Specifications
OmniAccess Reference: AOS-W System Reference
594 Part 031652-00 May 2005
z Enable client debugging for the client device in question. From the Alcatel
CLI, use the command “aaa user debug mac <MAC address of client>”. Log
output from the debug process can be viewed by issuing the command
“show log intuser 30” (to display the last 30 lines of the log file). The log
should indicate the reason for a failed authentication or association. Often
the cause is a capability mismatch between the client and AP.
z Verify that the AP has not reached the maximum number of users. If the
system has been configured to allow only 20 associations per AP, the 21
st
client will be rejected. A simple way to do this is using the “show ap-leds”
command to view the status of AP LEDs on the switch. An AP that is full
will indicate such via the AP LEDs.
z If the client fails association, the likely cause is a client misconfiguration. If
the network has been configured for WPA and TKIP encryption, and the cli-
ent has been configured for open system and WEP encryption, association
will fail.
z Ensure that the user is physically located in an area with AP coverage. If
signal strength is too low, radio transmission may be garbled to the point
that authentication or association is impossible. The Station Manager log
will indicate with which AP the client is attempting to associate – ensure
that this AP is near the user’s physical location.
z In a dense-mode AP deployment, the AP’s minimum rate may have been
adjusted to a higher value. If the client cannot support this higher value
because of signal impediments or configuration, association will fail.
z Perform a wireless packet capture. If the Station Manager log provides no
useful information or is inaccessible, a packet capture will always show the
reason for a failed association.
z Reset the client NIC. In the case of malfunctioning client software, this
does not fix the underlying problem but is often the fastest way to get the
user back on the network.
z If “Authentication Failure Auto-Blacklisting” has been enabled on the Alca-
tel switch, multiple authentication failures will cause a client to be denied
association. If this feature has been enabled, check the current “Black List”
in the management GUI by navigating to MonitoringÆClientÆClient Black-
list. Ensure that the authentication problem has been fixed before
re-attempting association.
z Verify that no denial of service attack is underway. From the client per-
spective, a successful association followed by an immediate disassociation
appears the same as an unsuccessful association. Examine the Wireless
Management System (WMS) log files on the Alcatel switch by navigating in
the management GUI to the Events tab. A packet capture will also reveal
the presence of a denial of service attack.