ipad2 can't join cisco wi-fi using wpa2 aes - Page 2

18091988n · ‎04-13-2012

Hello! Is this a problem from Apple or Cisco side?

we have a cisco WLC 5508 on which few SSIDs are configured, and two kinds of APs: AIR-LAP1142N-E-K9 and converted AIR-AP1141N-E-K9.

When in WLAN settings we leave WPA2 policy and AES encryption, iPads2 can connect without any problems to AIR-LAP1142N-E-K9, but there is no connection to converted AIR-AP1141N-E-K9. MacBooks, iPhones are connecting without questions.

When we set WPA2+TKIP everything is cool, but other Apple devices can't rich 802.11n speeds((

P.S. With only WPA2+AES or both WPA2+AES+TKIP enabled on a WLAN the WLC gets such messages :

Decrypt errors occurred for client xx:xx:xx:xx:xx:xx using WPA2 key on 802.11b/g interface of AP xx:xx:xx:xx:xx:xx

But I know that it can happen when you offer funny encryption combinations that client doesn't like (wpa1+aes, wpa2+tkip). But the advise to try to only enable wpa2/aes for some reason doesn't work(.

What can cause it?...

Will be very appreciated for any advise!

Scott Fella · ‎08-31-2012

That is interesting.... In my installs I have always also tested using my iPhone and iPad. I run wpa2-enterprise at home also with short preamble and a dtim of 2 with no issues at all. This is also how I have the wlc set stall my customers. I don't know about setting the dtim at 6, Ciscos recommendation is 2 unless your using 792x phones, then it should be set to 1. Thoses are for scanners and usually to help with battery life.

Sent from Cisco Technical Support iPad App

-Scott
*** Please rate helpful posts ***

johnnylingo · ‎06-28-2013

Enabling "Fast SSID Change" did the trick for me. Apparently this setting is disabled by default for FIPS compliance, but for whatever reason, Apple devices need it enabled to join multiple SSIDs on the same controller.

https://supportforums.cisco.com/docs/DOC-21729

Scott Fella · ‎06-28-2013

If you are trying to connect to multiple SSID's on a device, fast SSID change is required for any devices. The WLC will keep the e siting info and will take like 30-60 seconds before allowing the association to the new WLAN. Typically a device only requires on WLAN profile and this why this feature is disabled by default.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

johnnylingo · ‎06-28-2013

I don't think this is true. With "Fast SSID change" disabled, I can easily switch back and forth between SSIDs on a Windows 7 PC. On my iPhone, I have to temporarily turn off Wi-Fi when switching.

My assumption is the Windows 7 laptop disassociates from the old SSID before joining the new one, while the iPhone tries to "hop"?

George Stefanick · ‎06-29-2013

I've seen it both ways myself.

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Scott Fella · ‎06-29-2013

Well then, thats a bug:) The purpose of fast ssid change, is exactly what the name says. If you look it up, the WLC will keep the client info and the client will not be able to change to a new ssid until removed. So I guess you just have to see what code version you are using.

Q. What is Fast SSID Changing?

A. Fast SSID Changing allows clients to move between SSIDs. When the client sends a new association for a different SSID, the client entry in the controller connection table is cleared before the client is added to the new SSID. When Fast SSID Changing is disabled, the controller enforces a delay before clients are allowed to move to a new SSID. For information on how to enable Fast SSID Changing, refer to the Configuring Fast SSID Changing section of the Cisco Wireless LAN Controller Configuration Guide, Release 7.0.116.0.

Sent from Cisco Technical Support iPad App

-Scott
*** Please rate helpful posts ***