WPA authentication issue

  • 2
  • Question
  • Updated 4 months ago
  • Answered
We have new AP230's. It is not possible to connect Android and iOS devices by WPA2.
By this the part of the authentication 4-way handshake of a log:

(56)WPA-PSK auth is starting (at if=wifi0.1)(57)Sending 1/4 msg of 4-Way Handshake (at if=wifi0.1)
(58)Received 2/4 msg of 4-Way Handshake (at if=wifi0.1)
(59)Sending 3/4 msg of 4-Way Handshake (at if=wifi0.1)
(60)Rx deauth (reason 17 <n/a>, rssi -41dB)
(61)Sta(at if=wifi0.1) is de-authenticated because of notification of driver

At the other ap's (AP340's) there is no problem.

Any idea?

Kind regards
Photo of John Goodman

John Goodman

  • 9 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 2
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Are you sure that you have left WMM enabled?

http://support.apple.com/en-us/TS3727
(Edited)
Photo of John Goodman

John Goodman

  • 9 Posts
  • 0 Reply Likes
Nick

Thx for the support, WMM is enabled at the SSID.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Is the software on the AP up-to-date? That's 6.2r1a for the AP230.
(Edited)
Photo of John Goodman

John Goodman

  • 9 Posts
  • 0 Reply Likes
correct, this is ok
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Can you change the configuration of the 2.4 GHz radio profile to use Auto (Short/Long) for the Preamble and try again?
(Edited)
Photo of John Goodman

John Goodman

  • 9 Posts
  • 0 Reply Likes
nick
This is already configured for the radio profile on the access points.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes

I should have looked at what you posted more carefully!

(60)Rx deauth (reason 17 <n/a>, rssi -41dB)


17

Association denied because AP is unable to handle additional associated station.


This means that an AP is at capacity and cannot accept more clients.

(Edited)
Photo of John Goodman

John Goodman

  • 9 Posts
  • 0 Reply Likes
Hey Nick, I double checked it and I'm sure. The same clients can connect to other ap's using the same radio settings.
Photo of John Goodman

John Goodman

  • 9 Posts
  • 0 Reply Likes
Using the SSID with 802.1x don't give a problem, only the one with WPA2, I can not find a possible cause in this one.
Photo of John Goodman

John Goodman

  • 9 Posts
  • 0 Reply Likes
because it is a de-authentication, I rather think on this one to look for:

17: Information element in 4 way handshake different from association request/probe response/beacon element
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Ah, of course. My mistake, I'm having lunch with friends with much prosecco, not totally switched on. Could you get a packet capture of an exchange and I'll take a look with Wireshark?
(Edited)
Photo of John Goodman

John Goodman

  • 9 Posts
  • 0 Reply Likes
Nick, I'm not on the site at the moment, otherwise I could examine a capture indeed. I was hoping someone had an idea without the need of capturing ;).
In worst case, i will ask the responsable to make a capture.
Photo of John Goodman

John Goodman

  • 9 Posts
  • 0 Reply Likes
I rather have the Prosecco ;).
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
I don't know what type of remote access you have, but do you know about:

http://blogs.aerohive.com/blog/the-wireless-lan-architecture-blog-2/innovative-wi-fi-how-to-do-packe...
Photo of Jonathan Hurtt

Jonathan Hurtt

  • 98 Posts
  • 48 Reply Likes
One thing to try is to see if you can connect with an Open SSID to see if its a Security Issue or something else. 
Photo of Peter

Peter

  • 1 Post
  • 1 Reply Like
Jonathan,   I had my Aerohive training with you in Charlotte back a few months ago.  I am getting this same issue when users try and connect with new AP230's I just installed.   Users go through the authentication process but it times out with de-authenticating because of notification of driver. Was there a final solution to this issue?
  
Photo of Jonathan Hurtt

Jonathan Hurtt

  • 98 Posts
  • 48 Reply Likes
email sent.
Photo of Michael Morris

Michael Morris

  • 1 Post
  • 0 Reply Likes
Jonathan, we are having the same issue with AP230s as well. What was the final solution?
Photo of Jonathan Hurtt

Jonathan Hurtt

  • 98 Posts
  • 48 Reply Likes
It was a port configuration issue with 802.1q Trunking, if I remember correctly.
Photo of Keith Cox

Keith Cox

  • 1 Post
  • 0 Reply Likes
Can you elaborate more about what the issue was with the 802.1q Trunking?? 
(Edited)