Some Galaxy Devices Cannot Connect to Cisco C9105AXI-K Wi-Fi SSID

edusccc333 · ‎01-20-2025

I am experiencing an issue where certain Samsung Galaxy devices are unable to connect to a Wi-Fi SSID broadcasted by a Cisco C9105AXI-K access point. These devices keep showing the error message, "Unable to connect." However, when I remove the password and set the SSID to open (no security), they can connect without any problem.

The access point is configured with WPA2-PSK (AES) security, and other devices (including non-Apple devices) can connect without any issues. However, certain Galaxy devices and laptops cannot connect. I've tried the following:

Restarting the access point and affected devices.
Forgetting and reconnecting the network on the affected devices.
I have also tried all types of WPA (WPA, WPA2, and WPA3), but the issue persists.

What could be causing this issue, and what steps can I take to resolve it? Are there specific settings on the access point or Galaxy devices that might be incompatible?

Thank you for your help

WLAN Profile Name : EDUSHERPA-Teacher
================================================
Identifier : 2
Description :
Network Name (SSID) : ********
Status : Enabled
Broadcast SSID : Enabled
Advertise-Apname : Disabled
Universal AP Admin : Disabled
Max Associated Clients per WLAN : 0
Max Associated Clients per AP per WLAN : 0
Max Associated Clients per AP Radio per WLAN : 200
OKC : Enabled
Number of Active Clients : 2
CHD per WLAN : Enabled
WMM : Allowed
WiFi Direct Policy : Disabled
Channel Scan Defer Priority:
Priority (default) : 5
Priority (default) : 6
Scan Defer Time (msecs) : 100
Media Stream Multicast-direct : Disabled
CCX - AironetIe Support : Disabled
Peer-to-Peer Blocking Action : Disabled
Configured Radio Bands : All
Operational State of Radio Bands
2.4ghz : UP
5ghz : UP
6ghz : DOWN (Required config: Disable WPA2 and Enable WPA3 & dot11ax)
DTIM period for 802.11a radio : 1
DTIM period for 802.11b radio : 1
Local EAP Authentication : Disabled
Mac Filter Authorization list name : Disabled
Mac Filter Override Authorization list name : Disabled
Accounting list name :
802.1x authentication list name : Disabled
802.1x authorization list name : Disabled
Security
802.11 Authentication : Open System
Static WEP Keys : Disabled
Wi-Fi Protected Access (WPA/WPA2/WPA3) : Enabled
WPA (SSN IE) : Enabled
TKIP Cipher : Disabled
AES Cipher : Enabled
WPA2 (RSN IE) : Enabled
MPSK : Disabled
EasyPSK : Disabled
AES Cipher : Enabled
CCMP256 Cipher : Disabled
GCMP128 Cipher : Disabled
GCMP256 Cipher : Disabled
Randomized GTK : Disabled
WPA3 (WPA3 IE) : Disabled
Auth Key Management
802.1x : Disabled
PSK : Enabled
CCKM : Disabled
FT dot1x : Disabled
FT PSK : Disabled
FT SAE : Disabled
Dot1x-SHA256 : Disabled
PSK-SHA256 : Disabled
SAE : Disabled
OWE : Disabled
SUITEB-1X : Disabled
SUITEB192-1X : Disabled
SAE PWE Method : Hash to Element, Hunting and Pecking(H2E-HNP)
Transition Disable : Disabled
CCKM TSF Tolerance (msecs) : 1000
OWE Transition Mode : Disabled
OSEN : Disabled
FT Support : Disabled
FT Reassociation Timeout (secs) : 20
FT Over-The-DS mode : Disabled
PMF Support : Optional
PMF Association Comeback Timeout (secs): 1
PMF SA Query Time (msecs) : 200
Web Based Authentication : Disabled
Conditional Web Redirect : Disabled
Splash-Page Web Redirect : Disabled
Webauth On-mac-filter Failure : Disabled
Webauth Authentication List Name : default
Webauth Authorization List Name : Disabled
Webauth Parameter Map : WebAuth
Band Select : Disabled
Load Balancing : Disabled
Multicast Buffer : Disabled
Multicast Buffers (frames) : 0
IP Source Guard : Disabled
Assisted-Roaming
Neighbor List : Enabled
Prediction List : Disabled
Dual Band Support : Disabled
IEEE 802.11v parameters
Directed Multicast Service : Disabled
BSS Max Idle : Disabled
Protected Mode : Disabled
Traffic Filtering Service : Disabled
BSS Transition : Disabled
Disassociation Imminent : Disabled
Optimised Roaming Timer (TBTTS) : 40
Timer (TBTTS) : 200
Dual Neighbor List : Disabled
WNM Sleep Mode : Disabled
802.11ac MU-MIMO : Enabled
802.11ax parameters
802.11ax Operation Status : Enabled
OFDMA Downlink : Enabled
OFDMA Uplink : Enabled
MU-MIMO Downlink : Enabled
MU-MIMO Uplink : Enabled
BSS Target Wake Up Time : Disabled
BSS Target Wake Up Time Broadcast Support : Disabled
802.11 protocols in 2.4ghz band
Protocol : dot11bg
Advanced Scheduling Requests Handling : Enabled
mDNS Gateway Status : Bridge
WIFI Alliance Agile Multiband : Disabled
Device Analytics
Advertise Support : Enabled
Advertise Support for PC analytics : Enabled
Share Data with Client : Disabled
Client Scan Report (11k Beacon Radio Measurement)
Request on Association : Disabled
Request on Roam : Disabled
WiFi to Cellular Steering : Disabled
Advanced Scheduling Requests Handling : Enabled
6Ghz Client Steering : Disabled
Locally Administered Address Configuration
Deny LAA clients : Disabled
Latency Measurements Announcements : Disabled

