SRP527W - Wifi Security ignored by Macbook

bmcadmin2013 · ‎08-05-2013

We recently received a CISCO SRP527W exchange router from Cisco following the failure of the orginal SRP527W. The Router has been configured with two Wireless SSID's to allow segregation of the types of system/users we have.

History - I recently added the 2nd SSID and reconfigured the original SSID to re-assert control of the Wireless connection to the business. It worked nicely - Windows x, Android and Iphone devices have all been stopped connecting and required the new credentials etc to be entered.

One SSID is for internal business systems, and allows access to the Servers and infrastructure inside the organisation. The second SSID has its own DHCP server and allows clients to access the web and nothing else.

Tonight we had a person come to our establishment to give a presentation using his macbook. To our amazement the Macbook has connected without challenge to the SRP527W. In his Wifi settings it showed both our Wifi SSID's as unsecured.

As a test I deleted the wifi config from our Windows 7 Laptop and attempted to connect - it was rejected as expected, and the same result was experienced with my Android phone - it was denied access until the key was entered.

The Wireless Setup for both SSID's is Identical with the exception of the SSID (obviously) and the Key

Cisco SRP527W

Firmware version 1.01.23

Security mode - WPA2 Personal

WPA Algorithms - TKIP+AES

SSID's x 2)

WPA Shared keys - are 30 chars long (Aphanumeric)

WPS - Disabled

Has anyone experienced this very uncomfortable event, or does anyone know if this is an issue that has been seen before.

I have upgraded the firmware since to V1.01.29 - but dont have a macbook to test if this has fixed the issue. It has completely undermined the trust I had in the SRP - having deployed these to a number of locations for the same reason anyone chooses Cisco.

jeffrrod · ‎08-07-2013

Dear Shane,

Thank you for reaching Small Business Support Community.

It is very strange issue you describe here, nobody has reported a similar case on this community forums before. There is a wireless performance caveat, ID CSCtt12885, worked out on firmware v1.01.29 but it does not relate to wireless security as far as the release notes. Unfortunately I cannot reproduce your scenario and therefore all I can suggest you is to try the macbook again with the SRP running the latest firmware release version.

These SRP520W series are already end of life and end of support so I do not think there is going to be a future public firmware release to address any new caveat notice. You may also contact the Small Business Support Center to inquire about this, but notice that the support is subject to a warranty or contract terms and conditions;

https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

I wish I could be a better help. Very odd and now I am worry about it myself. We'll be looking forward to hear from you.

Kind regards,

Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer

*Please rate the Post so other will know when an answer has been found.

Jeffrey Rodriguez S. .:|:.:|:. Cisco Customer Support Engineer *Please rate the Post so other will know when an answer has been found.

bmcadmin2013 · ‎08-07-2013

Thanks Jeffrey for the information.

I have redone the testing from Android and Microsoft Devices and they still get prompted for credentials. Unfortunately for me neither the customer or I, have access to another Macbook Air to test if the firmware upgrade has cleared the issue. I also cant say with confidence if the Macbook was giving the impression of switching SSID's and was in fact connected to another AP in the vicinity (eg a smartphone with the Hotspot enabled and no security). There was a third SSID in the list, but I admit to being focused on the ones we owned.

One thing I do recall is about the available AP's list on the Macbook Air, none had the Padlock Icon.

I had wondered that given the nature of the issue Cisco may have wanted to look at the config to determine if its my actions, an issue that needs addressing or an anomoly that might be cleared by resetting back to factory defaults.

Unfortunately, the firm is my largest and best customer - and out of respect I have given them my notice as I am unable to provide an explanation nor be sure it is something that was my error in the config.