Controllerless Networks

Reply
New Contributor

Device Authentication Issue

I recently purchased a Neato Connected robot vac and so far it has been anything but connected.  I use two IAP-315 APs for my home wifi setup (same SSID, different channels for roaming, security is WPA-2 Personal and all advanced settings are at default config).  This setup works flawlessly with the 15 other devices in the house and only has a problem with this new vac.  That suggests the vacuum is the problem, but these vacs do not have rampant reports of connectivity issues and Neato tech support did not have any obvious solutions, so perhaps the combination is the issue since I do not have the typical generic home wifi setup. 

 

I tried to scan through the logs to see if there were any obvious issues, but my depth of knowledge was not up to the task.  I was hoping someone here might be able to make sense of this and could recommend some things to try before I give up and resign myself to cleaning floors the old fashioned way.

 

Thanks!

 

Looking at the Auth Trace buffer, there is an immediate observation that while most auth requests have a back and forth flow, the vacuum (MAC ending 7f:22) keeps sending repeated requests and getting no response.

 

Jul 24 23:54:00  station-up             *  xx:xx:xx:xx:3b:d0  xx:xx:xx:xx:6c:a0  -  -    wpa2 psk aes

Jul 24 23:54:00  wpa2-key1             <-  xx:xx:xx:xx:3b:d0  xx:xx:xx:xx:6c:a0  -  117 

Jul 24 23:54:00  wpa2-key2             ->  xx:xx:xx:xx:3b:d0  xx:xx:xx:xx:6c:a0  -  240 

Jul 24 23:54:00  wpa2-key3             <-  xx:xx:xx:xx:3b:d0  xx:xx:xx:xx:6c:a0  -  279 

Jul 24 23:54:00  wpa2-key4             ->  xx:xx:xx:xx:3b:d0  xx:xx:xx:xx:6c:a0  -  95  

Jul 24 23:54:44  station-up             *  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  -  -    wpa2 psk aes

Jul 24 23:54:44  wpa2-key1             <-  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  -  117 

Jul 24 23:54:45  wpa2-key1             <-  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  -  117 

Jul 24 23:54:47  wpa2-key1             <-  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  -  117 

Jul 24 23:54:57  station-up             *  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  -  -    wpa2 psk aes

Jul 24 23:54:57  wpa2-key1             <-  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  -  117 

Jul 24 23:54:59  wpa2-key1             <-  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  -  117 

Jul 24 23:55:00  wpa2-key1             <-  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  -  117

 

However, when I look at the management frames, it appears to be a successful auth followed by a deauth.

 

 Traced 802.11 Management Frames
-------------------------------
Timestamp        stype       SA                 DA                 BSS                signal  Misc
---------        -----       --                 --                 ---                ------  ----
Jul 24 23:55:51  deauth      xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Denied; Ageout (seq num 0)

Jul 24 23:55:46  assoc-resp  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Success

Jul 24 23:55:46  assoc-req   xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:6c:a0  39      -

Jul 24 23:55:46  auth        xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Success (seq num 0)

Jul 24 23:55:46  auth        xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:6c:a0  0       -

Jul 24 23:55:28  deauth      xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Denied; Ageout (seq num 0)

Jul 24 23:55:24  assoc-resp  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Success

Jul 24 23:55:24  assoc-req   xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:6c:a0  37      -

Jul 24 23:55:24  auth        xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Success (seq num 2056)

Jul 24 23:55:24  auth        xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:6c:a0  0       -

Jul 24 23:55:15  deauth      xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Denied; Ageout (seq num 0)

Jul 24 23:55:10  assoc-resp  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Success

Jul 24 23:55:10  assoc-req   xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:6c:a0  38      -

Jul 24 23:55:10  auth        xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Success (seq num 0)

Jul 24 23:55:10  auth        xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:6c:a0  0       -

Jul 24 23:55:02  deauth      xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Denied; Ageout (seq num 0)

Jul 24 23:54:57  assoc-resp  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Success

Jul 24 23:54:57  assoc-req   xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:6c:a0  38      -

Jul 24 23:54:57  auth        xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Success (seq num 0)

Jul 24 23:54:57  auth        xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:6c:a0  0       -

Jul 24 23:54:48  deauth      xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Denied; Ageout (seq num 0)

Jul 24 23:54:44  assoc-resp  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Success

Jul 24 23:54:44  assoc-req   xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:6c:a0  39      -

Jul 24 23:54:44  auth        xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  15      Success (seq num 0)

Jul 24 23:54:44  auth        xx:xx:xx:xx:7f:22  xx:xx:xx:xx:6c:a0  xx:xx:xx:xx:6c:a0  0       -

 

Which is similar to what I am seeing in client-match-history

 

xx:xx:xx:xx:7f:22  Normal     Normal     Client associated             1      23:54:45  
xx:xx:xx:xx:7f:22  Normal     Normal     Client left                   1      23:54:49  
xx:xx:xx:xx:7f:22  Normal     Normal     Client associated             1      23:54:58  
xx:xx:xx:xx:7f:22  Normal     Normal     Client left                   1      23:55:03  
xx:xx:xx:xx:7f:22  Normal     Normal     Client associated             1      23:55:11  
xx:xx:xx:xx:7f:22  Normal     Normal     Client left                   1      23:55:16  
xx:xx:xx:xx:7f:22  Normal     Normal     Client associated             1      23:55:25  
xx:xx:xx:xx:7f:22  Normal     Normal     Client left                   1      23:55:29  
xx:xx:xx:xx:7f:22  Normal     Normal     Client associated             1      23:55:47  
xx:xx:xx:xx:7f:22  Normal     Normal     Client left                   1      23:55:52  
xx:xx:xx:xx:7f:22  Normal     Normal     Client associated             1      23:56:01  
xx:xx:xx:xx:7f:22  Normal     Normal     Client left                   1      23:56:05  
xx:xx:xx:xx:7f:22  Normal     Normal     Client associated             1      23:56:14  
xx:xx:xx:xx:7f:22  Normal     Normal     Client left                   1      23:56:19  
xx:xx:xx:xx:7f:22  Normal     Normal     Client associated             1      23:56:28  
xx:xx:xx:xx:7f:22  Normal     Normal     Client left                   1      23:56:32  
xx:xx:xx:xx:7f:22  Normal     Normal     Client associated             1      23:56:41  
xx:xx:xx:xx:7f:22  Normal     Normal     Client left                   1      23:56:46  
xx:xx:xx:xx:7f:22  Normal     Normal     Client associated             1      23:56:54  
xx:xx:xx:xx:7f:22  Normal     Normal     Client left                   1      23:56:59 

 

I might also mention that the vacuum does make it to the client list at the top right of the virtual controller dashboard, but the name is “—“ and no IP is ever assigned (it just reads 0.0.0.0).  I see it only because I know the MAC address, which I can see when I click on the “—“ name.  The vacuum associates with each AP in succession and then vanishes from the list a short time thereafter.

 

As I said before, if anyone has any suggestions they would be much appreciated.

 

Thanks!

Guru Elite

Re: Device Authentication Issue

Can you publish your SSID settings?  It looks like it does not complete the 4-way key exchange for some reason.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Device Authentication Issue

Absolutely.  I really appreciate you taking a look.

 

*********************************************************************************************************
 7/25/2017 13:07:08 PM    Target: IAP315-Basement    Command: show network 
*********************************************************************************************************

Networks
--------
Profile Name  ESSID         Clients  Type      Band  Authentication Method  Key Management  IP Assignment  Status   Zone  Coding   Active
------------  -----         -------  ----      ----  ---------------------  --------------  -------------  ------   ----  ------   ------
3246LostMill  3246LostMill  14       employee  all   None                   WPA2-AES        Default VLAN   Enabled  -     Default  Yes

*********************************************************************************************************
 7/25/2017 13:06:59 PM    Target: IAP315-Basement    Command: show ap bss-table 
*********************************************************************************************************

Aruba AP BSS Table
------------------
bss                ess           port  ip        phy    type  ch/EIRP/max-EIRP  cur-cl  ap name          in-t(s)  tot-t
---                ---           ----  --        ---    ----  ----------------  ------  -------          -------  -----
xx:xx:xx:xx:6c:a0  3246LostMill  ?/?   10.1.1.7  b      ap    6/19/19           3       IAP315-Basement  0        13h:13m:6s
xx:xx:xx:xx:6c:b0  3246LostMill  ?/?   10.1.1.7  a-VHT  ap    52E/18/23         1       IAP315-Basement  0        13h:44m:27s

Channel followed by "*" indicates channel selected due to unsupported configured channel.
"Spectrum" followed by "^" indicates Local Spectrum Override in effect.

Num APs:2
Num Associations:4

*********************************************************************************************************
 7/25/2017 13:06:51 PM    Target: IAP315-Attic    Command: show ap bss-table 
*********************************************************************************************************

Aruba AP BSS Table
------------------
bss                ess           port  ip        phy    type  ch/EIRP/max-EIRP  cur-cl  ap name       in-t(s)  tot-t
---                ---           ----  --        ---    ----  ----------------  ------  -------       -------  -----
xx:xx:xx:xx:d1:b0  3246LostMill  ?/?   10.1.1.8  a-VHT  ap    52E/18/23         7       IAP315-Attic  0        13h:44m:13s
xx:xx:xx:xx:d1:a0  3246LostMill  ?/?   10.1.1.8  b      ap    1/19/19           1       IAP315-Attic  0        13h:12m:48s

Channel followed by "*" indicates channel selected due to unsupported configured channel.
"Spectrum" followed by "^" indicates Local Spectrum Override in effect.

Num APs:2
Num Associations:8
New Contributor

Re: Device Authentication Issue

wifi.jpg

Guru Elite

Re: Device Authentication Issue

You should remove 802.11k, r and V.  Some clients do not like those extensions..



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Device Authentication Issue

Sure enough.  That got it going.  R appears to be the culprit.  I turned K & V back on for improved roaming (since roaming is why I have multiple APs at home in the first place).  Thanks again for your assistance!

Guru Elite

Re: Device Authentication Issue

To be honest, the transmit power of the AP has much more influence on the roaming performance than 802.11k, 802.11r and 802.11v...  Many clients that do support it, do not support it fully, so it is of less use in the general population.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: