AP230 is de-authenticated because of notification of driver

  • 1
  • Question
  • Updated 5 months ago
Hello,

I'm having some problems when trying to add some access security to a SSID. I've tried with wpa/wpa2 PSK and Private PSK. It happens only on the AP230 model, the same network profile works perfect on an AP121.

This is the output from the client monitor:
01/31/2018 12:36:55 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (3)Rx auth <open> (frame 1, rssi -56dB)
01/31/2018 12:36:55 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (4)Tx auth <open> (frame 2, status 0, pwr 13dBm)
01/31/2018 12:36:55 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (5)Rx assoc req (rssi -55dB)
01/31/2018 12:36:55 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (6)Tx assoc resp <accept> (status 0, pwr 13dBm)
01/31/2018 12:36:55 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (7)WPA-PSK auth is starting (at if=wifi1.1)
01/31/2018 12:36:55 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (8)Sending 1/4 msg of 4-Way Handshake (at if=wifi1.1)
01/31/2018 12:36:55 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (9)Received 2/4 msg of 4-Way Handshake (at if=wifi1.1)
01/31/2018 12:36:55 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (10)Sending 3/4 msg of 4-Way Handshake (at if=wifi1.1)
01/31/2018 12:36:55 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (11)Rx disassoc (reason 1 <unspecified>, rssi -70dB)
01/31/2018 12:36:55 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (12)Sta(at if=wifi1.1) is de-authenticated because of notification of driver
01/31/2018 12:37:00 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    DETAIL  (13)Rx <specific> probe req (rssi -85dB)
01/31/2018 12:37:00 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (14)Tx probe resp (pwr 13dBm)
01/31/2018 12:37:00 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (15)Tx probe resp (pwr 13dBm)
01/31/2018 12:37:00 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (16)Rx auth <open> (frame 1, rssi -59dB)
01/31/2018 12:37:00 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (17)Tx auth <open> (frame 2, status 0, pwr 13dBm)
01/31/2018 12:37:00 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (18)Rx assoc req (rssi -57dB)
01/31/2018 12:37:00 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (19)Tx assoc resp <accept> (status 0, pwr 13dBm)
01/31/2018 12:37:00 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (20)WPA-PSK auth is starting (at if=wifi1.1)
01/31/2018 12:37:00 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (21)Sending 1/4 msg of 4-Way Handshake (at if=wifi1.1)
01/31/2018 12:37:00 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (22)Received 2/4 msg of 4-Way Handshake (at if=wifi1.1)
01/31/2018 12:37:00 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (23)Sending 3/4 msg of 4-Way Handshake (at if=wifi1.1)
01/31/2018 12:37:00 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (24)Rx disassoc (reason 1 <unspecified>, rssi -58dB)
01/31/2018 12:37:00 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (25)Sta(at if=wifi1.1) is de-authenticated because of notification of driver
01/31/2018 12:37:04 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    DETAIL  (26)Rx <specific> probe req (rssi -85dB)
01/31/2018 12:37:04 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (27)Tx probe resp (pwr 13dBm)
01/31/2018 12:37:04 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (28)Tx probe resp (pwr 13dBm)
01/31/2018 12:37:04 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (29)Rx auth <open> (frame 1, rssi -59dB)
01/31/2018 12:37:04 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (30)Tx auth <open> (frame 2, status 0, pwr 13dBm)
01/31/2018 12:37:04 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (31)Rx assoc req (rssi -58dB)
01/31/2018 12:37:04 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (32)Tx assoc resp <accept> (status 0, pwr 13dBm)
01/31/2018 12:37:04 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (33)WPA-PSK auth is starting (at if=wifi1.1)
01/31/2018 12:37:04 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (34)Sending 1/4 msg of 4-Way Handshake (at if=wifi1.1)
01/31/2018 12:37:04 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (35)Received 2/4 msg of 4-Way Handshake (at if=wifi1.1)
01/31/2018 12:37:04 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (36)Sending 3/4 msg of 4-Way Handshake (at if=wifi1.1)
01/31/2018 12:37:04 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    INFO    (37)Rx disassoc (reason 1 <unspecified>, rssi -59dB)
01/31/2018 12:37:04 PM  C0EEFB26624B  9C5D12CC3EA4  AH-cc3e80    BASIC   (38)Sta(at if=wifi1.1) is de-authenticated because of notification of driver
And this is my running configuration:
security mac-filter myHive default permit
security mac-filter secSSID default permit
security-object secSSID
security-object secSSID security protocol-suite wpa2-tkip-psk ascii-key ***
security-object secSSID security roaming cache update-interval 10 ageout 500
security-object secSSID default-user-profile-attr 1
ssid secSSID
ssid secSSID security-object secSSID
ssid secSSID rts-threshold 1024
ssid secSSID security mac-filter secSSID
ssid secSSID frag-threshold 2048
ssid secSSID ignore-broadcast-probe
ssid secSSID client-age-out 30
ssid secSSID 11g-rate-set 11 6-basic 9-basic 12-basic 18 24 36 48 54
no ssid secSSID wmm
hive myHive
hive myHive security mac-filter myHive
hive myHive password ***
interface eth0 manage snmp
interface eth1 manage snmp
interface wifi1 mode access
interface mgt0 hive myHive
interface mgt0 vlan 2
interface wifi0 ssid secSSID
interface wifi1 ssid secSSID
system led power-saving-mode delay 24 on 4 off 64
system led brightness soft
lldp
lldp cdp
lldp max-power 154
access-console security protocol-suite wpa-auto-psk ascii-key ***
admin root-admin admin password ***
dns server-ip 8.8.8.8
dns server-ip 8.8.4.4 second
ntp server 192.168.252.13
ntp interval 1440
clock time-zone 1
clock time-zone daylight-saving-time 03-25 01:59:59 10-28 02:59:59
snmp trap-info over-snmp
config version 8
config rollback enable
snmp contact Hotels
no snmp reader version any community hivecommunity

