02-07-2014 08:42 AM - edited 07-05-2021 12:07 AM
I'm dealing with an Oxinet III device which has a Gigabyte GN-WI01GS wireless card in it. The device will seemingly connect to our WPA2-PSK (AES) secured network, but trying to ping the device is not successful. The device's GUI will show that it is connected to the wireless, then it will change to disconnected. The devices work fine on the old Enterasys wireless we had here. This behavior is exhibited by 3602i connected to a 5508 (7.3.101) and also with an 1131AG connected to a 5508 (6.0.202.0).
I keep seeing "Invalid RSN Descriptor code (254) from mobile 6c:f0:49:a8:6f:2f" in the client debugs. I googled and saw a post that suggested that we may be hitting bug CSCsv21872 (https://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn521780.pdf) but I'm not sure if it has been resolved. I would think that it would be fixed by version 7.3.
Attached are the client debugs from the 6.0.202 controller and the 7.3.101 controller. They look pretty much identical. Below is the WLAN config.
I appreciate any help I can get.
(Cisco Controller) >show wlan 7
WLAN Identifier.................................. 7
Profile Name..................................... OXINET
Network Name (SSID).............................. Oxinet
Status........................................... Disabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist.................................... Disabled
Session Timeout.................................. Infinity
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ oxinet
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
--More-- or (q)uit
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
--More-- or (q)uit
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
--More-- or (q)uit
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Enabled (Global Infrastructure MFP Disabled)
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Band Select...................................... Enabled
Load Balancing................................... Enabled
02-07-2014 08:57 AM
That defect shows as fixed in 6.0.182.0 code, so you shouldn't be seeing it on 6.0.202.0 or 7.3 code
for that device how old are the drivers?
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
02-07-2014 08:57 AM
Can you Paste the Output from WLC:
Debug Client
Regards
Sent from Cisco Technical Support iPhone App
02-07-2014 08:58 AM
Few things I would just change:
Load Balancing................................... Enabled <---Disable this!!!!
Band Select...................................... Enabled <--- Disable this since you have 802.1b/g only defined in the WLAN
CCX - AironetIe Support.......................... Enabled <---Disable this too for now
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
02-10-2014 08:00 AM
This has been resolved. Turns out the device said it could support WPA2-PSK using AES and TKIP, but it wasn't true in practice. I switched it to WPA-PSK using TKIP and it works fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide