I have a 3400 and 7205 running parallel in my environment, as I test to transition all APs from the 3400 to the 7205. I have created a 'TestGUEST' SSID on the 7205, and assigned it to the one AP homed to that controller. That SSID is opmode opensystem, as I am trying to send it to a captive portal for guests. When I try to connect to that SSID, I am getting Deauth'ed. I have made TestGUEST a valid-and-protected-ssid in both the 7205 AND the 3400. I also created a rule in AirWave to see the MAC of the AP and the SSID as valid. I have a different SSID dropping users into the same vlan correctly, so I know the network is good. I have tried adding a preshared key and using wpa2-psk-aes, but the real goal is to make this an open SSID so people don't have to log in to the SSID, and only interact with the captive portal page. I have to believe that there is a security setting that is killing the open SSID, but I can't find it, Why am I still getting deauth'ed?
Thanks,
Russell
Here are logs of it killing my connection:
Nov 16 16:51:37 sapd[1131]: <127102> <WARN> |AP QA-AP00-7205-3f:70@10.25.0.215 sapd| |ids-ap| AP(ac:a3:1e:b3:f7:00): AP Deauth Containment: An AP attempted to contain an access point (BSSID ac:a3:1e:b3:f7:03) by disconnecting its client (MAC fc:db:b3:46:24:7d) on channel 11.
Nov 16 16:51:38 sapd[1131]: <127102> <WARN> |AP QA-AP00-7205-3f:70@10.25.0.215 sapd| |ids-ap| AP(ac:a3:1e:b3:f7:10): AP Deauth Containment: An AP attempted to contain an access point (BSSID ac:a3:1e:b3:f7:13) by disconnecting its client (MAC fc:db:b3:46:24:7d) on channel 36.
Nov 16 16:51:39 sapd[1131]: <127065> <WARN> |AP QA-AP00-7205-3f:70@10.25.0.215 sapd| |ids-ap| AP(ac:a3:1e:b3:f7:00): Valid Client Not Using Encryption: An AP detected an unencrypted frame between a valid client (fc:db:b3:46:24:7d) and access point (BSSID 00:1c:12:a3:22:f5), with source fc:db:b3:46:24:7d and receiver 33:33:ff:46:24:7d. SNR value is 36.
Nov 16 16:51:39 sapd[1131]: <127075> <WARN> |AP QA-AP00-7205-3f:70@10.25.0.215 sapd| |ids-ap| AP(ac:a3:1e:b3:f7:00): Valid Client Misassociation: An AP detected a misassociation between valid client fc:db:b3:46:24:7d and access point (BSSID 00:1c:12:a3:22:f5 and SSID TestGUEST on CHANNEL 11). Association type is (Association To External AP), SNR of client is 0.
Nov 16 16:51:39 sapd[1131]: <127075> <WARN> |AP QA-AP00-7205-3f:70@10.25.0.215 sapd| |ids-ap| AP(ac:a3:1e:b3:f7:00): Valid Client Misassociation: An AP detected a misassociation between valid client fc:db:b3:46:24:7d and access point (BSSID 00:1c:12:a3:22:f5 and SSID TestGUEST on CHANNEL 11). Association type is (Association To Honeypot AP), SNR of client is 0.
Nov 16 16:51:40 sapd[1131]: <127035> <WARN> |AP QA-AP00-7205-3f:70@10.25.0.215 sapd| |ids-ap| AP(ac:a3:1e:b3:f7:00): Disconnect Station Attack: An AP detected a disconnect attack of client fc:db:b3:46:24:7d and access point (BSSID 00:1c:12:a3:22:f5 and SSID TestGUEST on CHANNEL 11). SNR of client is 33. Additional Info: Avg-AssocResp-PktRate(pps):0.5; Interval(sec):10.
Nov 16 16:51:43 sapd[1131]: <127102> <WARN> |AP QA-AP00-7205-3f:70@10.25.0.215 sapd| |ids-ap| AP(ac:a3:1e:b3:f7:10): AP Deauth Containment: An AP attempted to contain an access point (BSSID ac:a3:1e:b3:f7:13) by disconnecting its client (MAC fc:db:b3:46:24:7d) on channel 36.