cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3509
Views
20
Helpful
11
Replies

WLC 9800 + AP9120AXi problem with Android 10

sikrest
Level 1
Level 1

WLC Cisco IOS XE Software, Version 17.06.01

C9800 Software (C9800_IOSXE-K9), Version 17.6.1, RELEASE SOFTWARE (fc6)

AP ver 17.6.1.13

 

My 1+5T phone (Snapdragon 835, Android 10, Security patch 2020.09) won't connect to SSID.

I've tried configurations like this, if my phone works then old devices don't work.

 

work old devices
wlan Park 179 Park2021
no device-analytics
no device-analytics pc-analytics
no security ft adaptive
security wpa psk set-key ascii 0 Tech2021
no security wpa akm dot1x
security wpa akm psk
security wpa akm psk-sha256
security wpa akm sae
security wpa wpa3
security pmf optional
no shutdown

 

work android 10
wlan Park 179 Park2021
no device-analytics
no device-analytics pc-analytics
no security ft adaptive
security wpa psk set-key ascii 0 Tech2021
no security wpa akm dot1x
security wpa akm psk-sha256
security wpa akm sae
security wpa wpa3
security pmf optional
no shutdown

11 Replies 11

Scott Fella
Hall of Fame
Hall of Fame

Search the forum for snapdragon as I remember seeing issue with them. I recall maybe it is also wpa3.  Have you tried disabling that?

-Scott
*** Please rate helpful posts ***

sikrest
Level 1
Level 1

I read all similar topics, but I did not find solutions when all devices work.

Try something basic first and then build on that. Get them to connect to an open ssid with just basic settings. If that works then try WPA2 again with basic stuff and add slowly. If you want to figure this out faster, you should search the bug kit and open a TAC case, just depending on your urgency.
-Scott
*** Please rate helpful posts ***

Rich R
VIP
VIP

Like @Scott Fella said try disabling WPA3.

Recent testing has found up to 14% of current smartphones do not recognise a WPA3 enabled beacon (treated as invalid or corrupt) due to faulty/incomplete implementations of the 802.11 standards with the result that those devices cannot "see" the SSID at all if it is in WPA3 transition (WPA2 + WPA3) mode due to the WPA3 information element in the beacon.

Note this is a device issue which cannot be resolved on the AP/WLC.  Only device firmware/driver updates can resolve this (some devices may never be fixed).

You can search for WPA3 certified phones at https://www.wi-fi.org/product-finder-results?sort_by=certified&sort_order=desc&categories=3&capabilities=628

Those who are WBA (Wireless Broadband Alliance) members can find more detail on the discussions in the Testing & Interoperability Work Group discussions on the WBA extranet site.

 

So on the WLC GUI that's WPA+WPA2 layer 2 security mode not WPA2+WPA3.

In CLI config:

security wpa wpa2 ciphers aes
security wpa akm psk
no security wpa akm sae
no security wpa wpa3

 

If it isn't WPA3 causing the problem then try adding/disabling features to see which is causing the problem like Scott said.

sikrest
Level 1
Level 1

It turned out to make old and new devices work!

wlan Park 179 Park2021
no device-analytics
no device-analytics pc-analytics
dot11bg 11g
radio policy dot11 24ghz
radio policy dot11 5ghz
no security ft adaptive
security wpa psk set-key ascii 0 Tech2021
no security wpa akm dot1x
security wpa akm psk
security wpa akm psk-sha256
no shutdown

Additionally set in the section WLAN Timeout. I will watch how it will work in the future.
wlan_timeout.jpg

Yeah WPA3 is typically an issue with sites that have or might have older devices.  As far as the timeout, I typically disable that or set that to the max.  This is a preference to many, but many do not like to have that set as default.

-Scott
*** Please rate helpful posts ***

@Scott Fella note the WPA3 problem is not only old devices - up to 14% of currently available devices are affected!

The very latest devices are more likely to be WPA3 certified and therefore fixed.

I'm guessing there's some faulty 802.11 source code which has been widely re-used across the industry and therefore affects every device based on that source code.

 

It’s seems to always be an issue when “new” things come to market. I remember when 802.11n and channel widths became an issue and also AC. Just takes a few years before all vendors get it right:) 

-Scott
*** Please rate helpful posts ***

And Intel drivers not working with AX - quite recently

Hi @Rich R Are you referring to the below intel bug https://www.intel.com/content/www/us/en/support/articles/000054799/wireless.html

 or something else? I would like to know more.

Yes that's the one @Arshad Safrulla 

Review Cisco Networking for a $25 gift card