cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6313
Views
5
Helpful
11
Replies

Apple Devices - Not Connecting to Cisco Access Point

RS19
Level 4
Level 4

I am running Cisco 5520 Wireless Controller.

The AP model is AIR-AP1852I-Q-K9 , The IOS version is 8.8.130.0

There are 2 SSIDs configured

SSID#1 : INTRA_WIFI - For Internal Wireless LAN network : Uses certificate authentication 

SSID#2 : GUESTWIFI - For guest Internet access : Uses username & password authentication : PSK (WAP2/WAP3 personal)

 

There are nearly 50 APs. We rebooted all the APs as part of maintenance. 

After the APs are rebooted,

1. Users using iPhone/ipad are not able to connected to GUESTWIFI   (Users got password incorrect msg)

2. Laptop users are able to connect to GUESTWIFI

3. Laptop Users are able to connect to INTRA_WIFI (iPhone users are not allowed to connected to INTRA_WIFI)


1. Users using iPhone/ipad are not able to connected to GUESTWIFI   (Users got password incorrect msg)

Eventhough the password is correct users are not able to login via iPhone/ipad

We again rebooted all the APs & after that the users are not facing the same issue. The issue got resolved.

 

Is there any reason for this to happen?  Below are some of the logs which I found in the WLC.

 


*Dot1x_NW_MsgTask_4: Jan 15 10:06:25.524: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:756 Client 8a:33:b9:93:e4:9c may be using an incorrect PSK
*Dot1x_NW_MsgTask_1: Jan 15 08:52:59.721: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:756 Client 56:fa:d5:01:e8:19 may be using an incorrect PSK
*Dot1x_NW_MsgTask_1: Jan 15 10:01:00.477: %DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:452 Invalid replay counter from client 98:00:c6:d1:d4:19 - got 00 00 00 00 00 00 00 04, expected 00 00 00 00 00 00 00 00

 

 

11 Replies 11

Leo Laohoo
Hall of Fame
Hall of Fame
  1. Do you have any debugs when the authentication fails? 
  2. Have you tried using OPEN authentication (as a test)?

RS19
Level 4
Level 4
  1. Do you have any debugs when the authentication fails? 
    Yeah I have taken the debug log, when it fails.
  2. Have you tried using OPEN authentication (as a test)?
    Just want to clarify. You mean, access the GUESTWIFI without authentication. If that is the case, no I have not done it.


@RS19 wrote:

Yeah I have taken the debug log, when it fails.


Attach the debugs so we can have a look. 


@RS19 wrote:

no I have not done it.


Try it.

RS19
Level 4
Level 4

I can not share the full debug logs.

Please find the logs related to the MAC address of the device which had the problem.

*dot1xMsgTask: Jan 15 15:43:28.171: %DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c:1724 Unable to send EAPOL-key msg  - invalid WPA state (2) - client 56:fa:d5:01:e8:19
*Dot1x_NW_MsgTask_1: Jan 15 15:33:11.570: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:756 Client 56:fa:d5:01:e8:19 may be using an incorrect PSK
*Dot1x_NW_MsgTask_1: Jan 15 13:30:37.692: %DOT1X-3-CLIENT_NOT_FOUND: dot1x_msg_task.c:1787 Unable to process 802.1X 1 msg - client 56:fa:d5:01:e8:19 not found
*Dot1x_NW_MsgTask_1: Jan 15 13:30:32.694: %DOT1X-3-CLIENT_NOT_FOUND: dot1x_msg_task.c:1787 Unable to process 802.1X 1 msg - client 56:fa:d5:01:e8:19 not found
*Dot1x_NW_MsgTask_1: Jan 15 08:52:59.721: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:756 Client 56:fa:d5:01:e8:19 may be using an incorrect PSK
Jan 15 07:08:20 kernel: [*01/15/2021 07:08:20.9313] CLSM[56:FA:D5:01:E8:19]: US Auth(b0) seq 1249 IF 33 slot 1 vap 1 len 64 sta
te 8021X


@RS19 wrote:

I can not share the full debug logs.


Cool.  Please contact Cisco TAC.  

But any insights, what could be the possible reasons for this ?

Laptops are able to connect without any issue, but issues with iPhone/ipad devices

Some thing strange scenario & after reboot of the APs it started to work.


@RS19 wrote:

But any insights, what could be the possible reasons for this ?


Please contact Cisco TAC. 

 

 - One thing you may consider is upgrading to the current advisory release for the 5520 which is 8.10.130.0 , check if the problem persists afterwards.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

KVKSAI
Level 1
Level 1

Hi Mate,

 

Is issue solved? If yes can you provide the solution for this? I have similar issue in my envi and looking on following parameters, in my case few IOS are connecting few are not.

 

let's have a look at the following parameters.

 

Problem statement : IOS devices are not connecting to Guest wifi( PSK, WPA2+ WPA3 SAE)

 

Points to checking:

1. When you run the debug the 4 way hand shake is completing?

2. Do you have WPA2 and WPA3 policies enabled? Under Guestwifi layer 2 security?

3. Users are having issue on both radios 2.4 n 5Ghz?

4. Fast transition is adaptive or enabled?

 

Might want to look at what is compatible right now with Apple device.  This also shows what you need to configure on the wlan for it to work.

WPA3 Deployment Guide - Cisco

-Scott
*** Please rate helpful posts ***

No one knows the status of this issue because the OP does not want to furnish debug information/logs.  

It is better if you can create a new thread so we can do proper debugs and troubleshooting.

Review Cisco Networking for a $25 gift card