Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
824
Views
10
Helpful
3
Replies

802.11r - Connection with FT 801.1x OK, FT PSK not working

Go to solution
Hustinette
Level 1
Level 1

‎10-08-2021 12:16 PM

Hi,

I have created a test setup in a verification lab.

Cisco 2504 Controller (v. 8.3.143.0)

 

The configuration to enable 802.11r seems straight forward. 
Problem:
The device I want to test (supports 802.11 k/v/r) connects just fine when I use FT 802.1x in the auth. management.
When I switch the configuration to use FT PSK, the device can no longer connect. 
If I disable FT, or set it to adaptive, or add non-FT PSK as an authentication method, the device can connect again.

 

Checking the clients on the Controller, I can see that on FT 802.11x that is used.
When PSK and FT PSK are enabled and I check, I can see the device did not use FT PSK.

 

What can explain this behavior? I have checked with other devices (different WiFi chipsets). Some exhibit the same behavior, others connect fine on FT PSK.
Any pointers are greatly appre

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rasika Nayanajith
VIP
VIP

‎10-09-2021 02:03 PM

My suggestion is to upgrade your 2504 to the latest 8.5.182.0 as long as your AP model support that code version. Refer to table 7 of below compatibility matrix

https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html 

 

If a device supports FT+802.1X we can assume it should support FT+PSK as well. However, there are chances that may not be the case as well. Taking packet capture is the way to validate what's going on and in which step the client is failing

 

HTH

Rasika

*** Pls rate all useful responses ***

View solution in original post

3 Replies 3

Go to solution
marce1000
VIP
VIP

‎10-08-2021 11:32 PM

 

 - Make sure device (wireless) drivers are up to date and or try with latest (advisory) release for the controller.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni

‎10-09-2021 12:29 PM

PSK when 802.11r(FT)set to adaptive you will use PSK as default and Clients capable of using FT will use it. When it is set to enabled, clients do not support 802.11r(FT) wlll not be able to connect.

 

Although 802.11r(FT) reduces the time needed to authenticate to a PSK SSID, the advantage you will have will not be very useful. But if you are using 802.1x, then you will see greater results. But you must know not all the wireless clients supports this technology yet.

 
___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Go to solution
Rasika Nayanajith
VIP
VIP

‎10-09-2021 02:03 PM

My suggestion is to upgrade your 2504 to the latest 8.5.182.0 as long as your AP model support that code version. Refer to table 7 of below compatibility matrix

https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html 

 

If a device supports FT+802.1X we can assume it should support FT+PSK as well. However, there are chances that may not be the case as well. Taking packet capture is the way to validate what's going on and in which step the client is failing

 

HTH

Rasika

*** Pls rate all useful responses ***

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card