Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1721
Views
0
Helpful
4
Replies

Client will not connected to WPA2-PSK network, but will if open

eric nguyen
Level 1
Level 1

‎02-07-2014 08:42 AM - edited ‎07-05-2021 12:07 AM

I'm dealing with an Oxinet III device which has a Gigabyte GN-WI01GS wireless card in it. The device will seemingly connect to our WPA2-PSK (AES) secured network, but trying to ping the device is not successful. The device's GUI will show that it is connected to the wireless, then it will change to disconnected. The devices work fine on the old Enterasys wireless we had here. This behavior is exhibited by 3602i connected to a 5508 (7.3.101) and also with an 1131AG connected to a 5508 (6.0.202.0).

I keep seeing "Invalid RSN Descriptor code (254) from mobile 6c:f0:49:a8:6f:2f" in the client debugs. I googled and saw a post that suggested that we may be hitting bug CSCsv21872 (https://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn521780.pdf) but I'm not sure if it has been resolved. I would think that it would be fixed by version 7.3.

Attached are the client debugs from the 6.0.202 controller and the 7.3.101 controller. They look pretty much identical. Below is the WLAN config.

I appreciate any help I can get.

(Cisco Controller) >show wlan 7


WLAN Identifier.................................. 7
Profile Name..................................... OXINET
Network Name (SSID).............................. Oxinet
Status........................................... Disabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control

  NAC-State...................................... Disabled
  Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist.................................... Disabled
Session Timeout.................................. Infinity
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ oxinet
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled

--More-- or (q)uit
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ Disabled
   Accounting.................................... Disabled
   Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security

   802.11 Authentication:........................ Open System

--More-- or (q)uit
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Disabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Disabled
         AES Cipher.............................. Enabled
                                                               Auth Key Management
         802.1x.................................. Disabled
         PSK..................................... Enabled
         CCKM.................................... Disabled
         FT(802.11r)............................. Disabled
         FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   H-REAP Local Switching........................ Disabled

--More-- or (q)uit
   H-REAP Learn IP Address....................... Enabled
   Infrastructure MFP protection................. Enabled (Global Infrastructure MFP Disabled)
   Client MFP.................................... Optional
   Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Band Select...................................... Enabled
Load Balancing................................... Enabled

7.3.101.7.3.101.07.3.73"
Labels:
15375408-oxinet_debugs_7.3.101.txt.zip
15375409-oxinet_debugs_6.0.202.txt.zip
0 Helpful
4 Replies 4

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎02-07-2014 08:57 AM

That defect shows as fixed in 6.0.182.0 code, so you shouldn't be seeing it on 6.0.202.0 or 7.3 code

for that device how old are the drivers?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎02-07-2014 08:57 AM

Can you Paste the Output from WLC:

Debug Client

Regards

Sent from Cisco Technical Support iPhone App

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎02-07-2014 08:58 AM

Few things I would just change:

Load Balancing................................... Enabled <---Disable this!!!!

Band Select...................................... Enabled <--- Disable this since you have 802.1b/g only defined in the WLAN

CCX - AironetIe Support.......................... Enabled <---Disable this too for now

Thanks,


Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
0 Helpful

eric nguyen
Level 1
Level 1

‎02-10-2014 08:00 AM

This has been resolved. Turns out the device said it could support WPA2-PSK using AES and TKIP, but it wasn't true in practice. I switched it to WPA-PSK using TKIP and it works fine.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card