02-01-2006 11:43 AM - edited 07-04-2021 11:34 AM
I'm not able to get a Wi-Fi card to connect to a cisco AP1200 when everything is setup for WPA-PSK/TKIP. The Treo 700 sets on "connecting" and the AP generates an auth_failed error.
I know PSK is right on the AP and treo. This is not a new wireless deployment. Has anyone seen this problem?
Thanks, Bill, CCIE/MCSE
Authentication method:
WPA-PSK: The 64-character pre-shared key is entered.
Data Encryption method:
TKIP is turned on.
The Treo SSID shows "Connecting".....
The AT state shows "Association processing"
The AP generates a "Debugging Station xxxx.xxxx.xxxx Authentication failed" about every 5 seconds.
(where xxxx.xxxx.xxxx is the real MAC)
debug aaa authentication
000944: Feb 1 10:28:25.947 UTC: %DOT11-7-AUTH_FAILED: Station xxxx.xxxx.xxxx Authentication failed
000945: Feb 1 10:28:27.880 UTC: AAA/BIND(000004F0): Bind i/f
000946: Feb 1 10:28:29.612 UTC: AAA/BIND(000004F1): Bind i/f
000947: Feb 1 10:28:31.483 UTC: AAA/BIND(000004F2): Bind i/f
000948: Feb 1 10:28:31.784 UTC: %DOT11-7-AUTH_FAILED: Station xxxx.xxxx.xxxx Authentication failed
000949: Feb 1 10:28:33.217 UTC: AAA/BIND(000004F3): Bind i/f
000950: Feb 1 10:28:34.946 UTC: AAA/BIND(000004F4): Bind i/f
000951: Feb 1 10:28:36.771 UTC: AAA/BIND(000004F5): Bind i/f
Solved! Go to Solution.
02-20-2006 05:24 AM
I had similar problem. My PDA couldn't connect to Aironet 1200.
I had to change configuration AP:
conf t
dot11 wpa handshake timeout 500
interface Dot11Radio0
no dot11 extension aironet
end
Now all work fine.
#sh dot11 as 0009.2d82.e4b9
...
Key Mgmt type : WPA PSK Encryption : TKIP
Current Rate : 11.0 Capability : ShortHdr
Supported Rates : 1.0 2.0 5.5 11.0
Signal Strength : -39 dBm Connected for : 52213 seconds
...
02-02-2006 02:01 PM
is there a debug or show command that will let me see the network key received from a device trying to authenticate to an AP, but failing?
02-03-2006 11:44 AM
Bill,
I just bought a Siemens sx66 and have also had trouble connecting to a Aironet 1100 with WPA-PSK; however, I can connect to a Linksys router with WPA-PSK. When I look at the network scan, I see a WPA PSK encryption for the Linksys. When I view the Aironet 1100 on the wi-fi scan, I see WEP encryption on the status.
I did try downloading the Odyssey Client trial which didn't help either. I actually called Juniper Networks and ran a number of debuggers but weren't able to conclude anything so I basically gave up on the Odyssey Client.
At this time, things are pointing to the Cisco Aironets as being the culprit. Another note is that if I take off the WPA encryption, the PDA gets right on.
I would love to hear from anyone that have found a solution.
Thanks!
Johan Bloemhard
02-05-2006 09:56 AM
Johan,
Make sure you have disabled Aironet extensions on the AP.
no dot11 extension aironet under int d0/1.
02-05-2006 10:00 AM
Also note doing this disables Cisco TKIP and client transmit power control.
02-06-2006 07:04 AM
We had the extensions disabled, so that's not it.
i'm going to try another vendors AP and see if it works. Its almost line the ap1200 is clipping the PSK.
02-06-2006 07:08 AM
Johan - i also don't have a problem connecting the PDA (w700) with wpa off. it's almost like the PSK is being clipped by my ap1200.
02-06-2006 08:39 AM
The most frustrating thing is that it connects WPA-PSK to a $50 Linksys WRT54G no problem. I've used Socket Companion on my Siemens sx66 and noticed the following:
- Linksys WRT54G shows WPA, PSK Encryption
- Cisco 1200AP shows WEP Encryption (even though it's configured as WPA-PSK and computers/laptops have no problem connecting to it)
Has anyone tried to open a TAC case on this issue yet? If not, maybe it's time for me to persue that.
02-06-2006 07:12 PM
Johan, what version of TKIP is enabled on the AP, Cisco TKIP (ckip) or WPA TKIP (tkip)? Can you compare the output of "sh dot11 assoc" on a laptop vs. PDA? Sniff the output from the working Linksys AP connection and grab the header info, compare to working/non-working Cisco AP connections...
02-17-2006 10:10 PM
I'm running WPA TKIP. I've tried all of the applicable debugging commands on the AP and the AP doesn't even see the PDA as trying to connect. Haven't sniffed out the traffic yet...
02-17-2006 09:58 PM
What version of IOS are you running ?
02-17-2006 10:07 PM
I'm tried running 12.3(7)JA and 12.3(7)JA2 with no avail.
02-17-2006 10:15 PM
The problem you are having is with the chipset. Not with the Access Point. This is going to sound very odd but ... try this.
Within the AP GUI go to services.
QoS - ADVANCED WiFi MultiMedia (WMM)
Turn this option OFF
Your B client should now connect with WPA-PSK
02-17-2006 10:18 PM
Would this be the problem even if QoS is "Disabled" under services?
02-17-2006 10:27 PM
Yes. Follow my directions in the previous post.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide