10-08-2021 12:16 PM
Hi,
I have created a test setup in a verification lab.
Cisco 2504 Controller (v. 8.3.143.0)
The configuration to enable 802.11r seems straight forward.
Problem:
The device I want to test (supports 802.11 k/v/r) connects just fine when I use FT 802.1x in the auth. management.
When I switch the configuration to use FT PSK, the device can no longer connect.
If I disable FT, or set it to adaptive, or add non-FT PSK as an authentication method, the device can connect again.
Checking the clients on the Controller, I can see that on FT 802.11x that is used.
When PSK and FT PSK are enabled and I check, I can see the device did not use FT PSK.
What can explain this behavior? I have checked with other devices (different WiFi chipsets). Some exhibit the same behavior, others connect fine on FT PSK.
Any pointers are greatly appre
Solved! Go to Solution.
10-09-2021 02:03 PM
My suggestion is to upgrade your 2504 to the latest 8.5.182.0 as long as your AP model support that code version. Refer to table 7 of below compatibility matrix
https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
If a device supports FT+802.1X we can assume it should support FT+PSK as well. However, there are chances that may not be the case as well. Taking packet capture is the way to validate what's going on and in which step the client is failing
HTH
Rasika
*** Pls rate all useful responses ***
10-08-2021 11:32 PM
- Make sure device (wireless) drivers are up to date and or try with latest (advisory) release for the controller.
M.
10-09-2021 12:29 PM
PSK when 802.11r(FT)set to adaptive you will use PSK as default and Clients capable of using FT will use it. When it is set to enabled, clients do not support 802.11r(FT) wlll not be able to connect.
Although 802.11r(FT) reduces the time needed to authenticate to a PSK SSID, the advantage you will have will not be very useful. But if you are using 802.1x, then you will see greater results. But you must know not all the wireless clients supports this technology yet.
10-09-2021 02:03 PM
My suggestion is to upgrade your 2504 to the latest 8.5.182.0 as long as your AP model support that code version. Refer to table 7 of below compatibility matrix
https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
If a device supports FT+802.1X we can assume it should support FT+PSK as well. However, there are chances that may not be the case as well. Taking packet capture is the way to validate what's going on and in which step the client is failing
HTH
Rasika
*** Pls rate all useful responses ***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide