Wireless Access

last person joined: 2 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Neato D7 problems to access the wireless network

  • 1.  Neato D7 problems to access the wireless network

    Posted Dec 25, 2018 11:00 AM

    Hi, I hae just gotten a Neato D7 Connected robovacuum and it does not connect properly. The process is to use an app to connect to the neato, then supply wifi information and the neato does the rest. However, the neato fails to connect.

     

    This is the log from the AP 315:

     

    Dec 25 12:11:23 ap-espoo-01.mintsecurity.fi Dec 25 12:11:23 2018 192.168.30.11 cli[3948]: <541004> <WARN> <192.168.30.11 24:F2:7F:C2:72:E4> recv_sta_offline: receive station msg, mac-40:bd:32:75:ce:25 bssid-24:f2:7f:a7:2e:40 essid-trespassers-will-be-shot.
    Dec 25 12:11:23 ap-espoo-01.mintsecurity.fi Dec 25 12:11:23 2018 192.168.30.11 stm[3974]: <501105> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> Deauth from sta: 40:bd:32:75:ce:25: AP 192.168.30.11-24:f2:7f:a7:2e:40-ap-espoo-01 Reason Unspecified Failure
    Dec 25 12:10:53 ap-espoo-01.mintsecurity.fi Dec 25 12:10:53 2018 192.168.30.11 stm[3974]: <501199> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> User authenticated, mac-40:bd:32:75:ce:25, username-, IP-192.168.1.181, method-Unknown auth type, role-trespassers-will-be-shot
    Dec 25 12:10:53 ap-espoo-01.mintsecurity.fi Dec 25 12:10:53 2018 192.168.30.11 stm[3974]: <501216> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> rap_bridge_user_handler 14443: user entry created for 192.168.1.181-40:bd:32:75:ce:25
    Dec 25 12:10:52 ap-espoo-01.mintsecurity.fi Dec 25 12:10:52 2018 192.168.30.11 sapd[3956]: <326278> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> |ap| AM: STA 40:bd:32:75:ce:25 Authenticated with AP 24:f2:7f:a7:2e:40
    Dec 25 12:10:52 ap-espoo-01.mintsecurity.fi Dec 25 12:10:52 2018 192.168.30.11 sapd[3956]: <127065> <WARN> <192.168.30.11 24:F2:7F:C2:72:E4> |ids-ap| AP(24:f2:7f:a7:2e:40): Valid Client Not Using Encryption: An AP detected an unencrypted frame between a valid client (40:bd:32:75:ce:25) and access point (BSSID 24:f2:7f:a7:2e:40), with source 40:bd:32:75:ce:25 and receiver ff:ff:ff:ff:ff:ff. SNR value is 40.
    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 sapd[3956]: <404400> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> AM:SM: Spectrum: new Wi-Fi device found = 40:bd:32:75:ce:25 SSID = trespassers-will-be-shot BSSID 24:f2:7f:a7:2e:40 DEVICE ID 31
    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 sapd[3956]: <326271> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> |ap| AM: New Node Detected Node = 40:bd:32:75:ce:25 SSID = trespassers-will-be-shot BSSID 24:f2:7f:a7:2e:40
    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 cli[3948]: <541004> <WARN> <192.168.30.11 24:F2:7F:C2:72:E4> recv_stm_sta_update: receive station msg, mac-40:bd:32:75:ce:25 bssid-24:f2:7f:a7:2e:40 essid-trespassers-will-be-shot.
    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 cli[3948]: <541036> <INFO> <192.168.30.11 24:F2:7F:C2:72:E4> send_stm_sta_state: send idle timeout, sta 40:bd:32:75:ce:25 , idle time-36000.
    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501201> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> stm_derive_user_vlan_and_role_by_mac_oui_on_assoc_req775: mac-40:bd:32:75:ce:25, role-trespassers-will-be-shot, intercept-0
    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501100> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> Assoc success @ 12:10:50.328182: 40:bd:32:75:ce:25: AP 192.168.30.11-24:f2:7f:a7:2e:40-ap-espoo-01
    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501100> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> Assoc success @ 12:10:50.327994: 40:bd:32:75:ce:25: AP 192.168.30.11-24:f2:7f:a7:2e:40-ap-espoo-01
    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 cli[3948]: <541032> <INFO> <192.168.30.11 24:F2:7F:C2:72:E4> recv_sta_online: allocate accounting session id, user-40:bd:32:75:ce:25 id-1545732649.
    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 cli[3948]: <541013> <WARN> <192.168.30.11 24:F2:7F:C2:72:E4> recv_sta_online,1185: add client 40:bd:32:75:ce:25, client count 19.
    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 cli[3948]: <541004> <WARN> <192.168.30.11 24:F2:7F:C2:72:E4> recv_sta_online: receive station msg, mac-40:bd:32:75:ce:25 bssid-24:f2:7f:a7:2e:40 essid-trespassers-will-be-shot.
    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501218> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> stm_sta_assign_vlan 18455: VLAN: sta 40:bd:32:75:ce:25, STM assigns MAC based vlan_id 5
    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501095> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> Assoc request @ 12:10:50.327276: 40:bd:32:75:ce:25 (SN 32): AP 192.168.30.11-24:f2:7f:a7:2e:40-ap-espoo-01
    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501095> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> Assoc request @ 12:10:50.327088: 40:bd:32:75:ce:25 (SN 32): AP 192.168.30.11-24:f2:7f:a7:2e:40-ap-espoo-01
    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501093> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> Auth success: 40:bd:32:75:ce:25: AP 192.168.30.11-24:f2:7f:a7:2e:40-ap-espoo-01

