Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1221
Views
5
Helpful
9
Replies

Some users cant see open SSID with OWE transition

Go to solution
Boort
Level 1
Level 1

‎04-02-2024 12:56 PM - edited ‎04-02-2024 01:02 PM

Hi there,

I encountered a strange problem today with OWE in transition mode.
Suddenly a handfull of users could not see the OPEN SSID at all. But when they moved to another section of the office they got the OPEN SSID and were able to connect. After that they could move freely in the office space without issues.
Through out the day the SSID could be seen at various spots in the office space.

Some Windows users reported that they had two hidden SSIDs, and if they typed in the SSID name they could connect.

The other users report that it works flawlessly. They can see and connect everywhere so i know that the setup is in working order. Even wierder is that last week we had 300+ clients on the same setup that could connect. Many of these clients were the ones who had issues today with the OPEN ssid.

This is the setup:
Corp-guest = WPA2 OPEN
Corp-guest-transition = WPA3 OWE linked to Corp-guest

After connecting there is a web redirect to Cisco ISE and a hotspot splash page.

WLC 9800-C-F running 17.9.4a
Access points = Mixed bag of 9120 and 9166. Mostly 9166. in total its about 150 APs.

This is in a SDA deployment with fabric enabled wireless. WLC is managed by DNAC running 2.3.5

2,4 Ghz is turned off on RF-TAG level. That leaves 5Ghz on WPA2 OPEN and 5 + 6 Ghz on WPA3 OWE.

Has anyone encountered this issue before?

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Boort
Level 1
Level 1

‎04-04-2024 02:24 AM

Update:
After a quick TAC session it turns out that this is a known issue on 17.9.4a.
It is supposedly fixed in 17.9.5 and 17.12.X but i have yet to verify that.

The issue also has a work around. When/if this starts occuring, just log on to the WLC and disable OWE transition on the OPEN SSID. On the OWE transition ID flip the broadcast radio to ON. Verify that you see both OPEN and OWE transition SSID.
After that log back in to the WLC and revert the changes you made so that OWE is enabled again and the OWE transition SSID is not broadcasted anymore. After that clients should be able see the SSID and connect.

As for exactly why it occurs we are not sure. But it looked like the OWE transition field in the BEACON frame was missing before we did the change. After the change it was broadcasted again.

View solution in original post

9 Replies 9

Go to solution
marce1000
VIP
VIP

‎04-02-2024 11:28 PM

 

   Start with a checkup the controller configuration using the  CLI command show tech wireless and feed the output from  that into : Wireless Config Analyzer

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Boort
Level 1
Level 1
In response to marce1000

‎04-03-2024 11:37 PM

Went through the output and i see nothing that would cause this issue. I checked the AP as well and it has all the configurations from the controller.

0 Helpful

Go to solution
Haydn Andrews
VIP Alumni
VIP Alumni

‎04-03-2024 05:29 PM

Are the wireless drivers updated? 

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
0 Helpful

Go to solution
Boort
Level 1
Level 1
In response to Haydn Andrews

‎04-03-2024 11:40 PM

Since its a guest network i dont have control over all devices. But i got one user to run "netsh wlan show wirelesscapabilities" on their laptop and it states that OWE transition is supported. On that note i will check if i can get one user to run the driver utility update tool.

"OWE Authentication                          : Supported"

0 Helpful

Go to solution
Boort
Level 1
Level 1

‎04-04-2024 02:24 AM

Update:
After a quick TAC session it turns out that this is a known issue on 17.9.4a.
It is supposedly fixed in 17.9.5 and 17.12.X but i have yet to verify that.

The issue also has a work around. When/if this starts occuring, just log on to the WLC and disable OWE transition on the OPEN SSID. On the OWE transition ID flip the broadcast radio to ON. Verify that you see both OPEN and OWE transition SSID.
After that log back in to the WLC and revert the changes you made so that OWE is enabled again and the OWE transition SSID is not broadcasted anymore. After that clients should be able see the SSID and connect.

As for exactly why it occurs we are not sure. But it looked like the OWE transition field in the BEACON frame was missing before we did the change. After the change it was broadcasted again.

Go to solution
JPavonM
VIP
VIP

‎04-08-2024 01:25 AM

@Boort has TAC provided you the bug id?

0 Helpful

Go to solution
Boort
Level 1
Level 1
In response to JPavonM

‎04-08-2024 08:10 AM

Yes, but it is not published yet.

CSCwf95559

Go to solution
Rich R
VIP
VIP
In response to Boort

‎04-21-2024 08:38 AM

Suggest you chase TAC for why it is still not published @Boort .
Sometimes they will quote PSIRT related (seems unlikely in this case) and we've also had them quote "hardware vendor proprietary" (eg when bug is in 3rd party chipset they use).  More often it's just because the bug has not been reviewed by everyone it should be before publishing and they just need a kick to get them moving.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Go to solution
Boort
Level 1
Level 1
In response to Rich R

‎05-21-2024 03:55 AM

Hi, just wanted to give you a heads up. The bug ID is now customer visible.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card