Showing results for 
Search instead for 
Did you mean: 

Issues connecting Android 10 to Cisco ME

Hi, I had one problem which I found bypass solution, but I would like to share with someone, as I don't want that someone is wasting time as I did troubleshooting the issue.

My case was that I have 15 APs AP1832i set to Cisco ME, so 1 acts as a call it a  "controller", while others are getting the instruction. I have set latest version of firmware for APs -

Now I have Nokia 7.1 running Android 10 December 2019 patch, and what I found out that after upgrading Android to version 10 and patching Cisco AP1832i from 8.5 to 8.10, android phone cannot connect anymore.

After 1 hour of troubleshooting I found a bypass. By enabling WPA3 (along with WPA2), android 10 started to connect again.

My guess is either Google completely ditched support for WPA2 (for some reason), in favor for WPA3 or there is some mismatch between Cisco for ME and Google Android 10. By enabling WPA3, phone can successfully connect to our network.


I hope I helped someone, and saved him/her some time in dealing with tedious troubleshooting


Best regards

Cisco Employee

I’ve tried disabling Aironet IE and Client Exclusion but no luck. The issue still happens.

Posting Cheng's test discussion, "disabling SHA1 an enabling only SHA256 on the SSID do the trick".
Unfortunately that way we are missing legacy devices not supporting WPA2-SHA256.


These are the commands needed:


config wlan security wpa akm psk disable
config wlan security wpa akm pmf psk enable <wlan_id>config wlan security wpa akm psk set-key ascii <psk> <wlan_id>
config wlan security ft disable <wlan_id>  <== must be disabled when removing previous security features if adaptive is selected
!## WPA2-ENTERPRISE SSIDconfig wlan security wpa akm 802.1x disable <wlan_id>
config wlan security wpa akm pmf 802.1x enable <wlan_id>
config wlan security ft disable <wlan_id>  <== must be disabled when removing previous security features if adaptive is selected


So unfortunately I cannot remember exact setup as it was long time ago set. I only remember that I have tried every possible option on the Cisco ME to set and test, without success. Also as it was a production system I had to immediately revert new patch to an old version as it made an impact on out whole laboratory.


Sorry that I could not help you more then that. I have reverted to 8.5 and it is working properly again. Until this new patch is properly tested I won't be installing it again.




Hi Buddy,

I have a exactly same issue with WLC 3504 and AP 3802e, some users have Xiaomi phone (Android 10) can not connect. 

I have 2 work around:

 1. Change Layer 2 Security to None (Open ssid).

 2. Change PSK to PSK-SHA2.

I can not deploy my customer's network with solution 1. 

With solution 2, some old generation laptop can not connect.

Could anyone share better solution with us ?

Unfortunatelly, at this time, there's no beter solution.

I'm working with some Cisco engineers who are talking to Google in order to find out what's happenning there.

As soon as I have some news I will share with you.




Hi @Jesus Pavon ,

Thanks for you quick reply.

As someone mentioned, I am planning to downgrade the OS firmware version 8.10.x down to 8.8 or 8.5 then let see if it can resolved the issue with Android 10.


Sure, I can confirm everything is working properly running AireOS 8.8 and 8.5.

This is something related with Cisco and WPA3 supporting codes.




I can confirm it works on 5520 with AireOS

but not with Cat9k8 16.12.3


Also running fine here with and (tested with a Xiaomi Mi 9T Pro). Pretty sure it's a bug in the 8.10 train.

Hi Buddy,

I just downgraded the WLC 3504 from 8.10.x to 8.8.x and I confirmed that it works normally in my customer.

This bug is on version 8.10.x

Thanks all for your suggestion guys.


There definitively are many open WPA3 bugs:

Some are fixed in, but by far not all. I suggest to open a TAC if you can, so that this issue gets more priority.

Hi community,

I have some good news. The issue is due to a firmware bug in some Qualcomm chipsets, and devices from Nokia/Sony/Xiaomi triggering that bug when processing newly added Cisco IE Att 44 in the beacons.

Qaulcomm is fixing it per device model with new security patches (Mi10 received it with April 2020 security Patch).

And from Cisco side, after many tests and troubleshooting sessions with engineers, there is a workaround to avoid this issue.

They all are covered under CSCvu24770.

These are the tests I've done previously.

Xiaomi Mi8 + Cisco AP3800/4800
PMF (disabled/optional/required)dot11r adaptivedot11r enableddot11r disableddot11r adaptive + overDSdot11r enabled + overDS


*** Please Rate Helpful Responses ***

Hi @Jesus Pavon ,

Cool, thank you so much for your information, it is very useful.


Hi Jesus

Thanks for the update. Based on the bug description, only a downgrade to 8.5 helps, but based on the discussion here, a downgrade to 8.8 should also work, correct?

Hi @patoberli ,

I can confirm that the version 8.8.x works good. My customer is running on this version 8.8.x


Content for Community-Ad