Flavio Miranda · ‎01-20-2025

@edusccc333

Why to you think the problem is on the AP and not on the Samsung device?

edusccc333 · ‎01-20-2025

In other APs or routers, the Samsung device works perfectly fine. I suspect that the issue arises from a specific setting or feature on the current AP, Thank you for asking

edusccc333 · ‎01-20-2025

In other APs or routers, the Samsung device works perfectly fine. I suspect that the issue arises from a specific setting or feature on the current AP.

Flavio Miranda · ‎01-20-2025

Can you debug while testing and share the logs?

MHM Cisco World · ‎01-20-2025

Can I see l2 secuirty of wlan

MHM

edusccc333 · ‎01-20-2025

"The Layer 2 security settings for the SSID WLAN are as follows:

SSID Name:
Security:
- WPA PSK: edu1234@aa
- WPA Version: WPA1
- Encryption: AES
- PMF: Optional

Let me know if you need more details about other WLANs or additional configurations.

MHM Cisco World · ‎01-21-2025

Ok two points

1- make sure you disable 802.1x mgmt key

2- use password without ""@""

MHM

jagan.chowdam · ‎01-21-2025

You mean WPA2 with AES?

Have you tried using a simple PSK string without a mix of uppercase/lowercase letters or special characters like @? Double-check to ensure the password is entered correctly.

A Client radio trace can provide insights into the reasons for client failures.

Jagan Chowdam

/**Pls rate useful responses**/

marce1000 · ‎01-20-2025

- Is the access point steered by a controller , or EWC configured ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

edusccc333 · ‎01-20-2025

The access point is managed by a controller and is also embedded with a controller. I hope this answers your question. Thank you for your help!

marce1000 · ‎01-21-2025

- @edusccc333 wrote : >....The access point is managed by a controller and is also embedded with a controller. I hope this answers your question. Thank you for your help!
You should debug the client(s) according to https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity
Client debugs can be analyzed with Wireless Debug Analyzer
Also look into https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/217738-monitor-catalyst-9800-kpis-key-performa.html#toc-hId-866973845

Appendix : Always - Have a checkup of the controller configuration with the CLI command show tech wireless and feed the output into : https://cway.cisco.com/wireless-config-analyzer/
(Use the command denoted in green , do not use a simple show tech)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

jagan.chowdam · ‎01-20-2025

What version of EWC are you currently running? Cisco recommends using either version 17.9.6 or 17.12.4. If you are on a version other than these suggested releases, make sure that you upgrade your EWC accordingly.

Use Radio Active Trace, collect the client trace, and utilize the "Cisco Debug Analyzer" to analyze the data. Alternatively, you can share the output here for review.

https://cway.cisco.com/wireless-debug-analyzer/

Jagan Chowdam

/**Pls rate useful responses**/

eglinsky2012 · ‎01-20-2025

Are these devices able to connect to a different model of AP that’s broadcasting the same WLAN? Were they ever able to connect, or did something change between when they were and now?

edusccc333 · ‎01-20-2025

Previously, we used an ASUS router, and this is our first time deploying an access point (AP). We are using a single SSID on a single AP. When we remove the password and make the SSID open, the devices are able to connect without any issues.