10-06-2019 11:28 PM - edited 07-05-2021 11:05 AM
Hi everyone,
I am trying to use 802.11w PMF feature for a 802.1x SSID. When I configure it to "Required", supported clients can connect with AKM: 11w-802.1x and unsupported clients cannot connect at all. This scenario works as expected. But when I do it "optional", even if my clients are capable, they do not use 802.11w. When I debug client, it even says "Marking Mobile as 11w Capable" but it prefers not to use it. When I check client details, AKM is 802.1x only, not 11w.
Relevant part of the output of "debug 11w-pmf events" is:
*apfMsConnTask_7: Oct 07 08:59:06.496: [PA] 74:9e:af:1d:6b:ba RSN Capabilities: 140
*apfMsConnTask_7: Oct 07 08:59:06.496: [PA] 74:9e:af:1d:6b:ba Marking Mobile as 11w Capable
*apfMsConnTask_7: Oct 07 08:59:06.496: [PA] 74:9e:af:1d:6b:ba creating SA query timer
*apfMsConnTask_7: Oct 07 08:59:06.496: [PA] 74:9e:af:1d:6b:ba apfValidateDot11wGroupMgmtCipher:2275, 11w Group Mgmt Cipher Suite 6 validation succeeded for STA
*apfMsConnTask_7: Oct 07 08:59:06.702: [PA] 74:9e:af:1d:6b:ba Found RM action category code
*apfMsConnTask_7: Oct 07 08:59:06.709: [PA] RSNIE in Assoc. Req.: (42)
I am adding client debug and SSID config as attachment. WLC: 8540 w/8.5.135.0 AP:3800 Client: several (debug with iPhone8 iOS 13.1.2)
Do I misunderstand or misconfigure something?
Thank you for your support.
10-07-2019 07:52 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide