Cloud Managed Networks

 View Only
last person joined: 3 days ago 

Forum to discuss all things related to HPE Aruba Networking Central and UXI Network Management, including deployment of managed networks, configuration, best practices, APIs, Cloud Guest, AIOps, Presence Analytics, and other included Applications
Expand all | Collapse all

AOS 10 PSK SSID failure

This thread has been viewed 73 times
  • 1.  AOS 10 PSK SSID failure

    Posted Jan 25, 2023 09:48 AM

    Hi community,

    I ran into a strange issue with AOS10 (10.3.1.3) and a tunneled PSK SSID. When I connect a client to the SSID it gets the message that the PSK is not correct. At the client page in Central the failure is: MAC Auth failed - but there is no MAC Auth configured on the SSID profile.

    I'm not quite sure if I am doing something wrong (config) or it is a bug.




    ------------------------------
    Frederik
    ------------------------------


  • 2.  RE: AOS 10 PSK SSID failure

    EMPLOYEE
    Posted Jan 25, 2023 05:32 PM
    i think the next recommended version i.e 10.4 will address this.

    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: AOS 10 PSK SSID failure

    Posted Mar 14, 2023 03:57 PM

    Hi, i upgrade my lab form 10.3.1.4 to 10.4.0.0 and the issue persists. Is there any work around? I've opened a TAC case but thought if someone has fixed this they could share here as well .




  • 4.  RE: AOS 10 PSK SSID failure

    Posted Jan 26, 2023 02:44 AM
    side note: PSK Authentication in Bridge Mode is working fine!

    ------------------------------
    Frederik
    ------------------------------



  • 5.  RE: AOS 10 PSK SSID failure
    Best Answer

    EMPLOYEE
    Posted Jan 26, 2023 05:05 AM
    yes that error is only for the tunnel mode

    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 6.  RE: AOS 10 PSK SSID failure

    Posted Mar 16, 2023 09:22 AM

    It is possible that there is a misconfiguration or a bug causing the issue with the tunneled PSK SSID on AOS10. Without more information, it is difficult to determine the exact cause of the problem. You may need to review the configuration settings and troubleshoot the issue further to identify the root cause.    home bargains staff portal




  • 7.  RE: AOS 10 PSK SSID failure

    Posted Mar 16, 2023 12:04 PM

    I totally agree with you; BUT if the tunneled SSID with PSK authentication is the only configuration which is done (by wizzard), than there isn't much to review. 



    ------------------------------
    Frederik
    ------------------------------



  • 8.  RE: AOS 10 PSK SSID failure

    Posted May 10, 2023 03:09 AM

    Hi FreddyG,
    I see the exact same issue with my test setup. I am already on realease 10.4.0.1. Were you able to solve this issue? Or is this a sw bug?




  • 9.  RE: AOS 10 PSK SSID failure

    Posted May 10, 2023 07:23 AM

    I believe I found the root cause of my(!) issue in the gateway configuration. For some reason I've deleted the autoreacted system_vlan (4087) and created another vlan for system IP purpose in the standard vlan range (1-4000), but it seems this special vlan need to exist on the device. Even my AP was able to build up the tunnel to my gateway, the clients were failing with MAC auth error. After I've created a new group, move there my GW, and didn't touched the autocreated system_vlan the clients were able to connect. So it seems the autoreacted system_Vlan has a special role in the gw configuration and it is better not to touch it :)




  • 10.  RE: AOS 10 PSK SSID failure

    EMPLOYEE
    Posted May 11, 2023 11:12 AM

    How old was your original group you were using?  The creation of a new group would also reset the radius proxy key values which is where we occasionally see issues with respect to passing the authentication request up to the gateway. 

    System ID can be set to a different VLAN but normally 4087 sticks around because you use it at the group level to get initially established with Central, then you can override it at the device specific level to map it onto the VLAN you use for LAN access for instance.   




  • 11.  RE: AOS 10 PSK SSID failure

    Posted May 12, 2023 03:45 AM

    Well the original group was created just some day before I've created the new group. But when I tried to put back the gw to the original group (where my APs, and switches are stored) the issue came back, even the system vlan configuration was there now. So most probably I was wrong, not the system_vlan is the key here. There must be some error in my original group config.
    I even tried to duplicate this group and move the gw there. Central created a new cluster, the AP was able to build up the tunnel, but the MAC Auth issue came back. After that I created again a new gw only group from scratch (with the same setup - I believe) and Tunneled SSID started to work as expected. 
    It would be nice to have a feature which compares the group configurations to see differences...