Controllerless Networks

 View Only
last person joined: yesterday 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

IAP Firmwareupgrade 8.6.0.9_79813 to 8.9.x no connection

This thread has been viewed 36 times
  • 1.  IAP Firmwareupgrade 8.6.0.9_79813 to 8.9.x no connection

    Posted Apr 11, 2022 10:45 AM
    Hi,

    since we have done an firmware upgrade from 8.6.0.9_79813  to 8.9.x we get an connection error on our zebra handhelds MC92N0 (Win Embedded Handheld 6.5). We have setup up an WP2-Enterprise wireless network. We have an local user on the IAP for authencation. No certification is necessary.

    Any ideas why no connection is possible. A connection with another device is possible.

    Thanks.

    Martin


    ------------------------------
    Martin Ostermeier
    Auer Baustoffe GmbH & Co. KG
    Erding
    ------------------------------


  • 2.  RE: IAP Firmwareupgrade 8.6.0.9_79813 to 8.9.x no connection

    MVP EXPERT
    Posted Apr 12, 2022 04:04 AM
    What is the connection error? Has your WLAN settings changed during the upgrade?

    ------------------------------
    Craig Syme
    ------------------------------



  • 3.  RE: IAP Firmwareupgrade 8.6.0.9_79813 to 8.9.x no connection

    Posted Apr 12, 2022 04:16 AM
    Hi, we change nothing. We get also the error when we goto to the next firmware for example 8.6.0.14_81691. 

    Here some logs.

    Apr 12 08:10:20  rad-resp              <-  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0/InternalServer  88  -    
    Apr 12 08:10:20  eap-req               <-  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0                 2   6    
    Apr 12 08:10:20  eap-resp              ->  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0                 2   114  
    Apr 12 08:10:20  rad-req               ->  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0/InternalServer  89  331  10.201.1.113
    Apr 12 08:10:20  rad-reject            <-  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0/InternalServer  89  -    
    Apr 12 08:10:21  eap-failure           <-  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0                 2   4    server rejected
    Apr 12 08:10:22  station-up             *  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0                 -   -    wpa2 aes
    Apr 12 08:10:22  eap-id-req            <-  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0                 1   5    
    Apr 12 08:10:22  eap-id-resp           ->  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0                 1   14   lvserding
    Apr 12 08:10:22  rad-req               ->  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0                 90  213  10.201.1.113

    Apr 12 08:14:15   cli[5955]: <541004> <WARN> |AP 38:17:c3:c7:92:2c@10.201.1.113 cli|  recv_sta_online: receive station msg, mac-94:fb:29:0c:b8:7d bssid-38:17:c3:f9:22:c0 essid-35051LT timestamp-1649751255-963141.
    Apr 12 08:14:17   cli[5955]: <541003> <WARN> |AP 38:17:c3:c7:92:2c@10.201.1.113 cli|  Client 94:fb:29:0c:b8:7d is failed to authenticate, failure count is 43.
    Apr 12 08:14:17   cli[5955]: <541004> <WARN> |AP 38:17:c3:c7:92:2c@10.201.1.113 cli|  recv_sta_offline: receive station msg, mac-94:fb:29:0c:b8:7d bssid-38:17:c3:f9:22:c0 essid-35051LT timestamp-1649751257-405191.
    Apr 12 08:14:17   cli[5955]: <541004> <WARN> |AP 38:17:c3:c7:92:2c@10.201.1.113 cli|  recv_sta_offline: receive station msg, mac-94:fb:29:0c:b8:7d bssid-38:17:c3:f9:22:c0 essid-35051LT timestamp-1649751257-405535.
    Apr 12 08:14:18   cli[5955]: <541004> <WARN> |AP 38:17:c3:c7:92:2c@10.201.1.113 cli|  recv_sta_online: receive station msg, mac-94:fb:29:0c:b8:7d bssid-38:17:c3:f9:22:c0 essid-35051LT timestamp-1649751258-270015.
    Apr 12 08:14:19   cli[5955]: <541003> <WARN> |AP 38:17:c3:c7:92:2c@10.201.1.113 cli|  Client 94:fb:29:0c:b8:7d is failed to authenticate, failure count is 44.
    Apr 12 08:14:19   cli[5955]: <541004> <WARN> |AP 38:17:c3:c7:92:2c@10.201.1.113 cli|  recv_sta_offline: receive station msg, mac-94:fb:29:0c:b8:7d bssid-38:17:c3:f9:22:c0 essid-35051LT timestamp-1649751259-747170.
    Apr 12 08:14:19   cli[5955]: <541004> <WARN> |AP 38:17:c3:c7:92:2c@10.201.1.113 cli|  recv_sta_offline: receive station msg, mac-94:fb:29:0c:b8:7d bssid-38:17:c3:f9:22:c0 essid-35051LT timestamp-1649751259-747483.
    Apr 12 08:14:20   cli[5955]: <541004> <WARN> |AP 38:17:c3:c7:92:2c@10.201.1.113 cli|  recv_sta_online: receive station msg, mac-94:fb:29:0c:b8:7d bssid-38:17:c3:f9:22:c0 essid-35051LT timestamp-1649751260-485947.
    Apr 12 08:14:21   cli[5955]: <541003> <WARN> |AP 38:17:c3:c7:92:2c@10.201.1.113 cli|  Client 94:fb:29:0c:b8:7d is failed to authenticate, failure count is 45.
    Apr 12 08:14:21   cli[5955]: <541004> <WARN> |AP 38:17:c3:c7:92:2c@10.201.1.113 cli|  recv_sta_offline: receive station msg, mac-94:fb:29:0c:b8:7d bssid-38:17:c3:f9:22:c0 essid-35051LT timestamp-1649751261-847365.
    Apr 12 08:14:21   cli[5955]: <541004> <WARN> |AP 38:17:c3:c7:92:2c@10.201.1.113 cli|  recv_sta_offline: receive station msg, mac-94:fb:29:0c:b8:7d bssid-38:17:c3:f9:22:c0 essid-35051LT timestamp-1649751261-847740.
    Apr 12 08:14:22   cli[5955]: <541004> <WARN> |AP 38:17:c3:c7:92:2c@10.201.1.113 cli|  recv_sta_online: receive station msg, mac-94:fb:29:0c:b8:7d bssid-38:17:c3:f9:22:c0 essid-35051LT timestamp-1649751262-589727.
    Apr 12 08:14:24   cli[5955]: <541003> <WARN> |AP 38:17:c3:c7:92:2c@10.201.1.113 cli|  Client 94:fb:29:0c:b8:7d is failed to authenticate, failure count is 46.

