Solved: Re: Cisco 9100 AP/9800 (EWC) + WPA3 + iPhone magic config cocktail ?

BrandonApplegate14592 · ‎09-23-2020

Hello,

I'm struggling to get this working. My setup for this test:

9115AX AP - 17.3.1.9
EWC - 17.03.01.0.351
iPhone X - iOS 14

It seems like when I do mixed WPA2/3 is when I run into issues. The phone attempts to associate and finally gives up saying "unable to join this network". Seems to maybe have something to do with FT config as well. Of course FT is tied into WPA3/SAE so the options are limited there. When I kick back to to WPA2 config, the phone joins with no issues. Also - when I have WPA2/3 configured other devices seem to be able to join just fine (Nintendo WiiU, Raspberry PIs, etc.).

At one point I had an 1832 AP running ME, and my phone was still on iOS 13.x. I was able to configure a WLAN as WPA2/3 and join my phone at that point (I had other issues with the 1832s though, another story...).

Anyone have this working or know what I might be missing ?

Thanks.

BrandonApplegate14592 · ‎09-23-2020

Downgrading to the latest available 17.2 release fixed this. Hopefully the fix will come back into 17.3 soon. So disappointing these regressions like this...

View solution in original post

Rasika Nayanajith · ‎09-23-2020

Disable FT and see if that helps. By default, Cisco leave it to Adaptive 802.11r

HTH

Rasika

*** Pls rate all useful responses ***

BrandonApplegate14592 · ‎09-23-2020

I have FT disabled, still won't join. I'm using the WEBUI to configure, but here is the relevant config section for this WLAN:

wlan TEST123 3 TEST123
 no security ft adaptive
 security wpa psk set-key ascii 8 REMOVED
 no security wpa akm dot1x
 security wpa akm psk
 security wpa akm sae
 security wpa wpa3
 security pmf optional
 no shutdown

Scott Fella · ‎09-23-2020

Disable wpa3 and use wpa2.

-Scott
*** Please rate helpful posts ***

BrandonApplegate14592 · ‎09-23-2020

I just found this below. Bug is referencing the 1850 APs, but this sure does sound like what I'm hitting.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv35000

WPA3 SAE does not work at all on Embedded controller on AP (EWC) in 17.3

CSCvv35000

Description

Symptom:
in 17.2, apple devices (iphone / macbook) can connect fine to a WPA3 SAE simple SSID
After upgarde to 17.3.1 they cannot connect.

And it was last updated...today !#$%&

BrandonApplegate14592 · ‎09-23-2020

Downgrading to the latest available 17.2 release fixed this. Hopefully the fix will come back into 17.3 soon. So disappointing these regressions like this...

Leo Laohoo · ‎09-23-2020

Announcing Cisco Wireless 8.10MR4 First Interim - 8.10.139.43

BrandonApplegate14592 · ‎09-23-2020

This won't help on the 9100 series though as they run IOSXE - not AireOS

Leo Laohoo · ‎09-23-2020

CSCvv35000 will be fixed with 8.10MR4 release (in the next few weeks, based on the link I've provided).

Additionally, this bug will also be fixed when 17.3.2 comes out (ask Cisco TAC about the release date).
NOTE: I suspect the release date for 17.3.2 will be in the same time as 8.10MR4.

Scott Fella · ‎09-23-2020

Always test... things break so it up to folks to do their testing before they decide to go with a specific code. It won’t be the last that things break.

-Scott
*** Please rate helpful posts ***