os-detection method user-agent
capwap client server name 192.168.252.13
capwap client dtls hm-defined-passphrase *** key-id 1
capwap client vhm-name home
no capwap client dtls negotiation enable
qos classifier-map service dns qos 4 action permit
qos classifier-map service dhcp-server qos 4 action permit
qos classifier-map service dhcp-client qos 4 action permit
qos classifier-map service tftp qos 2 action permit
qos classifier-map service pcoip-media qos 3 action permit
qos classifier-map service pcoip-control qos 3 action permit
qos classifier-map service ica qos 3 action permit
service SMB protocol tcp port 139 timeout 1800
service L7-DROPBOX app-id 166
qos classifier-map service L7-DROPBOX qos 0 action permit
service iperf protocol tcp port 5001 timeout 0
qos classifier-map service iperf qos 0 action permit
service L7-EDONKEY app-id 176
qos classifier-map service L7-EDONKEY qos 0 action permit
service L7-ICLOUD app-id 284
qos classifier-map service L7-ICLOUD qos 0 action permit
service "L7-GOOGLE APIS" app-id 232
qos classifier-map service "L7-GOOGLE APIS" qos 1 action permit
service L7-GOOGLE app-id 239
qos classifier-map service L7-GOOGLE qos 1 action permit
service "L7-GOOGLE DOCS" app-id 236
qos classifier-map service "L7-GOOGLE DOCS" qos 1 action permit
service HTTP-8080 protocol tcp port 8080
qos classifier-profile eth0 diffserv
qos classifier-profile eth0 interface/ssid
qos classifier-profile eth0 mac
qos classifier-profile eth0 service
qos classifier-profile eth1 diffserv
qos classifier-profile eth1 interface/ssid
qos classifier-profile eth1 mac
qos classifier-profile eth1 service
qos classifier-profile red0 diffserv
qos classifier-profile red0 interface/ssid
qos classifier-profile red0 mac
qos classifier-profile red0 service
qos classifier-profile agg0 diffserv
qos classifier-profile agg0 interface/ssid
qos classifier-profile agg0 mac
qos classifier-profile agg0 service
qos classifier-profile secSSIDCorporativoV2 diffserv
qos classifier-profile secSSIDCorporativoV2 interface/ssid
qos classifier-profile secSSIDCorporativoV2 mac
qos classifier-profile secSSIDCorporativoV2 service
interface eth1 qos-classifier eth1
interface eth0 qos-classifier eth0
ssid secSSID qos-classifier secSSIDCorporativoV2
qos classifier-map oui 00:0c:d6 qos 6 action permit comment "default mac oui"
qos classifier-map oui 00:0c:d6 qos 6 action log comment "default mac oui"
qos classifier-map oui b4:a8:28 qos 6 action permit comment "default mac oui"
qos classifier-map oui b4:a8:28 qos 6 action log comment "default mac oui"
qos classifier-map oui 00:19:c8 qos 6 action permit comment "default mac oui"
qos classifier-map oui 00:19:c8 qos 6 action log comment "default mac oui"
qos classifier-map oui 00:0c:e7 qos 6 action permit comment "default mac oui"
qos classifier-map oui 00:0c:e7 qos 6 action log comment "default mac oui"
qos marker-profile eth0 diffserv
qos marker-profile eth1 diffserv
qos marker-profile red0 diffserv
qos marker-profile agg0 diffserv
qos marker-profile secSSIDCorporativoV2 diffserv
interface eth1 qos-marker eth1
interface eth0 qos-marker eth0
ssid secSSID qos-marker secSSIDCorporativoV2
qos marker-map 8021p Testing
qos marker-map diffserv Testing
qos policy qos_corporativo user-profile 2000000 32 user 2000000
qos policy qos_corporativo qos 0 wrr 2000000 10
qos policy qos_corporativo qos 1 wrr 2000000 20
qos policy qos_corporativo qos 2 wrr 2000000 30
qos policy qos_corporativo qos 3 wrr 2000000 40
qos policy qos_corporativo qos 4 wrr 2000000 50
qos policy qos_corporativo qos 5 wrr 2000000 60
qos policy qos_corporativo qos 6 strict 2000000 0
qos policy qos_corporativo qos 7 strict 2000000 0
user-profile corporativo qos-policy qos_corporativo vlan-id 99 attribute 1
user-profile corporativo qos-marker-map diffserv Testing
user-profile corporativo cac airtime-percentage 15 share-time
user-profile corporativo performance-sentinel enable
user-profile corporativo performance-sentinel action boost
user-profile corporativo performance-sentinel guaranteed-bandwidth 1500
alg ftp enable
alg tftp enable
alg sip enable
alg dns enable
no bonjour-gateway enable
application reporting auto
application reporting watch-list 191,275,284,320,590,706,751 enable
Can you give me some advice?
Photo of Julián García-Sotoca Pascual

Julián García-Sotoca Pascual

  • 19 Posts
  • 0 Reply Likes

Posted 5 months ago

  • 1
Photo of Steve Kellogg

Steve Kellogg

  • 87 Posts
  • 2 Reply Likes
I've had the same problem off and on and never really gotten to the bottom of it.  It was usually a MacBook that encountered the problem.  I'm interested to see if you find a cause / solution.
Photo of Julián García-Sotoca Pascual

Julián García-Sotoca Pascual

  • 19 Posts
  • 0 Reply Likes
Try enabling the WMM on the SSID advanced settings.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Julian,

This rate set makes little sense as 11 is present and is not a basic rate, along with no other 802.11b data rates being available.

ssid secSSID 11g-rate-set 11 6-basic 9-basic 12-basic 18 24 36 48 54

I suggest using, assuming you not need 802.11b compatibility:

ssid secSSID 11g-rate-set 6-basic 9-basic 12-basic 18 24-basic 36 48 54

Can you also change from TKIP to CCMP.

Cheers,

Nick
(Edited)
Photo of Julián García-Sotoca Pascual

Julián García-Sotoca Pascual

  • 19 Posts
  • 0 Reply Likes
Hi,
I've applied those settings but nothing changed, same result. All mobile devices can not connect but a windows 10 laptop connected succesfully.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Julian,

The failure is at M3 in the 4-way handshake.

The client is not acknowledging the installation of PTK and GTK.

On receiving M3, the client first verifies its MAC tag with the key, and checks the nonce that the client previously received in message M1. If the verification succeeds then the client sends out the final handshake message M4. If the verification fails, the client silently discards M3.

It suggests that the client does not like M3. The question then is why.

Looking at your running config again you have also disabled WMM, I suspect that you need to enable WMM. I did not notice this the first time I glanced over it.

Please can you further enable WMM and remove the customisation of the rts-threshold and frag-threshold.

Thanks,

Nick
(Edited)
Photo of Julián García-Sotoca Pascual

Julián García-Sotoca Pascual

  • 19 Posts
  • 0 Reply Likes
Thank you Nick, the WMM was the problem. Now all the mobile clients can connect.