cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
269
Views
0
Helpful
8
Replies
Highlighted
Participant

Apple Devices - Not Connecting to Cisco Access Point

I am running Cisco 5520 Wireless Controller.

The AP model is AIR-AP1852I-Q-K9 , The IOS version is 8.8.130.0

There are 2 SSIDs configured

SSID#1 : INTRA_WIFI - For Internal Wireless LAN network : Uses certificate authentication 

SSID#2 : GUESTWIFI - For guest Internet access : Uses username & password authentication : PSK (WAP2/WAP3 personal)

 

There are nearly 50 APs. We rebooted all the APs as part of maintenance. 

After the APs are rebooted,

1. Users using iPhone/ipad are not able to connected to GUESTWIFI   (Users got password incorrect msg)

2. Laptop users are able to connect to GUESTWIFI

3. Laptop Users are able to connect to INTRA_WIFI (iPhone users are not allowed to connected to INTRA_WIFI)


1. Users using iPhone/ipad are not able to connected to GUESTWIFI   (Users got password incorrect msg)

Eventhough the password is correct users are not able to login via iPhone/ipad

We again rebooted all the APs & after that the users are not facing the same issue. The issue got resolved.

 

Is there any reason for this to happen?  Below are some of the logs which I found in the WLC.

 


*Dot1x_NW_MsgTask_4: Jan 15 10:06:25.524: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:756 Client 8a:33:b9:93:e4:9c may be using an incorrect PSK
*Dot1x_NW_MsgTask_1: Jan 15 08:52:59.721: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:756 Client 56:fa:d5:01:e8:19 may be using an incorrect PSK
*Dot1x_NW_MsgTask_1: Jan 15 10:01:00.477: %DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:452 Invalid replay counter from client 98:00:c6:d1:d4:19 - got 00 00 00 00 00 00 00 04, expected 00 00 00 00 00 00 00 00

 

 

8 REPLIES 8
Highlighted
Hall of Fame Community Legend

  1. Do you have any debugs when the authentication fails? 
  2. Have you tried using OPEN authentication (as a test)?
Highlighted
Participant

  1. Do you have any debugs when the authentication fails? 
    Yeah I have taken the debug log, when it fails.
  2. Have you tried using OPEN authentication (as a test)?
    Just want to clarify. You mean, access the GUESTWIFI without authentication. If that is the case, no I have not done it.
Highlighted
Hall of Fame Community Legend


@RS19 wrote:

Yeah I have taken the debug log, when it fails.


Attach the debugs so we can have a look. 


@RS19 wrote:

no I have not done it.


Try it.

Highlighted
Participant

I can not share the full debug logs.

Please find the logs related to the MAC address of the device which had the problem.

*dot1xMsgTask: Jan 15 15:43:28.171: %DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c:1724 Unable to send EAPOL-key msg  - invalid WPA state (2) - client 56:fa:d5:01:e8:19
*Dot1x_NW_MsgTask_1: Jan 15 15:33:11.570: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:756 Client 56:fa:d5:01:e8:19 may be using an incorrect PSK
*Dot1x_NW_MsgTask_1: Jan 15 13:30:37.692: %DOT1X-3-CLIENT_NOT_FOUND: dot1x_msg_task.c:1787 Unable to process 802.1X 1 msg - client 56:fa:d5:01:e8:19 not found
*Dot1x_NW_MsgTask_1: Jan 15 13:30:32.694: %DOT1X-3-CLIENT_NOT_FOUND: dot1x_msg_task.c:1787 Unable to process 802.1X 1 msg - client 56:fa:d5:01:e8:19 not found
*Dot1x_NW_MsgTask_1: Jan 15 08:52:59.721: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:756 Client 56:fa:d5:01:e8:19 may be using an incorrect PSK
Jan 15 07:08:20 kernel: [*01/15/2021 07:08:20.9313] CLSM[56:FA:D5:01:E8:19]: US Auth(b0) seq 1249 IF 33 slot 1 vap 1 len 64 sta
te 8021X
Highlighted
Hall of Fame Community Legend


@RS19 wrote:

I can not share the full debug logs.


Cool.  Please contact Cisco TAC.  

Highlighted

But any insights, what could be the possible reasons for this ?

Laptops are able to connect without any issue, but issues with iPhone/ipad devices

Some thing strange scenario & after reboot of the APs it started to work.

Highlighted
Hall of Fame Community Legend


@RS19 wrote:

But any insights, what could be the possible reasons for this ?


Please contact Cisco TAC. 

Highlighted

 

 - One thing you may consider is upgrading to the current advisory release for the 5520 which is 8.10.130.0 , check if the problem persists afterwards.

 M.

Content for Community-Ad