Wireless Access

hi all,

One more question.

I have one SSID with WPA2auth and AES encryption enabledand auth server as AD [dont have CPPM].

Today i was trying to authenticate one legasy device [nokia 5800] with that SSID, but its saying EAP-peap authentication failed.

Is there anything to support legasy device with wpa2 -aes And also how can i troubleshoot why the client showing EAP-PEAP auth failed..

 

Turn on user-debugging for the client and then run "show auth-tracebuf mac
<CLIENT-MAC>"</CLIENT-MAC>

Since this device only supports b/g try the following:

- Make sure that all your lower basic rates are enabled

- Create a test SSID with the same aaa profile and disable "band steering" on the VAP 

Band steering is disabled, and all the lower rates is also enabled

 

[Edit]  here is the O/P

Feb 18 06:07:21  station-up             *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -  wpa2 aes
Feb 18 06:07:21  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:21  eap-start             ->  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:07:21  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:21  station-down           *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:07:32  station-up             *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -  wpa2 aes
Feb 18 06:07:32  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:32  eap-start             ->  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:07:32  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:32  station-down           *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:08:01  station-up             *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -  wpa2 aes
Feb 18 06:08:01  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:08:01  eap-start             ->  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:08:01  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:08:01  station-down           *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -

how to turn on user debug....
plz tell me

Logging level debugging user-debug <client-mac>

thanks Tim,

here is the O/P

Feb 18 06:07:21 station-up * 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - - wpa2 aes
Feb 18 06:07:21 eap-id-req <- 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 1 5
Feb 18 06:07:21 eap-start -> 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - -
Feb 18 06:07:21 eap-id-req <- 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 1 5
Feb 18 06:07:21 station-down * 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - -
Feb 18 06:07:32 station-up * 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - - wpa2 aes
Feb 18 06:07:32 eap-id-req <- 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 1 5
Feb 18 06:07:32 eap-start -> 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - -
Feb 18 06:07:32 eap-id-req <- 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 1 5
Feb 18 06:07:32 station-down * 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - -
Feb 18 06:08:01 station-up * 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - - wpa2 aes
Feb 18 06:08:01 eap-id-req <- 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 1 5
Feb 18 06:08:01 eap-start -> 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - -
Feb 18 06:08:01 eap-id-req <- 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 1 5
Feb 18 06:08:01 station-down * 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - -

Can that device connect to an open SSID ?

Yeah it able to connect Open network, Captive portal, PSK.

 

her eis the O/P of tracebuf

Feb 18 06:07:21  station-up             *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -  wpa2 aes
Feb 18 06:07:21  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:21  eap-start             ->  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:07:21  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:21  station-down           *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:07:32  station-up             *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -  wpa2 aes
Feb 18 06:07:32  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:32  eap-start             ->  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:07:32  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:32  station-down           *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:08:01  station-up             *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -  wpa2 aes
Feb 18 06:08:01  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:08:01  eap-start             ->  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:08:01  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:08:01  station-down           *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -

It looks like the client is not responding with its identity. Can you
confirm that this device supports WPA2-Enterprise?

Yes, its supports WPA2, It has the option to select WPA2-AES [MSCHAPv2]

Did you load the Radius Server's Server Certificate on the device?  https://www.lrz.de/services/netz/mobil/802_1x/eduroam_S60v5_en/

Yes its able to connect open n/w , captive portal, psk,

 

Here is the output of tracebuf

 

Feb 18 06:07:21  station-up             *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -  wpa2 aes
Feb 18 06:07:21  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:21  eap-start             ->  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:07:21  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:21  station-down           *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:07:32  station-up             *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -  wpa2 aes
Feb 18 06:07:32  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:32  eap-start             ->  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:07:32  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:32  station-down           *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:08:01  station-up             *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -  wpa2 aes
Feb 18 06:08:01  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:08:01  eap-start             ->  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:08:01  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:08:01  station-down           *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -

yes its able to connect with open, captive portal, psk.

 

here is the o/p of tracebuf

 

 

Auth Trace Buffer
-----------------

Feb 18 06:07:21 station-up * 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 - - wpa2 aes
Feb 18 06:07:21 eap-id-req <- 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 1 5
Feb 18 06:07:21 eap-start -> 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 - -
Feb 18 06:07:21 eap-id-req <- 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 1 5
Feb 18 06:07:21 station-down * 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 - -
Feb 18 06:07:32 station-up * 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 - - wpa2 aes
Feb 18 06:07:32 eap-id-req <- 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 1 5
Feb 18 06:07:32 eap-start -> 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 - -
Feb 18 06:07:32 eap-id-req <- 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 1 5
Feb 18 06:07:32 station-down * 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 - -
Feb 18 06:08:01 station-up * 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 - - wpa2 aes
Feb 18 06:08:01 eap-id-req <- 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 1 5
Feb 18 06:08:01 eap-start -> 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 - -
Feb 18 06:08:01 eap-id-req <- 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 1 5
Feb 18 06:08:01 station-down * 00:25:48:c0:1f:89 00:24:6c:b2:2d:c0 - -

 

yeah its able to connect to open, captive portal, psk N/W without issue..


here is the output of tracebuf.

Auth Trace Buffer
-----------------


Feb 18 06:07:21 station-up * 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - - wpa2 aes
Feb 18 06:07:21 eap-id-req <- 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 1 5
Feb 18 06:07:21 eap-start -> 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - -
Feb 18 06:07:21 eap-id-req <- 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 1 5
Feb 18 06:07:21 station-down * 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - -
Feb 18 06:07:32 station-up * 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - - wpa2 aes
Feb 18 06:07:32 eap-id-req <- 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 1 5
Feb 18 06:07:32 eap-start -> 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - -
Feb 18 06:07:32 eap-id-req <- 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 1 5
Feb 18 06:07:32 station-down * 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - -
Feb 18 06:08:01 station-up * 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - - wpa2 aes
Feb 18 06:08:01 eap-id-req <- 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 1 5
Feb 18 06:08:01 eap-start -> 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - -
Feb 18 06:08:01 eap-id-req <- 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 1 5
Feb 18 06:08:01 station-down * 00:25:48:c0:1f:89
00:24:6c:b2:2d:c0 - -



--
sent from my android.
Thanks

Yeah its able to connect Open , captive portal, psk .

 

here is the output of the tracebuf

 

Auth Trace Buffer
-----------------


Feb 18 06:07:21  station-up             *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -  wpa2 aes
Feb 18 06:07:21  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:21  eap-start             ->  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:07:21  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:21  station-down           *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:07:32  station-up             *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -  wpa2 aes
Feb 18 06:07:32  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:32  eap-start             ->  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:07:32  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:07:32  station-down           *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:08:01  station-up             *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -  wpa2 aes
Feb 18 06:08:01  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:08:01  eap-start             ->  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -
Feb 18 06:08:01  eap-id-req            <-  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  1  5
Feb 18 06:08:01  station-down           *  00:25:48:c0:1f:89  00:24:6c:b2:2d:c0  -  -