de-authenticated because of AMRP error

  • 1
  • Question
  • Updated 3 years ago
IPad de-authenticated because of AMRP error; anyone knows what does it mean?

Here you are the Log:

11/05/2015 09:35:38 AM  8CFABA6890DD  08EA4418EC18  M_AP-1  INFO    (470)WPA-PSK auth is starting (at if=wifi0.5)11/05/2015 09:35:38 AM  8CFABA6890DD  08EA4418EC18  M_AP-1  INFO    (471)Sending 1/4 msg of 4-Way Handshake (at if=wifi0.5)
11/05/2015 09:35:38 AM  8CFABA6890DD  08EA4418EC18  M_AP-1  INFO    (472)Received 2/4 msg of 4-Way Handshake (at if=wifi0.5)
11/05/2015 09:35:38 AM  8CFABA6890DD  08EA4418EC18  M_AP-1  INFO    (473)Sending 3/4 msg of 4-Way Handshake (at if=wifi0.5)
11/05/2015 09:35:38 AM  8CFABA6890DD  08EA4418EC18  M_AP-1  INFO    (474)Received 4/4 msg of 4-Way Handshake (at if=wifi0.5)
11/05/2015 09:35:38 AM  8CFABA6890DD  08EA4418EC18  M_AP-1  INFO    (475)PTK is set (at if=wifi0.5)
11/05/2015 09:35:38 AM  8CFABA6890DD  08EA4418EC18  M_AP-1  BASIC   (476)Authentication is successfully finished (at if=wifi0.5)
11/05/2015 09:35:38 AM  8CFABA6890DD  08EA4418EC18  M_AP-1  BASIC   (477)Sta(at if=wifi0.5) is de-authenticated because of AMRP error
11/05/2015 09:35:38 AM  8CFABA6890DD  08EA4418EC18  M_AP-1  INFO    (478)Tx disassoc (reason 2 <prior-auth-invalid>, pwr 10dBm)


Thank you so much
Photo of Pablo Mozarovski

Pablo Mozarovski

  • 7 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
What version of HiveOS are you running?

Can you briefly summarise the key design points of your setup?

It means that Aerohive Mobility Routing Protocol (AMRP) has not worked as expected for some reason. There are undocumented debugging commands to triage this further. You should therefore contact your point of support if this reproduces and is not just a 'one off'. They can best help you with this.
(Edited)
Photo of Pablo Mozarovski

Pablo Mozarovski

  • 7 Posts
  • 0 Reply Likes
Hi there, thank you for your answer.

Ap-120 with HiveOS 6.1r3b.1502  and Ap-121 with HiveOS 6.4r1a.2103.


The point is that the same Ipad is authenticated by the AP-121 but in the same location, with the AP-120 doesn't work.


The log when it works:

11/05/2015 09:39:21 AM  8CFABA6890DD  4018B13FBC2C  M_AP-2  BASIC   (355)Rx auth <open> (frame 1, rssi 0dB)11/05/2015 09:39:21 AM  8CFABA6890DD  4018B13FBC2C  M_AP-2  BASIC   (356)Tx auth <open> (frame 2, status 0, pwr 11dBm)
11/05/2015 09:39:21 AM  8CFABA6890DD  4018B13FBC2C  M_AP-2  BASIC   (357)Rx assoc req (rssi 50dB)
11/05/2015 09:39:21 AM  8CFABA6890DD  4018B13FBC2C  M_AP-2  BASIC   (358)Tx assoc resp <accept> (status 0, pwr 11dBm)
11/05/2015 09:39:21 AM  8CFABA6890DD  4018B13FBC2C  M_AP-2  INFO    (359)WPA-PSK auth is starting (at if=wifi1.5)
11/05/2015 09:39:21 AM  8CFABA6890DD  4018B13FBC2C  M_AP-2  INFO    (360)Sending 1/4 msg of 4-Way Handshake (at if=wifi1.5)
11/05/2015 09:39:21 AM  8CFABA6890DD  4018B13FBC2C  M_AP-2  INFO    (361)Received 2/4 msg of 4-Way Handshake (at if=wifi1.5)
11/05/2015 09:39:21 AM  8CFABA6890DD  4018B13FBC2C  M_AP-2  INFO    (362)Sending 3/4 msg of 4-Way Handshake (at if=wifi1.5)
11/05/2015 09:39:21 AM  8CFABA6890DD  4018B13FBC2C  M_AP-2  INFO    (363)Received 4/4 msg of 4-Way Handshake (at if=wifi1.5)
11/05/2015 09:39:21 AM  8CFABA6890DD  4018B13FBC2C  M_AP-2  INFO    (364)PTK is set (at if=wifi1.5)
11/05/2015 09:39:22 AM  8CFABA6890DD  4018B13FBC2C  M_AP-2  BASIC   (365)Authentication is successfully finished (at if=wifi1.5)
11/05/2015 09:39:22 AM  8CFABA6890DD  4018B13FBC2C  M_AP-2  INFO    (366)station sent out DHCP REQUEST message
11/05/2015 09:39:22 AM  8CFABA6890DD  4018B13FBC2C  M_AP-2  INFO    (367)DHCP server sent out DHCP ACKNOWLEDGE message to station


The key design points:

In this case this issue ocurs in a building outside the main office, connected to Level 3 with no possibility of extending Vlans at level 2, it has chosen to establish IPSec tunnels.

It has installed two AP330 (as an ending tunelling) at the headquarters. Each of the AP establishes a primary IPSEC tunnel against one AP330 and secondary tunnel to the other.

Vlans extend to provide connectivity to the SSID configured without a Level 2 between buildings and allowing the level 3 and the securitization centralized in the Internal Perimeter Firewalls Environment.

We have policies to prevent DoS attacks on all SSIDs.

Also we configured some profiles with clent classification policies, qos, schedules, etc

The SSID of the issue has WPA2 and AES of access security, ratio and rates by default and dos prevention policies. 


Best regards
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
May I suggest that you first get the AP120 updated to 6.2r1c before troubleshooting any further?
(Edited)
Photo of Pablo Mozarovski

Pablo Mozarovski

  • 7 Posts
  • 0 Reply Likes
Hi there! Finally upgrading the version to HiveOS 6.2r1c.1943  it works, Thank you very much and a slap for me for don't thinking first to make that! 
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Cool! Pleased that that's sorted it. :)