NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

yawm's avatar
yawm
Tutor
Sep 22, 2022

WAX630: authentication failed - EAP type: 13 (TLS)

Hi,

 

we have 8 WAX630 devices with the latest firmware (10.2.0.16). We are using 802.1X with external Radius system. Everything is working properly, however, every now and then random users cannot login to the SSID with radius enabled. The server responds "authentication failed" and the syslog servers show these entries:

 

(mac address and hostname were intentionally replaced)

Sep 22 16:19:25 REMOVED_HOSTNAME hostapd: wifi2vap3: STA XX:XX:XX:d4:46:fe IEEE 802.11: associated (aid 3)
Sep 22 16:19:27 REMOVED_HOSTNAME hostapd: wifi2vap3: STA XX:XX:XX:d4:46:fe IEEE 802.1X: authentication failed - EAP type: 13 (TLS)
Sep 22 16:19:27 REMOVED_HOSTNAME hostapd: SSID ROAM: Tx leave update for sta XX:XX:XX:d4:46:fe
Sep 22 16:19:27 REMOVED_HOSTNAME hostapd: SSID ROAM: Received station leave / disconnect update for sta XX:XX:XX:d4:46:fe
Sep 22 16:19:27 REMOVED_HOSTNAME hostapd: SSID ROAM: Received station leave / disconnect update for sta XX:XX:XX:d4:46:fe
Sep 22 16:19:27 REMOVED_HOSTNAME hostapd: SSID ROAM: Received station leave / disconnect update for sta XX:XX:XX:d4:46:fe
Sep 22 16:19:27 REMOVED_HOSTNAME hostapd: SSID ROAM: Received station leave / disconnect update for sta XX:XX:XX:d4:46:fe
Sep 22 16:19:27 REMOVED_HOSTNAME hostapd: SSID ROAM: Received station leave / disconnect update for sta XX:XX:XX:d4:46:fe
Sep 22 16:19:27 REMOVED_HOSTNAME hostapd: SSID ROAM: Received station leave / disconnect update for sta XX:XX:XX:d4:46:fe
Sep 22 16:19:27 REMOVED_HOSTNAME hostapd: SSID ROAM: Received station leave / disconnect update for sta XX:XX:XX:d4:46:fe
Sep 22 16:19:30 REMOVED_HOSTNAME hostapd: wifi2vap3: STA XX:XX:XX:d4:46:fe IEEE 802.11: authenticated
Sep 22 16:19:30 REMOVED_HOSTNAME configd[3673]: EEM: Received Event: NEW_STA_ASSOC_EEM
Sep 22 16:19:30 REMOVED_HOSTNAME hostapd: wifi2vap3: STA XX:XX:XX:d4:46:fe IEEE 802.11: associated (aid 3)
Sep 22 16:19:32 REMOVED_HOSTNAME hostapd: wifi2vap3: STA XX:XX:XX:d4:46:fe IEEE 802.1X: authentication failed - EAP type: 13 (TLS)

 

 

Checking RADIUS Server logs, there is not even the request to the RADIUS that would be sent at that point. 

 

Currently, the workaround is to reboot the specific AP, ask user to re-authenticate, which, first, shows the same error, however, the request looks to be sent to the RADIUS server which then also give a proper feedback and logs the event (see screenshot below):

 

Checking the radius server logs, it show that the specific user was granted access:

 

The user can now connect to SSID without any issues. 

 

Can someone help us out what is causing this issue?

2 Replies

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Oct 12, 2022

    yawm,

     

    Is the WAX630 managed via NETGEAR Insight? 

    Kindly try to disable RADIUS authentication then re-enable it and check if the same problem will occur.

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

  • RaghuHR's avatar
    RaghuHR
    NETGEAR Expert
    Oct 14, 2022

    Hi yawm  Could you please capture the ethernet packet between WAX630 and your Radius server? Also send me the detailed logs. You can save the detailed logs by logging into WAX630 UI -> Monitoring page ->logs and download detailed logs. You can upload

     

    packet captures and logs into any cloud storage such as google drive/one drive/drop box etc.. and send me a link to download via PM. Thank you !

     

     

     

     

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More