Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1125
Views
20
Helpful
6
Replies

Problem connecting a device to iPSK network

CiaranB
Level 1
Level 1

‎12-10-2019 07:49 AM - edited ‎07-05-2021 11:25 AM

Hi All,

 

I'm testing a new iPSK based IoT wlan on a WLC8540 (8.5.140.0) and using an ACS 5.8 radius server for authentication.

The wlan works successfully with a laptop and Android phone but does not work with a particular air sensor we have.

The air sensor works fine with a regular PSK wlan but fails to associate to the AP using the iPSK configuration.

 

Below are some screen shots from the WLC troubleshooting tools and I've also attached some debug client info.

 

Anyone any suggestions on what i could be doing wrong?

Any help would be much appreciated.

 

thanks,

Ciarán

 

iPSK Awair1.PNGiPSK Awair2.PNG

 

 

 

Preview file
142 KB
0 Helpful
6 Replies 6

Scott Fella
Hall of Fame
Hall of Fame

‎12-10-2019 07:39 PM

That’s pretty tough since you identified that only one type of devices fail. Have you looked at the radius logs to see what it shows?
-Scott
*** Please rate helpful posts ***

CiaranB
Level 1
Level 1
In response to Scott Fella

‎12-11-2019 01:44 AM

Hi and thanks for for getting back to me.

 

No radius logs at all for the device in question. No record of it failing the initial MAC authentication. It appears to be failing to get to the 'Associated' client stated.

When I look at the client on the WLC, the username is blank. Could it be something like, it's not sending it's MAC address as a client username for MAC authentication (Sorry my understanding of every step of the process is a little weak).

 

thanks again.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to CiaranB

‎12-11-2019 04:08 AM

>From my experience, it seems like how the device is trying to associate is the problem and not your wireless. Can the issue be with special characters you have defined in the psk?
-Scott
*** Please rate helpful posts ***

patoberli
VIP Alumni
VIP Alumni
In response to CiaranB

‎12-11-2019 05:47 AM

Just to confirm, if you connect to the same SSID with the same iPSK with your Android device, the connection is successful?
You did add the correct MAC address of the sensor to your Radius server? Your Radius server must log something, otherwise the SSID/Radius configuration is wrong.
Link to deployment guide (skip the network policies part, that's optional):
https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-5/b_Identity_PSK_Feature_Deployment_Guide.html

CiaranB
Level 1
Level 1
In response to patoberli

‎12-11-2019 06:33 AM

I think I have it working now. I removed and re-added the MAC address from the access policy on the ACS and it worked.

I confirmed before removing it that it was configured identically to the other entries in the authroisation rule of the access policy. But when I re-added it, it just started to work, I can't explain why but it's something i should have tried sooner!

 

thanks for all your help.

Ciarán

 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to CiaranB

‎12-11-2019 08:08 AM

That’s great that you got it to work. Funny thing is when I have issue with anything on radius/Tacacs i usually delete the object the re add it. I don’t even bother to make changes to the object.
-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card