wireless network issues by using a proper supplicant on the clients in our case we went for the Juniper Oddessey client.
This thing is so configurable and you can see what is going on unlike with the built in windows supplicant.
In fact you can tell the wireless is up and authenticated by the machine when they are booting becuase they'll even install software over the wireless.
2 Thanks to plexer:
contink (30th April 2009), OverWorked (30th April 2009)
30th April 2009, 09:25 AM #97
Thanks broc & plexer. I'll look into it later - perhaps when I get all my APs replaced with something decent like 3com or Cisco.
I was trailling RADIUS on an old D-Link AP, so I still wonder if that was part of the problem.
At the moment, I have a Cisco and D-Link APs. The only common security method they share is 128-bit WEP, or RADIUS, so I'm using the WEP. WEP isn't great, but it's the best I can do right now.
30th April 2009, 09:58 AM #98
The oddessey client is a cost option, not sure about the cost but yes it is more configurable. I think most of the time the windows built-in supplicant is pretty good but its let down by badly written drivers by NIC vendors. The way odessey and other supplicant solve this problem is by installing an intermediate driver which communicates to the lower and upper level in TCP.
Originally Posted by plexer
30th April 2009, 10:39 AM #99
Approx £35 a client I think we bought a 100 user client to do all the student laptop trolleys.
By strawberry in forum How do you do....it?
Last Post: 16th July 2008, 04:10 PM
By ranj in forum Wireless Networks
Last Post: 4th January 2008, 12:42 PM
By plexer in forum Wireless Networks
Last Post: 25th September 2007, 04:00 PM
By plexer in forum Wireless Networks
Last Post: 1st December 2006, 10:15 AM
By spc-rocket in forum Wireless Networks
Last Post: 11th December 2005, 12:48 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)