Wireless Access

Reply
Occasional Contributor II

RIM devices won't connect to WPA2-Enterprise network

This is driving me nuts.. I have a ticket open with RIM but they're taking forever. I was hoping someone here might be in the same boat:

 

I seem to have extreme amounts of difficulty getting blackberries and playbooks connected to my WPA2-Enterprise PEAP/MSCHAPv2 network. 

 

- Other clients work fine: OS X, Windows All, iPhone, iPad, iPod etc

- Some (read: few) blackberries work

- all 9790 blackberries I've tried do not work

- Multiple playbooks do not work

 

Anyone experience something similar?

Dave

Re: RIM devices won't connect to WPA2-Enterprise network

Can you do show auth-tracebuf <mac of bberry client> while you are attempting to connect one and post the results back here?

 

 

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Occasional Contributor II

Re: RIM devices won't connect to WPA2-Enterprise network

Sure. I'll have one in my possession this afternoon and will update.

 

Dave

Occasional Contributor II

Re: RIM devices won't connect to WPA2-Enterprise network

Here is a log with a few attempts.

 

 

This is what radius says:

 

Thu Mar 8 13:39:01 2012 : Auth: Login incorrect (TLS Alert read:fatal:unknown CA): [user1] (from client wn-wc-phy-211-a port 0 cli 806007212713)
Thu Mar 8 13:41:39 2012 : Auth: Login incorrect (TLS Alert read:fatal:unknown CA): [user1] (from client wn-wc-phy-211-a port 0 cli 806007212713)
Thu Mar 8 13:44:26 2012 : Auth: Login incorrect (TLS Alert read:fatal:unknown CA): [user1] (from client wn-wc-phy-211-a port 0 cli 806007212713)
Thu Mar 8 13:47:47 2012 : Auth: Login incorrect (TLS Alert read:fatal:unknown CA): [user1] (from client wn-wc-phy-211-a port 0 cli 806007212713)
Thu Mar 8 13:49:05 2012 : Auth: Login incorrect (TLS Alert read:fatal:unknown CA): [user1] (from client wn-wc-phy-211-a port 0 cli 806007212713)
Thu Mar 8 13:59:43 2012 : Auth: Login incorrect (TLS Alert read:fatal:unknown CA): [user1] (from client wn-wc-phy-211-a port 0 cli 806007212713)
Thu Mar 8 14:09:17 2012 : Auth: Login incorrect (TLS Alert read:fatal:unknown CA): [user1] (from client wn-wc-phy-211-a port 0 cli 806007212713)

 

 

 

ps. .txt really should be a valid attachmet extension.

 

Dave

Guru Elite

Re: RIM devices won't connect to WPA2-Enterprise network

Each RIM device comes with a client manager where you have to load the CA certificate of the WLAN in order for it to connect.  It doesn't seem to just skip or accept any CA server unless you upload it to the device.  Maybe they have evolved recently.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: RIM devices won't connect to WPA2-Enterprise network

Hi Colin,

 

I will try to do that and report back. It seems that only newer blackberries are problematic, which is strange. 

 

Anyways, I will let you know how it goes.

 

Thanks,

Dave

Guru Elite

Re: RIM devices won't connect to WPA2-Enterprise network


daveald wrote:

Hi Colin,

 

I will try to do that and report back. It seems that only newer blackberries are problematic, which is strange. 

 

Anyways, I will let you know how it goes.

 

Thanks,

Dave


Wow.  That does not make sense.  What is the "show auth-tracebuf mac <mac address of blackberry>" output?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: RIM devices won't connect to WPA2-Enterprise network

Hi Colin, 

 

There is a zip file up a few posts with a longer and properly spaced log. Here is an excerpt. This just repeats, and radius logs what I mentioned earlier...

 

Mar 8 14:11:14 eap-id-req <- 80:60:07:21:27:13 d8:c7:c8:17:09:2a 6 5
Mar 8 14:11:22 station-up * 80:60:07:21:27:13 d8:c7:c8:17:09:2a - - wpa2 aes
Mar 8 14:11:22 eap-id-req <- 80:60:07:21:27:13 d8:c7:c8:17:09:2a 6 5
Mar 8 14:11:22 eap-id-resp -> 80:60:07:21:27:13 d8:c7:c8:17:09:2a 6 26 user1
Mar 8 14:11:22 rad-req -> 80:60:07:21:27:13 d8:c7:c8:17:09:2a 65532 210
Mar 8 14:11:22 rad-resp <- 80:60:07:21:27:13 d8:c7:c8:17:09:2a/cn-aaa-mc 65532 64
Mar 8 14:11:22 eap-req <- 80:60:07:21:27:13 d8:c7:c8:17:09:2a 7 6
Mar 8 14:11:22 eap-resp -> 80:60:07:21:27:13 d8:c7:c8:17:09:2a 7 74
Mar 8 14:11:22 rad-req -> 80:60:07:21:27:13 d8:c7:c8:17:09:2a/cn-aaa-mc 65521 276
Mar 8 14:11:22 rad-resp <- 80:60:07:21:27:13 d8:c7:c8:17:09:2a/cn-aaa-mc 65521 1090
Mar 8 14:11:22 eap-req <- 80:60:07:21:27:13 d8:c7:c8:17:09:2a 8 1024
Mar 8 14:11:22 eap-resp -> 80:60:07:21:27:13 d8:c7:c8:17:09:2a 8 6
Mar 8 14:11:22 rad-req -> 80:60:07:21:27:13 d8:c7:c8:17:09:2a/cn-aaa-mc 113 208
Mar 8 14:11:22 rad-resp <- 80:60:07:21:27:13 d8:c7:c8:17:09:2a/cn-aaa-mc 113 1086
Mar 8 14:11:22 eap-req <- 80:60:07:21:27:13 d8:c7:c8:17:09:2a 9 1020
Mar 8 14:11:22 eap-resp -> 80:60:07:21:27:13 d8:c7:c8:17:09:2a 9 6
Mar 8 14:11:22 rad-req -> 80:60:07:21:27:13 d8:c7:c8:17:09:2a/cn-aaa-mc 5 208
Mar 8 14:11:22 rad-resp <- 80:60:07:21:27:13 d8:c7:c8:17:09:2a/cn-aaa-mc 5 646
Mar 8 14:11:22 eap-req <- 80:60:07:21:27:13 d8:c7:c8:17:09:2a 10 584
Mar 8 14:11:22 eap-resp -> 80:60:07:21:27:13 d8:c7:c8:17:09:2a 10 13
Mar 8 14:11:22 rad-req -> 80:60:07:21:27:13 d8:c7:c8:17:09:2a/cn-aaa-mc 108 215
Mar 8 14:11:22 rad-reject <- 80:60:07:21:27:13 d8:c7:c8:17:09:2a/cn-aaa-mc 108 44
Mar 8 14:11:22 eap-failure <- 80:60:07:21:27:13 d8:c7:c8:17:09:2a 10 4 server rejected
Mar 8 14:11:31 station-down * 80:60:07:21:27:13 d8:c7:c8:17:09:2a - -

Guru Elite

Re: RIM devices won't connect to WPA2-Enterprise network

It certainly is responding to the Radius Server's rejection...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba

Re: RIM devices won't connect to WPA2-Enterprise network

I use both a blackberry 9900 and playbook w/ v2.0 to connect to the Aruba corporate WPA2-Ent WLAN without any issues, as I recall it worked when I had it setup on a lab SSID as well.



| Adam Kennedy, Systems Engineer - adamk@hpe.com

| Service Providers – Aruba, an HPE Company

| Twitter: @adam8021x | Airheads: akennedy
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: