Security

Reply
Contributor I
Posts: 25
Registered: ‎01-03-2014

wpa_supplicant on linux and eapol-rate-opt

Hi, I found the solution to this on my own but I didn't find anything online that hinted that this could be the issue.

Issue:  I have a raspberry pi which worked fine with WPA2/PEAP on AOS verson 5.x but then I upgraded to 6.3 and it stopped working.  It would half-authenticate, assocate with the AP but never finish the PEAP authentication.  auth-trace would show that it was timing out.  It was reaching the radius server but never completing the PEAP auth.  The solution I found was in the ssid profile to set 

 

 

wlan ssid-profile "SSID"

     no eapol-rate-opt

 

Once I set this it would connect without issues.  I guess the wpa_supplilcant on the raspberry pi at least would get confused wtih the rate-opt feature and never connect.  Hope this helps someone, took me a day to figure it out.

 

 

 

 

 

 

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: wpa_supplicant on linux and eapol-rate-opt

What basic and Tx rates do you have configured on this SSID?

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Contributor I
Posts: 25
Registered: ‎01-03-2014

Re: wpa_supplicant on linux and eapol-rate-opt

[ Edited ]
wlan ssid-profile "SSID"  

essid "SSID"
opmode wpa2-aes
g-tx-rates 36 48 54
ageout 1800
wmm
local-probe-req-thresh 30
no eapol-rate-opt
!

Basic rates are the defaults (1 and 2 I believe). Can thsese settings also cause that behavior? I fiddled with this setting just now and it didn't seem to affect it.
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: wpa_supplicant on linux and eapol-rate-opt

Just from the initial glance, I would try running through the ASE.arubanetworks.com solution for RF optimization in WLAN networks and use those settings for the SSID.  The EAP optimization should be enabled unless there is an issue with it in which case TAC needs to be informed.

 

Here is a link - https://ase.arubanetworks.com/solutions/id/75

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Contributor I
Posts: 25
Registered: ‎01-03-2014

Re: wpa_supplicant on linux and eapol-rate-opt

Hey thats a neat tool!  I'll play around with it and let you know if that makes any difference.

Guru Elite
Posts: 20,578
Registered: ‎03-29-2007

Re: wpa_supplicant on linux and eapol-rate-opt


arubasecrets wrote:
wlan ssid-profile "SSID"  

essid "SSID"
opmode wpa2-aes
g-tx-rates 36 48 54
ageout 1800
wmm
local-probe-req-thresh 30
no eapol-rate-opt
!

Basic rates are the defaults (1 and 2 I believe). Can thsese settings also cause that behavior? I fiddled with this setting just now and it didn't seem to affect it.

Arubasecrets,

 

Did you try it with the default basic and TX rates, no local probe threshold (the default) ?

 

Your basic rates should be a subset of your TX rates to work correctly.  Having a local-probe-response-threshold of 30 is very aggressive.  Having things configured they way you have them currently could cause issues, yes.  Try the defaults, first.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 25
Registered: ‎01-03-2014

Re: wpa_supplicant on linux and eapol-rate-opt

Hi Colin, I tried as you suggested:

first I enabled the eapol-rate-opt and cycled the adapter on the wpa_supplicant that was having issues.  It was not able to complete the authentication.

I then undid the probe response level (not sure how that got turned on, but it was on the 5x config), no change.  I changed the TX rates to be 12 and up, no change. 

 

Then I changed the basic rates to 12 (as the ASE tool and you suggested) and boom, client connected.

 

So the real issue was my screwy basic rate settings.  I had no idea they had to be a subset of the tx rates, for some reason I thought it should always be 1 and 2.  

I changed these settings on the other SSID profiles as well.  Thanks for the help, I bet it will make things run smoother for now on.

Search Airheads
Showing results for 
Search instead for 
Did you mean: