Security

Reply
Occasional Contributor II
Posts: 21
Registered: ‎03-10-2011

Maverick Connection Issues

Good Afternoon,

I have a fully patched iMAC 10.9.1 (M that I am trying to get connected to my Controller.  WPA2 enterprise.  I have two other fully patched MACs that are working just fine, they are not the same hardware though (MB Pro, Air)  windows, ios and android are just fine

 

It connects just fine to my unsecured SSID, but not to the WPA2  I was connected and connecting fine before I upgraded to 6.3.1.2 

 

what are some troubleshooting steps that I can take?  

MVP
Posts: 4,277
Registered: ‎07-20-2011

Re: Maverick Connection Issues

 

 

Please run these commands :

 

show  auth-tracebuf | include <mac address> - You will be able to see the EAP process

 

Enable logging level debugging security process authmgr abd run the show log security all | include <device mac>

 

What are you using for RADIUS ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II
Posts: 21
Registered: ‎03-10-2011

Re: Maverick Connection Issues

We are using Windows 2008 r2 for the RADIUS.

 

here is a little more information:

When we upgraded to the new firware on the controller, we also replaces our AP125 with an AP225.  I physically moved the iMAC to a location with an AP125 that is beyond the reach of the AP225.  I can connect just fine to our WPA2 SSIDs now.  Did some reboots and shutdowns (which was killing the connection when trying to connect to the AP225) 

 

very strange

Occasional Contributor II
Posts: 21
Registered: ‎03-10-2011

Re: Maverick Connection Issues

Here is the output

 

Feb 4 14:28:44 :132030: <ERRS> |authmgr| Dropping EAPOL packet sent by Station d4:9a:20:54:d0:a0 9c:1c:12:94:0e:10
Feb 4 15:09:12 :126065: <WARN> |wms| |ids| AP(9c:1c:12:94:0e:10@Wolverton-Conf): Valid Client Not Using Encryption: An AP detected an unencrypted frame between a valid client (d4:9a:20:54:d0:a0) and access point (BSSID 9c:1c:12:94:0e:11), with source d4:9a:20:54:d0:a0 and receiver 00:1b:ed:16:5a:00. SNR value is 0.
Feb 4 15:26:31 :126065: <WARN> |wms| |ids| AP(9c:1c:12:94:0e:10@Wolverton-Conf): Valid Client Not Using Encryption: An AP detected an unencrypted frame between a valid client (d4:9a:20:54:d0:a0) and access point (BSSID 9c:1c:12:94:0e:11), with source d4:9a:20:54:d0:a0 and receiver ff:ff:ff:ff:ff:ff. SNR value is 46.
Feb 4 15:34:00 :132030: <ERRS> |authmgr| Dropping EAPOL packet sent by Station d4:9a:20:54:d0:a0 9c:1c:12:94:0e:10
Feb 4 15:59:11 :132030: <ERRS> |authmgr| Dropping EAPOL packet sent by Station d4:9a:20:54:d0:a0 00:24:6c:ba:f4:d0
Feb 4 16:00:59 :126065: <WARN> |wms| |ids| AP(00:24:6c:ba:f4:d0@KERN-721): Valid Client Not Using Encryption: An AP detected an unencrypted frame between a valid client (d4:9a:20:54:d0:a0) and access point (BSSID 00:24:6c:ba:f4:d1), with source d4:9a:20:54:d0:a0 and receiver 00:1b:ed:16:5a:00. SNR value is 40.
Feb 4 16:03:02 :132030: <ERRS> |authmgr| Dropping EAPOL packet sent by Station d4:9a:20:54:d0:a0 00:24:6c:ba:f4:d0
Feb 4 16:04:28 :132030: <ERRS> |authmgr| Dropping EAPOL packet sent by Station d4:9a:20:54:d0:a0 00:24:6c:ba:f4:d0

MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Maverick Connection Issues

Can you provide the show  auth-tracebuf | include <mac address> output as well?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Occasional Contributor II
Posts: 21
Registered: ‎03-10-2011

Re: Maverick Connection Issues

[ Edited ]

When I run that command, with or without the "| include <mac>" there is no output 

MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Maverick Connection Issues

Did you enable debugging for that Mac?

(controller-config) # logging level debug user-debug <mac>
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Occasional Contributor II
Posts: 21
Registered: ‎03-10-2011

Re: Maverick Connection Issues

ah, I did not do that.  I did now.  here is the output

 

Feb 5 09:54:09 station-up * d4:9a:20:54:d0:a0 9c:1c:12:94:0e:12 - - wpa2 aes
Feb 5 09:54:09 eap-id-req <- d4:9a:20:54:d0:a0 9c:1c:12:94:0e:12 1 5
Feb 5 09:54:09 eap-start -> d4:9a:20:54:d0:a0 9c:1c:12:94:0e:12 - -
Feb 5 09:54:09 eap-id-req <- d4:9a:20:54:d0:a0 9c:1c:12:94:0e:12 1 5
Feb 5 09:54:14 eap-start -> d4:9a:20:54:d0:a0 9c:1c:12:94:0e:12 - -
Feb 5 09:54:14 eap-id-req <- d4:9a:20:54:d0:a0 9c:1c:12:94:0e:12 1 5
Feb 5 09:54:19 eap-start -> d4:9a:20:54:d0:a0 9c:1c:12:94:0e:12 - -
Feb 5 09:54:19 eap-id-req <- d4:9a:20:54:d0:a0 9c:1c:12:94:0e:12 2 5
Feb 5 09:54:24 station-down * d4:9a:20:54:d0:a0 9c:1c:12:94:0e:12 - -
Feb 5 09:54:48 station-up * d4:9a:20:54:d0:a0 9c:1c:12:94:0e:10 - - wpa2 aes
Feb 5 09:54:48 eap-id-req <- d4:9a:20:54:d0:a0 9c:1c:12:94:0e:10 1 5
Feb 5 09:54:49 eap-start -> d4:9a:20:54:d0:a0 9c:1c:12:94:0e:10 - -
Feb 5 09:54:49 eap-id-req <- d4:9a:20:54:d0:a0 9c:1c:12:94:0e:10 1 5
Feb 5 09:54:53 eap-start -> d4:9a:20:54:d0:a0 9c:1c:12:94:0e:10 - -
Feb 5 09:54:53 eap-id-req <- d4:9a:20:54:d0:a0 9c:1c:12:94:0e:10 1 5
Feb 5 09:54:59 eap-start -> d4:9a:20:54:d0:a0 9c:1c:12:94:0e:10 - -
Feb 5 09:54:59 eap-id-req <- d4:9a:20:54:d0:a0 9c:1c:12:94:0e:10 2 5
Feb 5 09:55:04 station-down * d4:9a:20:54:d0:a0 9c:1c:12:94:0e:10 - -

MVP
Posts: 4,277
Registered: ‎07-20-2011

Re: Maverick Connection Issues

[ Edited ]

 

It looks like the device is not responding to the EAP ID request (Provides the username/password) , please try the following uninstall the Certificate previously installed 

  1. Start Finder.
  2. From the Go drop-down list, select Utilities.
  3. Double-click the Keychain Access icon.

And find the cert and delete it then remove the ssid from the preferred wireless networks and then reboot .

 

Try again and run the same commands.

 

What AP are you connecting at this point ? AP125 or AP225 ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II
Posts: 21
Registered: ‎03-10-2011

Re: Maverick Connection Issues

Right now I am only working with the AP 225 at it seems to be limited to the AP 225.  Deleting the key for the ssid worked one time.  I deleted it, removed the ssid from the prefered networks and rebooted.

 

It connected on the first try. So I turned the Wi-Fi on the iMAC off, waited a few seconds and turned it back on again.  It went back to the same thing.  

 

It almost seems like the AP 225 is holding onto something or there is something screwy with how the iMAC is doing the wi-fi 

 

 

I have attached the tracebuff commands

 

 

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: