Wireless Access

Reply
New Contributor

Implementing 802.11r

Hello my friends, I need your help!

 

At work, we have a solution Aruba OS version 6.3. We are trying to perform some tests with 802.11r using a iPhone6 to perform the roaming process between the APs. Via the command line - show ap debug dot11r state ap-name, I got:

 

show ap debug dot11r state ap-name "AP-CPD-2-WLAN-TEST"

Stored R1 Keys
--------------
Station MAC  Mobility Domain ID  Validity Duration  R1 Key
-----------  ------------------  -----------------  ------
Stored R0 Key Holder ID
-----------------------
BSSID              R0 Key Holder ID
-----              ----------------
00:24::::  00:0b::::
00:24::::  00:0b::::
00:24::::  00:0b::::
00:24::::  00:0b::::
00:24::::  00:0b::::
00:24::::  00:0b::::
00:24::::  00:0b::::
00:24::::  00:0b::::

 I can not see the generated R1 key . What might be happening? Through the command line manual I could see some important information that supposedly the standard is set in the solution and the client supports it:

show ap active

Active AP Table
---------------
Name                  Group                      IP Address     11g Clients  11g Ch/EIRP/MaxEIRP  11a Clients  11a Ch/EIRP/MaxEIRP   AP Type  Flags  Uptime         Outer IP
----                  -----                      ----------     -----------  -------------------  -----------  -------------------   -------  -----  ------         --------
AP-CPD-1-01-REDES     CONTROLER 05 - ACCESS   172.30.250.11  4            AP:HT:11-/20/20      0            AP:HT:153-/19/19      125      Aar    1d:9h:21m:17s  N/A


Flags: 1 = 802.1x authenticated AP; 2 = Using IKE version 2;
       A = Enet1 in active/standby mode;  B = Battery Boost On; C = Cellular;
       D = Disconn. Extra Calls On; E = Wired AP enabled; F = AP failed 802.1x authentication;
       H = Hotspot Enabled; K = 802.11K Enabled; L = Client Balancing Enabled; M = Mesh;
       N = 802.11b protection disabled; P = PPPOE; R = Remote AP;
       S = AP connected as standby; X = Maintenance Mode;
       a = Reduce ARP packets in the air; d = Drop Mcast/Bcast On; u = Custom-Cert RAP;
       r = 802.11r Enabled

 

The flags below indicate that the client supports the standard.

 

show ap association client-mac XX:::::

Name bssid mac auth assoc aid l-int essid vlan-id tunnel-id phy assoc. time num assoc Flags Band steer moves (T/S) ---- ----- --- ---- ----- --- ----- ----- ------- --------- --- ----------- --------- ----- ---------------------- AP-CPD-1-01-Wlan 00:24:::: XX::::: y y 1 20 UNB 848 0x10252 a-HT-40sgi-1ss 21s 1 WRAB 89/75 Flags: A: Active, B: Band Steerable, H: Hotspot(802.11u) client, K: 802.11K client, R: 802.11R client, W: WMM client, w: 802.11w client

 

I could also check user authentication and re-association, but nothing to indicate that the 802.11r is working.

 

show auth-tracebuf mac 70:::::

Mar  3 18:22:49  station-down           *  70:::::  00:24:::::XX                                  -    -
Mar  3 18:22:56  rad-acct-stop         ->  70:::::  00:24:::::XX                                  -    -
Mar  3 18:22:56  station-up             *  70:::::  00:24:::::XX                                  -    -    wpa2 aes
Mar  3 18:22:56  station-term-start     *  70:::::  00:24:::::XX                                  848  -
Mar  3 18:22:57  client-finish         ->  70:::::  00:24:::::XX/802.1x-PROFILE-UNB-TESTE-RADIUS  -    -
Mar  3 18:22:57  server-finish         <-  70:::::  00:24:::::XX/802.1x-PROFILE-UNB-TESTE-RADIUS  -    61
Mar  3 18:22:57  server-finish-ack     ->  70:::::  00:24:::::XX/802.1x-PROFILE-UNB-TESTE-RADIUS  -    -
Mar  3 18:22:57  inner-eap-id-req      <-  70:::::  00:24:::::XX/802.1x-PROFILE-UNB-TESTE-RADIUS  -    35
Mar  3 18:22:57  inner-eap-id-resp     ->  70:::::  00:24:::::XX/802.1x-PROFILE-UNB-TESTE-RADIUS  -    -    viotti
Mar  3 18:22:57  eap-mschap-chlg       <-  70:::::  00:24:::::XX/802.1x-PROFILE-UNB-TESTE-RADIUS  -    67
Mar  3 18:22:57  eap-mschap-response   ->  70:::::  00:24:::::XX/802.1x-PROFILE-UNB-TESTE-RADIUS  8    49
Mar  3 18:22:57  mschap-request        ->  70:::::  00:24:::::XX/802.1x-PROFILE-UNB-TESTE-RADIUS  8    -    viotti
Mar  3 18:22:57  mschap-response       <-  70:::::  00:24:::::XX/RADIUS_UNB                       -    -    viotti
Mar  3 18:22:57  eap-mschap-success    <-  70:::::  00:24:::::XX/802.1x-PROFILE-UNB-TESTE-RADIUS  -    83
Mar  3 18:22:57  m-auth req             *  70:::::  00:24:::::XX                                  -    -
Mar  3 18:22:57  station-data-ready     *  70:::::  00:00:00:00:00:00                                  848  -
Mar  3 18:22:57  m-auth resp            *  70:::::  00:24:::::XX                                  -    -    failed
Mar  3 18:22:57  station-data-ready_ack *  70:::::  00:00:00:00:00:00                                  848  -
Mar  3 18:22:57  eap-mschap-success-ack->  70:::::  00:24:::::XX/802.1x-PROFILE-UNB-TESTE-RADIUS  -    -
Mar  3 18:22:57  eap-tlv-rslt-success  <-  70:::::  00:24:::::XX/802.1x-PROFILE-UNB-TESTE-RADIUS  -    43
Mar  3 18:22:57  eap-tlv-rslt-success  ->  70:::::  00:24:::::XX                                  -    2
Mar  3 18:22:57  eap-success           <-  70:::::  00:24:::::XX/802.1x-PROFILE-UNB-TESTE-RADIUS  -    4
Mar  3 18:22:57  wpa2-key1             <-  70:::::  00:24:::::XX                                  -    117
Mar  3 18:22:57  wpa2-key2             ->  70:::::  00:24:::::XX                                  -    240
Mar  3 18:22:57  wpa2-key3             <-  70:::::  00:24:::::XX                                  -    279
Mar  3 18:22:57  wpa2-key4             ->  70:::::  00:24:::::XX                                  -    95
Mar  3 18:22:58  rad-acct-start        ->  70:::::  00:24:::::XX                                  -    -

Mar  3 18:24:28  station-down           *  70:::::  00:24:::::XX  -    -
Mar  3 18:24:28  rad-acct-stop         ->  70:::::  00:24:::::XX  -    -
Mar  3 18:24:28  station-up             *  70:::::  00:24:::::YY  -    -  wpa2 aes
Mar  3 18:24:28  station-data-ready     *  70:::::  00:00:00:00:00:00  848  -
Mar  3 18:24:28  station-data-ready_ack *  70:::::  00:00:00:00:00:00  848  -

 

Can someone suggest me something?

 

Thanks .....

 

 

 

 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: