Re: WAP351 Authentication failure reason 19 20

aron.neagu · ‎02-04-2016

Hello. We have bought several WAP351 access points and have some problems connecting with a MAC. In the log of the AP I see the following

Feb 4,2016 14:35:48 info hostapd[1583] Station aa:bb:cc:dd:ee:ff had an authentication failure, reason 20
Feb 4,2016 14:35:47 info hostapd[1583] Station aa:bb:cc:dd:ee:ff had an authentication failure, reason 19
Feb 4,2016 14:30:47 info hostapd[1583] The wireless client with MAC address aa:bb:cc:dd:ee:ff has been successfully authenticated.
Feb 4,2016 14:30:47 info hostapd[1583] STA aa:bb:cc:dd:ee:ff pairwise key exchange completed (WPAv2)
Feb 4,2016 14:30:46 info hostapd[1583] STA aa:bb:cc:dd:ee:ff associated with BSSID 11:22:33:44:55:66
Feb 4,2016 14:30:46 info hostapd[1583] Assoc request from aa:bb:cc:dd:ee:ff BSSID 11:22:33:44:55:66 SSID <COMPANY>
Feb 4,2016 14:30:33 debug hostapd[1583] station: aa:bb:cc:dd:ee:ff deauthenticated
Feb 4,2016 14:30:33 info hostapd[1583] STA aa:bb:cc:dd:ee:ff deauthed from BSSID 11:22:33:44:55:66 reason 4: Disassociated due to inactivity
Feb 4,2016 14:29:33 info hostapd[1583] The wireless client with MAC address aa:bb:cc:dd:ee:ff has been successfully authenticated.
Feb 4,2016 14:29:33 info hostapd[1583] STA aa:bb:cc:dd:ee:ff pairwise key exchange completed (WPAv2)
Feb 4,2016 14:29:30 info hostapd[1583] STA aa:bb:cc:dd:ee:ff associated with BSSID 11:22:33:44:55:66
Feb 4,2016 14:29:30 info hostapd[1583] Assoc request from aa:bb:cc:dd:ee:ff BSSID 11:22:33:44:55:66 SSID <COMPANY>
Feb 4,2016 14:28:58 info hostapd[1583] STA aa:bb:cc:dd:ee:ff deauthenticated for reason 16: Group key handshake timeout
Feb 4,2016 14:28:58 info hostapd[1583] Station aa:bb:cc:dd:ee:ff had an authentication failure, reason 17

Where

aa:bb:cc:dd:ee:ff MAC address of station (Mac laptop)

11:22:33:44:55:66 MAC address of AP

I read here http://www.aboutcher.co.uk/2012/07/linux-wifi-deauthenticated-reason-codes/ that the reason codes mean:

19 Invalid pairwise cipher
20 Invalid AKMP

But I am using the correct password, so I am wondering what it actually causing this.

I am wondering what I can do or how to troubleshoot further. The firmware is the latest, 1.0.1.4. Thank you

Tjarb · ‎03-10-2018

Hello,

Well I have the same issue on WAP150 devices. But I suspect that this is because of the AES authentication set on multiple AP-device with the same SSID. When a client is within the overlapping area of two access points it might be the case that a WIFi client has a session build up on AP1, but switches to AP2 having the same SSID.
In that case, there's a conflict and I think the connection will timeout (no ack) and will be dropt and the client has to build up a new session on AP2.
>Could some one please verify this behavior?
Also AP1 will get an error because the client session is suddenly not valid anymore, times out and deauthentication fails.
>Am I right?
I think that a radius server will be the solution for these multi-AP setups where a single device/controller manages the sessions.
>Could someone verify this?

ktonev · ‎03-14-2018

Hi,

I can suggest to follow the steps in this article:

https://supportforums.cisco.com/t5/small-business-wireless/wap-device-best-practice/td-p/2583802

More specifically you can try to increase the DTIM value to 3 which is what Apple is recommending.

If you are using a long complex password with special characters, I can recommend temporarily changing it to something simpler (test123, etc.) and testing again.

If you are still having issues, I'd suggest to call our support centre so an engineer can assist further.

Thanks,
Kris