Case study on troubleshooting terminal access fail issue in WX3840X MAC Portal (ADcampus) authentication at a specific site

The on-site AC model is WX3840X, version R1411P01. There are two SSIDs on site: one office SSID, XX-Office, which uses remote MAC authentication; and one guest SSID, XX-Guest, which uses ADcampuss MAC portal authentication. The main issue observed is: when a terminal first connects to the office SSID, since the server has not added the corresponding MAC user at this time, MAC authentication fails. Then, when trying to connect to the guest SSID, the terminal will have issues associating with the wireless network.

1、First, acknowledge whether there are client appearances and MAC user authentication (Uauth) appearances when the association fails. Verify that no corresponding appearances exist by using commands display wlan client and display mac-authentication connection.

2、Collect debug wlan client mac XXXX, debug radius all, and debugging mac-authentication all mac XXXX information. It is found that an error is reported directly during the association phase.

By acknowledge, this error indicates that the terminal was denied access by the denylist. After the on-site terminal fails to connect to the office SSID MAC authentication, it will automatically be added to the dynamic denylist for 1 minute, resulting in subsequent terminal access fail.

Set the MAC authentication quiet timer parameter to 1 second: mac-authentication timer quiet 1