     

    I have also had a look at my firewall and it seems that the neato does do some UDP:53 and UDP:123 to the firewall and that is all. But in the end, we have a deauth with unspecified failure. 

     

    I did find a similar thread which suggested to disable some roaming features - well I've never had those turned on anyway, and still have not the gotten the 'r' option turned on.

     

    Any specific features I should turn on or off to get this working, and any ideas on how to continue the debug process?

     

     

     

     



  • 2.  RE: Neato D7 problems to access the wireless network

    Posted Dec 29, 2018 04:16 AM

    Just some tips on which of the many setting I could even start to try out here?



  • 3.  RE: Neato D7 problems to access the wireless network

    Posted Dec 29, 2018 07:01 AM

    Please excuse me in advance, because the logs do not have much information.

     

    Are you using WPA2-PSK?

    Does the device obtain an ip address?

    Can you ping the device and does it stay connected to the network before you try to use the app?

    What is your SSID configuration?



  • 4.  RE: Neato D7 problems to access the wireless network

    Posted Dec 29, 2018 10:21 AM

    Are you using WPA2-PSK?

    --> Yes. WPA2-Personal

     

    Does the device obtain an ip address?

    --> Yes.

     

    Can you ping the device and does it stay connected to the network before you try to use the app?

    --> It works like this. Neato creates its own wifinetwork, you connect to this using the app, and using the app you define the local wifi you wan't it to connect to. So to get the process going, you need the app. I have not tried to ping the device, but I assume tha answer is "yes" (until deauth).

     

    What is your SSID configuration?

    asd1.PNGasd2.PNGasd3.PNGasd4.PNG

     

     



  • 5.  RE: Neato D7 problems to access the wireless network

    Posted Dec 29, 2018 10:39 AM

    Then there is this:

    https://support.neatorobotics.com/hc/en-us/articles/225370947-What-are-the-System-Requirements-for-using-Botvac-Connected-with-the-Neato-app-

     

    ---

    1. Internet connection required
      • An Internet connection is required to run the robot in connected mode
      • An Internet connection is required to use the Neato app.
      • Basic internet connection speeds (56kbsp and higher)
    2. Router / Extenders
      • Neato Botvac Connected Series robots ONLY support 2.4GHz Wi-Fi networks.  The Neato app automatically shows you only 2.4GHz wireless networks when you setup up your robot.

     

    1. Network Security
      • WPA and WPA2 using TKIP, PSK, AES/CCMP encryption.
      • WEP EAP (Enterprise Authentication Protocol) are not supported.
    2. Wi-Fi Channels
      • The FCC requires all wireless devices in the US to operate on wireless spectrum channels 1-11.
      • Countries outside of North America can use spectrum channels above channel 11. Please refer to your local regulatory agency to determine what channels are accessible.
      • A future robot software release will support access to channels above 11 to users outside of North America.  Until then, please use channels 1-11.
      • Please check www.NeatoRobotics.com/support for software updates.


  • 6.  RE: Neato D7 problems to access the wireless network

    Posted Dec 29, 2018 05:30 PM

    Do you have a VLAN 5 trunked to that access point?

    Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501218> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> stm_sta_assign_vlan 18455: VLAN: sta 40:bd:32:75:ce:25, STM assigns MAC based vlan_id 5

     

     



  • 7.  RE: Neato D7 problems to access the wireless network

    Posted Dec 29, 2018 05:51 PM

    This is how the wire going from my switch to the AP's is configured:

    - VLAN 5 is tagged on my switch and used for my office WLAN (where the neato is supposed to be connected)

    - VLAN X is tagged on my switch and used for my guest WLAN

    - VLAN Y is untagged nd used as my management network for the AP's themselves, the virtual controller and also for my management WLAN

     

    The SSID using VLAN5 works just fine for a bunch devices: monitors, tv's, chromecasts, laptops, phones, tablets, thermostats and whatnot.

     

    IIRC this does not equal trunking in the HP world (https://www.techieshelp.com/configuring-trunk-ports-on-the-hp-procurve/) - trunking involves grouping several physical ports/cables to one for superior bandwidth. In my case, there is one cable going to each AP and my VLAN's are tagged/untagged in that single cable.

     



  • 8.  RE: Neato D7 problems to access the wireless network

    Posted Dec 29, 2018 08:40 PM

    Got it.

     

    It looks like the client gets an ip address and everything.  Typically if there is something wrong with the wifi configuration, the client will not get an ip address until you change a parameter.  It seems like this client does get an ip address and then sends a deauth 30 seconds later:

     

    Dec 25 12:11:23 ap-espoo-01.mintsecurity.fi Dec 25 12:11:23 2018 192.168.30.11 stm[3974]: <501105> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> Deauth from sta: 40:bd:32:75:ce:25: AP 192.168.30.11-24:f2:7f:a7:2e:40-ap-espoo-01 Reason Unspecified Failure
    Dec 25 12:10:53 ap-espoo-01.mintsecurity.fi Dec 25 12:10:53 2018 192.168.30.11 stm[3974]: <501199> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> User authenticated, mac-40:bd:32:75:ce:25, username-, IP-192.168.1.181, method-Unknown auth type, role-trespassers-will-be-shot

     

     

    That is unless you have restrictions in the trespassers-will-be-shot role.



  • 9.  RE: Neato D7 problems to access the wireless network

    Posted Dec 30, 2018 04:08 PM

    Is there any way to find out what happens in those 30 seconds - and what may be the root cause of the "Unspecified Failure"?



  • 10.  RE: Neato D7 problems to access the wireless network

    Posted Dec 30, 2018 04:24 PM

    The unspecified failure means that the device disassociates and does not state a reason code.

     

    You can also mirror the ethernet port of the Instant AP on the switch and do a packet capture on it  with wireshark to see what traffic the device is sending decrypted.  You can also do a packet dump to see what traffic the device is sending:  https://community.arubanetworks.com/t5/Controller-less-WLANs/What-are-tools-available-in-Instant-AP-to-troubleshoot-DHCP/ta-p/182956



  • 11.  RE: Neato D7 problems to access the wireless network

    Posted Dec 30, 2018 04:31 PM

    Wild guess:

     

    You have the latest (4.4.0-72) firmware on the D7?

     

    WIth earlier releases I wasn´t able to manually control it when my smartphone was on 5GHz while te Robot was on 2.4.

    With the latest release, the D7 is on 5GHz.

     

    Christian



  • 12.  RE: Neato D7 problems to access the wireless network

    Posted Dec 30, 2018 04:41 PM

    There's a catch-22 here: I can't update nor check the version because I can't connect to it using the app....

     

    Perhaps I must use a spare non-aruba ap to verify this also.



  • 13.  RE: Neato D7 problems to access the wireless network

    Posted Dec 30, 2018 04:49 PM

    I see ;-)

     

    Have you tried to make yoru SSID 2.4GHz only?

     

    https://support.neatorobotics.com/hc/en-us/articles/225539368-What-Wi-Fi-networks-does-my-Robot-Support-

     

    Christian



  • 14.  RE: Neato D7 problems to access the wireless network

    Posted Jan 01, 2019 12:35 PM

    Assuming my assumption is correct, I did this and no change in how this works (does not work).



  • 15.  RE: Neato D7 problems to access the wireless network

    Posted Jan 01, 2019 05:18 AM

    What is the correct way of setting a SSID to 2.4G only? Setting the band to 2.4G in advanced settings and that should take care of it?