    Client List
    -----------
    Name  IP Address  MAC Address        OS    ESSID    Access Point       Channel  Type  Role      IPv6 Address  Signal    Speed (mbps)
    ----  ----------  -----------        --    -----    ------------       -------  ----  ----      ------------  ------    ------------
          0.0.0.0     94:fb:29:0c:b8:7d  NOFP  35051LT  38:17:c3:c7:92:2c  1        GN    Deny All  --            46(good)  1(poor)
    Number of Clients   :1
    Info timestamp      :495413

    I don't know why Rolle is "Deny All"

    When we go back to version 8.6.0.9_79813 all works.

    ------------------------------
    Martin Ostermeier
    ------------------------------



  • 4.  RE: IAP Firmwareupgrade 8.6.0.9_79813 to 8.9.x no connection

    MVP EXPERT
    Posted Apr 12, 2022 04:27 AM
    Are you using the Internal DB for authentication as we can see this from the below logs and the client is being rejected by the server. 

    Apr 12 08:10:20  rad-req               ->  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0/InternalServer  89  331  10.201.1.113
    Apr 12 08:10:20  rad-reject            <-  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0/InternalServer  89  -    
    Apr 12 08:10:21  eap-failure           <-  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0                 2   4    server rejected

    Have you reviewed your configuration to ensure nothing has changed? Maybe provide some more information on your configuration?

    ------------------------------
    Craig Syme
    ------------------------------



  • 5.  RE: IAP Firmwareupgrade 8.6.0.9_79813 to 8.9.x no connection

    Posted Apr 12, 2022 04:37 AM
    Here some screens.





    show ap debug mgmt-frames
    
    Traced 802.11 Management Frames
    -------------------------------
    Timestamp            stype       SA                 DA                 BSS                signal  Misc
    ---------            -----       --                 --                 ---                ------  ----
    Apr 12 08:39:04.505  deauth      94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0  38:17:c3:f9:22:c0  49      Unspecified Failure (seq num 1546)
    Apr 12 08:39:03.134  assoc-resp  38:17:c3:f9:22:c0  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0  15      Success
    Apr 12 08:39:03.134  assoc-req   94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0  38:17:c3:f9:22:c0  52      -
    Apr 12 08:39:03.131  auth        38:17:c3:f9:22:c0  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0  15      Success (seq num 0)
    Apr 12 08:39:03.131  auth        94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0  38:17:c3:f9:22:c0  95      -
    Apr 12 08:39:02.394  deauth      94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0  38:17:c3:f9:22:c0  49      Unspecified Failure (seq num 1504)
    Apr 12 08:39:01.028  assoc-resp  38:17:c3:f9:22:c0  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0  15      Success
    Apr 12 08:39:01.028  assoc-req   94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0  38:17:c3:f9:22:c0  52      -
    Apr 12 08:39:01.025  auth        38:17:c3:f9:22:c0  94:fb:29:0c:b8:7d  38:17:c3:f9:22:c0  15      Success (seq num 0)


    When we downgrade the firmware is works. Nothing has changed.

    ------------------------------
    Martin Ostermeier
    ------------------------------



  • 6.  RE: IAP Firmwareupgrade 8.6.0.9_79813 to 8.9.x no connection

    MVP EXPERT
    Posted Apr 12, 2022 04:58 AM
    Are you using the self-signed cert for authentication?

    ------------------------------
    Craig Syme
    ------------------------------



  • 7.  RE: IAP Firmwareupgrade 8.6.0.9_79813 to 8.9.x no connection

    Posted Apr 12, 2022 05:30 AM
    We use no cert for authentication. We only use username and password.

    ------------------------------
    Martin Ostermeier
    ------------------------------



  • 8.  RE: IAP Firmwareupgrade 8.6.0.9_79813 to 8.9.x no connection

    EMPLOYEE
    Posted May 03, 2022 09:37 AM
    With WPA2 Enterprise there is always a certificate involved, which in your case may be the AP's default certificate. As I see a 'Server Rejected' you may try to see what happens if you re-create the user in the Internal database. I'm not aware of changes between 8.6 and 8.9, but there may be something. One other thing may be that may be is that legacy encryption has been deprecated between 8.6 and 8.9, but I don't know that by heart. I don't think the internal user database is widely used either, so you may be in a kind of niche scenario.

    If you only have a single user, you may consider changing to WPA-PSK as well (that is the same as most people use in their homes). It may be good to work with your Aruba partner/supplier to find a good design, or have investigated why WPA2 Enterprise does not work in this case.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------