Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
2
Helpful
6
Replies

3702 PSK but seeing EAP auth logs

0xv4x
Level 1
Level 1

‎09-09-2024 06:50 PM

Hi,

We have Autonomous WGB 3702 connecting to 1572 managed by 5520 WLC.
We use PSK for authentication between WGB -> AP, but ive noticed some EAP authentication timeouts occurring on roaming when debugging.

002101: Sep 10 09:23:20.483 AWST: %DOT11-4-UPLINK_DOWN: Interface Dot11Radio0, parent lost: Signal strength too low
002102: Sep 10 09:23:20.483 AWST: 64B5CC48-0 Uplink: Lost AP, Signal strength too low
002103: Sep 10 09:23:20.483 AWST: 64B5CCA8-0 Uplink: Setting No. of retries in channel scan to 2
002104: Sep 10 09:23:20.483 AWST: 64B5CCAD-0 Uplink: Wait for driver to stop
002105: Sep 10 09:23:20.483 AWST: 64B5CEC9-0 Uplink: Enabling active scan
002106: Sep 10 09:23:20.483 AWST: 64B5CF27-0 Uplink: Scanning
002107: Sep 10 09:23:20.483 AWST: 64B5D79E-0 Uplink: Rcvd response from 549f.c68b.4720 channel 1 1963
002108: Sep 10 09:23:20.511 AWST: 64B61A56-0 Uplink: An AP responded, try to assoc to the best one
AU-ERD-DT5199-WGB01#
002109: Sep 10 09:23:20.519 AWST: 64B65A9D-0 Uplink: dot11_uplink_scan_done() : ssid = XXXXXXXXX .
002110: Sep 10 09:23:20.519 AWST: 64B65AAF-0 Uplink: dot11_uplink_scan_done: rsnie_accept returns 0x0 key_mgmt 0xFAC02 encrypt_type XXXXXXXXX
002111: Sep 10 09:23:20.519 AWST: 64B65AB6-0 Uplink: ssid XXXXXXXXX auth open
002112: Sep 10 09:23:20.519 AWST: 64B65ABB-0 Uplink: try 549f.c68b.4720, enc 200 key 4, priv 1, eap 0
002113: Sep 10 09:23:20.519 AWST: 64B65AC1-0 Uplink: Authenticating
002114: Sep 10 09:23:20.519 AWST: 64B65CFE-0 Uplink: Associating
002115: Sep 10 09:23:20.539 AWST: 64B6ADE1-0 Uplink: EAP authenticating
002116: Sep 10 09:23:22.539 AWST: 64D52B98-0 Uplink: Lost AP, EAP authentication timeout
002117: Sep 10 09:23:22.539 AWST: 64D52BAC-0 Uplink: Reject for 0 seconds

I thought PSK did not use EAP at all? Why would this be presenting in logs. Quite a sensitive application being bridged also.
The 'workgroup-bridge timeouts eap-timeout 2' is set, which explains the timeout but not the reason for EAP being used in the first place.

Labels:
6 Replies 6

marce1000
VIP
VIP

‎09-09-2024 10:47 PM

 

     - As per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
       make sure to use 8.10.196.0 on the 5520 , especially if it is currently using an older version , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

0xv4x
Level 1
Level 1
In response to marce1000

‎09-09-2024 10:52 PM

I cannot see anything in the bulletin you attached relating to autonomous WGB client authentication.

marce1000
VIP
VIP
In response to 0xv4x

‎09-09-2024 11:05 PM

 

  - Still that is advised , especially if the current release is older ; not every fix gets documented. The 5520 and all aireos controllers are being phased out in favor of the 9800 series. Because of diminishing support they must use the last release made available , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

0xv4x
Level 1
Level 1
In response to marce1000

‎09-10-2024 04:21 AM

Sure, agreed. But in our current situation we cannot upgrade due to another bug with multicast, and 9800 controllers are a while away. The question is still valid in that there should not be EAP logs when using PSK for L2 security on a wlan, but i might be missing something..

0 Helpful

marce1000
VIP
VIP
In response to 0xv4x

‎09-10-2024 04:47 AM

 

               >.... But in our current situation we cannot upgrade due to another bug with multicast..
    - Ok , if this would be a bug and fixed in the last release then together with the multicast-bug you would end up being in a showstopper ; option(s) are testing this release anyway for a limited time period = if that would be feasible to do in the
                       current business environment.

    + You can also always have an overall checkup of the 5520 controller's configuration using :
       WirelessAnalyzer input (procedure) for AireOs controllers
       and feed the output from that into Wireless Config Analyzer

   M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

0xv4x
Level 1
Level 1
In response to marce1000

‎09-10-2024 05:03 AM - edited ‎09-10-2024 05:03 AM

If on upgrade to 8.10.196.0 it causes multicast to still not function as it previously was, then a rollback would be immediate.

We have another site on this 8.10.196.0 firmware and the EAP logs are present in the uplink trace debugs also.

This site also uses PSK.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card