09-09-2024 06:50 PM
Hi,
We have Autonomous WGB 3702 connecting to 1572 managed by 5520 WLC.
We use PSK for authentication between WGB -> AP, but ive noticed some EAP authentication timeouts occurring on roaming when debugging.
002101: Sep 10 09:23:20.483 AWST: %DOT11-4-UPLINK_DOWN: Interface Dot11Radio0, parent lost: Signal strength too low
002102: Sep 10 09:23:20.483 AWST: 64B5CC48-0 Uplink: Lost AP, Signal strength too low
002103: Sep 10 09:23:20.483 AWST: 64B5CCA8-0 Uplink: Setting No. of retries in channel scan to 2
002104: Sep 10 09:23:20.483 AWST: 64B5CCAD-0 Uplink: Wait for driver to stop
002105: Sep 10 09:23:20.483 AWST: 64B5CEC9-0 Uplink: Enabling active scan
002106: Sep 10 09:23:20.483 AWST: 64B5CF27-0 Uplink: Scanning
002107: Sep 10 09:23:20.483 AWST: 64B5D79E-0 Uplink: Rcvd response from 549f.c68b.4720 channel 1 1963
002108: Sep 10 09:23:20.511 AWST: 64B61A56-0 Uplink: An AP responded, try to assoc to the best one
AU-ERD-DT5199-WGB01#
002109: Sep 10 09:23:20.519 AWST: 64B65A9D-0 Uplink: dot11_uplink_scan_done() : ssid = XXXXXXXXX .
002110: Sep 10 09:23:20.519 AWST: 64B65AAF-0 Uplink: dot11_uplink_scan_done: rsnie_accept returns 0x0 key_mgmt 0xFAC02 encrypt_type XXXXXXXXX
002111: Sep 10 09:23:20.519 AWST: 64B65AB6-0 Uplink: ssid XXXXXXXXX auth open
002112: Sep 10 09:23:20.519 AWST: 64B65ABB-0 Uplink: try 549f.c68b.4720, enc 200 key 4, priv 1, eap 0
002113: Sep 10 09:23:20.519 AWST: 64B65AC1-0 Uplink: Authenticating
002114: Sep 10 09:23:20.519 AWST: 64B65CFE-0 Uplink: Associating
002115: Sep 10 09:23:20.539 AWST: 64B6ADE1-0 Uplink: EAP authenticating
002116: Sep 10 09:23:22.539 AWST: 64D52B98-0 Uplink: Lost AP, EAP authentication timeout
002117: Sep 10 09:23:22.539 AWST: 64D52BAC-0 Uplink: Reject for 0 seconds
I thought PSK did not use EAP at all? Why would this be presenting in logs. Quite a sensitive application being bridged also.
The 'workgroup-bridge timeouts eap-timeout 2' is set, which explains the timeout but not the reason for EAP being used in the first place.
09-09-2024 10:47 PM
- As per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
make sure to use 8.10.196.0 on the 5520 , especially if it is currently using an older version ,
M.
09-09-2024 10:52 PM
I cannot see anything in the bulletin you attached relating to autonomous WGB client authentication.
09-09-2024 11:05 PM
- Still that is advised , especially if the current release is older ; not every fix gets documented. The 5520 and all aireos controllers are being phased out in favor of the 9800 series. Because of diminishing support they must use the last release made available ,
M.
09-10-2024 04:21 AM
Sure, agreed. But in our current situation we cannot upgrade due to another bug with multicast, and 9800 controllers are a while away. The question is still valid in that there should not be EAP logs when using PSK for L2 security on a wlan, but i might be missing something..
09-10-2024 04:47 AM
>.... But in our current situation we cannot upgrade due to another bug with multicast..
- Ok , if this would be a bug and fixed in the last release then together with the multicast-bug you would end up being in a showstopper ; option(s) are testing this release anyway for a limited time period = if that would be feasible to do in the
current business environment.
+ You can also always have an overall checkup of the 5520 controller's configuration using :
WirelessAnalyzer input (procedure) for AireOs controllers
and feed the output from that into Wireless Config Analyzer
M.
09-10-2024 05:03 AM - edited 09-10-2024 05:03 AM
If on upgrade to 8.10.196.0 it causes multicast to still not function as it previously was, then a rollback would be immediate.
We have another site on this 8.10.196.0 firmware and the EAP logs are present in the uplink trace debugs also.
This site also uses PSK.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide