Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2452
Views
5
Helpful
2
Replies

unable to connect SSID with WPA2 authentication

Go to solution
Noovi
Level 1
Level 1

‎03-24-2022 12:30 AM

Hi Guys,

i am having few scanner machines which are connected to SSID through WEP authentication.

But now i am moving these machines to new SSID with WPA2 authentication. i have created new SSID with WPA authentcation but machines are getting time out error on new SSID and reconnecting back to old SSID.

 

i have attached logs. Can you please help here to know issue?

Labels:
Preview file
234 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎03-24-2022 04:21 AM

Hi

 It seems to me that you need to disable Fast Transition on the WLAN:

11r AKM support verification failed on WLAN

Your client got associated and Authenticated more then once but it drops apparently due the fast transition enabled.

 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎03-24-2022 12:57 AM

 

 - Below you will find result from your debug file when analyzed with : https://cway.cisco.com/wireless-debug-analyzer/  Show All is checked :

TimeTaskTranslated
Connection attempt #1
Mar 22 10:30:00.031 *apfMsConnTask_5 Client made new Association to AP/BSSID BSSID c4:0a:cb:24:c4:31 AP 1126-1stFloor01-LWAP
Connection attempt #2
Mar 22 10:30:00.031 *apfMsConnTask_5 Client made new Association to AP/BSSID BSSID c4:0a:cb:24:c4:31 AP 1126-1stFloor01-LWAP
Mar 22 10:30:00.033 *apfMsConnTask_5 Client has entered DHCP Required state
Mar 22 10:30:00.033 *apfMsConnTask_5 Client has successfully cleared AP association phase
Mar 22 10:30:00.033 *apfMsConnTask_5 Client is entering PSK Dot1x or WEP authentication phase
Mar 22 10:30:00.033 *apfMsConnTask_5 Client expiration timer code set for 1800 seconds. The reason: Client is scheduled for session timeout deletion (wlan with webauth)
Mar 22 10:30:00.033 *apfMsConnTask_5 WLC/AP is sending an Association Response to the client with status code 0 = Successful association
Mar 22 10:30:03.082 *dtlArpTask Client has entered RUN state
Mar 22 10:30:03.083 *dtlArpTask Received DHCP ACK, assigning IP Address 172.29.139.45
Connection attempt #3
Mar 22 10:30:27.508 *apfMsConnTask_5 Client made new Association to AP/BSSID BSSID c4:0a:cb:24:c4:61 AP 1126-1stFloor01-LWAP
Mar 22 10:30:27.508 *apfMsConnTask_5 Client expiration timer code set for 1 seconds. The reason: Client deleted due to wlan change (fast SSID is disabled)
Mar 22 10:30:28.318 *apfReceiveTask Client session has timed out
Mar 22 10:30:28.318 *apfReceiveTask Client has been deauthenticated
Mar 22 10:30:28.318 *apfReceiveTask Client session has timed out
Connection attempt #4
Mar 22 10:30:41.625 *apfMsConnTask_5 Client made new Association to AP/BSSID BSSID c4:0a:cb:24:c4:31 AP 1126-1stFloor01-LWAP
Mar 22 10:30:41.627 *apfMsConnTask_5 Client has entered DHCP Required state
Mar 22 10:30:41.627 *apfMsConnTask_5 Client has successfully cleared AP association phase
Mar 22 10:30:41.627 *apfMsConnTask_5 Client is entering PSK Dot1x or WEP authentication phase
Mar 22 10:30:41.627 *apfMsConnTask_5 Client expiration timer code set for 1800 seconds. The reason: Client is scheduled for session timeout deletion (wlan with webauth)
Mar 22 10:30:41.628 *apfMsConnTask_5 WLC/AP is sending an Association Response to the client with status code 0 = Successful association
Mar 22 10:30:45.574 *dtlArpTask Client has entered RUN state
Mar 22 10:30:45.575 *dtlArpTask Received DHCP ACK, assigning IP Address 172.29.139.45
Connection attempt #5
Mar 22 10:37:24.632 *apfMsConnTask_5 Client made new Association to AP/BSSID BSSID c4:0a:cb:24:c4:61 AP 1126-1stFloor01-LWAP
Mar 22 10:37:24.633 *apfMsConnTask_5 Client expiration timer code set for 1 seconds. The reason: Client deleted due to wlan change (fast SSID is disabled)
Mar 22 10:37:25.518 *apfReceiveTask Client session has timed out
Mar 22 10:37:25.518 *apfReceiveTask Client has been deauthenticated
Mar 22 10:37:25.518 *apfReceiveTask Client session has timed out
Connection attempt #6
Mar 22 10:37:38.815 *apfMsConnTask_5 Client made new Association to AP/BSSID BSSID c4:0a:cb:24:c4:61 AP 1126-1stFloor01-LWAP
Mar 22 10:37:38.816 *apfMsConnTask_5 WLC recognizes that the client is 802.11r-capable
Mar 22 10:37:38.816 *apfMsConnTask_5 The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Mar 22 10:37:38.816 *apfMsConnTask_5 WLC/AP is sending an Association Response to the client with status code 43 = Invalid AKMP
Mar 22 10:37:38.817 *apfMsConnTask_5 Client expiration timer code set for 3 seconds. The reason: Association processing failure, before reaching max error count for client
Connection attempt #7
Mar 22 10:37:38.846 *apfMsConnTask_1 Client made new Association to AP/BSSID BSSID c4:0a:cb:2c:10:9e AP 1126-1stFloor03-LWAP
Mar 22 10:37:38.848 *apfMsConnTask_1 WLC recognizes that the client is 802.11r-capable
Mar 22 10:37:38.848 *apfMsConnTask_1 The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Mar 22 10:37:38.848 *apfMsConnTask_1 WLC/AP is sending an Association Response to the client with status code 43 = Invalid AKMP
Mar 22 10:37:38.848 *apfMsConnTask_1 Client expiration timer code set for 3 seconds. The reason: Association processing failure, before reaching max error count for client
Connection attempt #8
Mar 22 10:37:41.405 *apfMsConnTask_5 Client made new Association to AP/BSSID BSSID c4:0a:cb:24:c4:61 AP 1126-1stFloor01-LWAP
Mar 22 10:37:41.406 *apfMsConnTask_5 WLC recognizes that the client is 802.11r-capable
Mar 22 10:37:41.406 *apfMsConnTask_5 The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Mar 22 10:37:41.406 *apfMsConnTask_5 WLC/AP is sending an Association Response to the client with status code 43 = Invalid AKMP
Mar 22 10:37:41.407 *apfMsConnTask_5 Client expiration timer code set for 3 seconds. The reason: Association processing failure, before reaching max error count for client
  •  


-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
Flavio Miranda
VIP
VIP

‎03-24-2022 04:21 AM

Hi

 It seems to me that you need to disable Fast Transition on the WLAN:

11r AKM support verification failed on WLAN

Your client got associated and Authenticated more then once but it drops apparently due the fast transition enabled.

 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card