Solved: Re: Mobility Express 8.5.151 and phones

Roman-spb · ‎09-13-2019

Hello, all.

I have 7 AP 1832 with mobility express. Two APs are controlles (primary/backup) and all other are CAPWAP.

Unusual behavior detected on iPhones with my WPA2-PSK ssid: client iPhone entering right PSK key, trying to connect => Fail: incorrect password. Client goes to other place and trying to connect => Ok. debug client mac says:

Failed AP:

*Dot1x_NW_MsgTask_0: Sep 04 12:19:25.979: 40:00:00:00:aa:bb Successfully computed PTK from PMK!!!
*Dot1x_NW_MsgTask_0: Sep 04 12:19:25.979: 40:00:00:00:aa:bb Received EAPOL-key M2 with invalid MIC from mobile 40:00:00:00:aa:bb version 3
*osapiBsnTimer: Sep 04 12:19:27.121: 40:00:00:00:aa:bb 802.1x 'timeoutEvt' Timer expired for station 40:00:00:00:aa:bb and for message = M2
*Dot1x_NW_MsgTask_0: Sep 04 12:19:27.121: 40:00:00:00:aa:bb Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 40:00:00:00:aa:bb
*Dot1x_NW_MsgTask_0: Sep 04 12:19:27.121: 40:00:00:00:aa:bb Sending 802.11 EAPOL message to mobile 40:00:00:00:aa:bb WLAN 2, AP WLAN 2

Good AP:

*Dot1x_NW_MsgTask_0: Sep 04 12:20:51.021: 40:00:00:00:aa:bb Successfully computed PTK from PMK!!!
*Dot1x_NW_MsgTask_0: Sep 04 12:20:51.021: 40:00:00:00:aa:bb Received valid MIC in EAPOL Key Message M2!!!!!

*Dot1x_NW_MsgTask_0: Sep 04 12:20:51.021: 40:00:00:00:aa:bb Compare RSN IE in association and EAPOL-M2 frame(rsnie_len :20, and grpMgmtCipherLen:0)
*Dot1x_NW_MsgTask_0: Sep 04 12:20:51.021: 40:00:00:00:aa:bb rsnieCapabilty = c rsnie_len =20
*Dot1x_NW_MsgTask_0: Sep 04 12:20:51.021: 40:00:00:00:aa:bb Dumping RSNIE received in Association request(len = 22):

Looks like client enter wrong PSK, but as I said: same key works on other AP. Android devices works fine without problems. 802.1x works fine on all devices. Problem only with WPA2-PSK ssid. Please help me to tune it. (8.5.140 had the same problem)

Sandeep Choudhary · ‎09-13-2019

are you enabled 802.11r.

Please try to disable 802.11r on the SSID and test again.

Regards

Dont forget to rate helpful posts

View solution in original post

Leo Laohoo · ‎09-13-2019

Is FT turned on?

View solution in original post

Sandeep Choudhary · ‎09-13-2019

are you enabled 802.11r.

Please try to disable 802.11r on the SSID and test again.

Regards

Dont forget to rate helpful posts

Roman-spb · ‎09-13-2019

Thanks guys! After disabling 802.11r all works fine!

joswan@infraspace.co.kr · ‎03-17-2020

Why disable 802.11r when using an iPhone?

Please explain why.

Scott Fella · ‎03-17-2020

Sometimes “features” don’t work as expected. The variables that can have a negative affect when using any features are code on the controller, ap type, device type and the nic and firmware. Now, it might not be an issue to you and in your environment, but when folks start to complain, it’s one of the first things you do after you find out there has been an upgrade network wise of device, disable features.

-Scott
*** Please rate helpful posts ***

EfremEmbaye25038 · ‎05-26-2021

thank you but how to disable 802.11r from GUI or command line .. can you please shed a light on this issue please

Thank you

Leo Laohoo · ‎09-13-2019

Is FT turned on?

JPavonM · ‎05-26-2021

I hope these commands would be useful for you:

##Check FT status on your WLAN profile
grep include "FT " "sh wlan <wlan_id>"
##Change FT status
config wlan security ft disable <wlan_id>

HTH
-Jesus
*** Please Rate Helpful Responses ***

EfremEmbaye25038 · ‎03-27-2022

Thank you it is resolved the issue

Mohamed.Ashraf · ‎09-12-2021

Hello

I think disable 802.11 K,V & r not recommended.

I found another solution,

At iphones , you need to make reset network and watch what will happen.

You will find your phone will stay connect without reconnect after miuntes.

Thank you