Wireless Access

Greetings fellow Airheads,

One of our schools has two AP-175s being used in a mesh configuration.  One is located on top of a main campus building and is hard-wired to the network, and is configured as a Mesh Portal.  The other is out in the Football pressbox, and is configured as a Mesh Point.  I initially configured both APs in an office, at opposite ends, about 30 feet apart, using WPA2 encryption on the "a" channel.  Worked great.  When the APs were installed, however, the Point wouldn't connect to the Portal.  Several attempts to wipe and reprovision the Point were unsuccessful.  Our SE was on-site today, and he tried changing the encryption in the Mesh Cluster Profile from WPA2 to open.  Wadayaknow, the Point connected!

My SE had to leave for another appointment.  Never being one to leave well-enough alone, I decided to try to make it work with WPA2.  This is what I did:

1. Changed the Mesh Cluster Profile settings to use WPA2 and put in a passphrase.
2. Hit "Apply", and got the expected response from the controller saying that the AP would need to be reprovisioned before they would see the change.
3. Hit "Save Configuration" and waited a few minutes to ensure that the changes propagated from the master controller to all local controllers.  (Master is at our District Office; I was working at a school site.)
4. Reprovisioned the Point first (running under the assumption that if I reprovisioned the Portal first, I would no longer be able to get to the Point, so I did the Point first).
5. Waited a few minutes for the Point to reboot.  As expected, I did not see it come back up.
6. Reprovisioned the Portal second.
7. Waited a few minutes for the Portal to come back up, which it did.

After the Portal came back up, though, the Point never showed up.  I ended up having to wipe its configuration again, change the Cluster profile back to open, and then bring the Point back up and provision it again.  It works this way, but I don't like having an unencrypted backhaul.

We have a similar setup at another school, but with AP-85s, and that one works great.  Considering that the AP-175 setup originally worked with encryption enabled, I'm wondering if it could be a distance factor?  The distance between the Portal and the Point is less than the length of a football field.  The other school's setup works over a distance *longer* than a football field.  Could there be something I missed?  Has anyone run into this before?

Thanks!

This is not distance related is the good news.

The bad news you ask?  It's an issue noted in the 6.1.2.x code.   

Back to the good news?  There is a fix planned.

How do I know this?   Ran into a similar issue a few weeks back when running 6.1.2.7 code.

In the meantime, if clients are all wireless on the 'far end' of the mesh they are already encrypted using WPA2.   If they are wired stations, they are, of course, unencrypted and it would be good to roll out the patch when available to remedy this issue.

---

@jfernyc wrote:

The bad news you ask?  It's an issue noted in the 6.1.2.x code.   

 

Back to the good news?  There is a fix planned.

---

Thanks, that's good to know.  I was beating my head against the wall over this one and finally gave up.

To your knowledge, is it only an issue with new deployments?  The other site that is working fine with AP-85s runs the same code.  The whole district is on 6.1.2.8.  Or is it specific to the AP-175?

Specific to AP-175 running that code stream (multiple patches affected) in WPA-2 PSK mode.   Open, as you found out, is not affected.

Sorry it chewed up some of your cycles...but glad your hair is somewhat in tact ;)

Looks like this was never fixed because I'm running code 6.4.2.12 with a 7010 controller and brand new AP-175s do not work with mesh encryption the same exact behavior is happening to me. This is frustrating because my project puts our mesh points at at sites which are outside our plant I can't have an open mesh network. 

Jason, can you send me the notes you have on the 175 issue with mesh and WPA2-PSK?

Was there ever a solution to this?  I am having the same problem with AP-275s controlled from a 7205, version 6.5.3.5.

I have one mesh point and one mesh portal in one AP Group and one mesh point and one mesh portal in another AP Group.  When in the office where I set them up, the points would connect to their portals using a mesh cluster profile setup with wpa2-psk-aes using an WPA passphrase.  But when these same APs were installed downtown, the only way I have found to get the points to connect to their portals is by using a mesh cluster profile set to opensystem.

Jason,

It would be beneficial to start a new thread on this, since the AP-175 and AP-275 are two different platforms, running different code. If you can also add your config, we can take a look to see what's not working.

 I can do that.  Just wanted to check to see if there was a solution to this thread since there doesn't appear to be one listed.