Well the original group was created just some day before I've created the new group. But when I tried to put back the gw to the original group (where my APs, and switches are stored) the issue came back, even the system vlan configuration was there now. So most probably I was wrong, not the system_vlan is the key here. There must be some error in my original group config.
I even tried to duplicate this group and move the gw there. Central created a new cluster, the AP was able to build up the tunnel, but the MAC Auth issue came back. After that I created again a new gw only group from scratch (with the same setup - I believe) and Tunneled SSID started to work as expected.
It would be nice to have a feature which compares the group configurations to see differences...
Original Message:
Sent: May 11, 2023 11:12 AM
From: tthompson
Subject: AOS 10 PSK SSID failure
How old was your original group you were using? The creation of a new group would also reset the radius proxy key values which is where we occasionally see issues with respect to passing the authentication request up to the gateway.
System ID can be set to a different VLAN but normally 4087 sticks around because you use it at the group level to get initially established with Central, then you can override it at the device specific level to map it onto the VLAN you use for LAN access for instance.
Original Message:
Sent: May 10, 2023 07:22 AM
From: gabor.luky@arrow.com
Subject: AOS 10 PSK SSID failure
I believe I found the root cause of my(!) issue in the gateway configuration. For some reason I've deleted the autoreacted system_vlan (4087) and created another vlan for system IP purpose in the standard vlan range (1-4000), but it seems this special vlan need to exist on the device. Even my AP was able to build up the tunnel to my gateway, the clients were failing with MAC auth error. After I've created a new group, move there my GW, and didn't touched the autocreated system_vlan the clients were able to connect. So it seems the autoreacted system_Vlan has a special role in the gw configuration and it is better not to touch it :)
Original Message:
Sent: May 10, 2023 03:09 AM
From: gabor.luky@arrow.com
Subject: AOS 10 PSK SSID failure
Hi FreddyG,
I see the exact same issue with my test setup. I am already on realease 10.4.0.1. Were you able to solve this issue? Or is this a sw bug?
Original Message:
Sent: Mar 16, 2023 12:03 PM
From: FreddyG
Subject: AOS 10 PSK SSID failure
I totally agree with you; BUT if the tunneled SSID with PSK authentication is the only configuration which is done (by wizzard), than there isn't much to review.
------------------------------
Frederik
Original Message:
Sent: Mar 16, 2023 05:50 AM
From: Joyce1412
Subject: AOS 10 PSK SSID failure
It is possible that there is a misconfiguration or a bug causing the issue with the tunneled PSK SSID on AOS10. Without more information, it is difficult to determine the exact cause of the problem. You may need to review the configuration settings and troubleshoot the issue further to identify the root cause.
Original Message:
Sent: Jan 25, 2023 09:48 AM
From: FreddyG
Subject: AOS 10 PSK SSID failure
Hi community,
I ran into a strange issue with AOS10 (10.3.1.3) and a tunneled PSK SSID. When I connect a client to the SSID it gets the message that the PSK is not correct. At the client page in Central the failure is: MAC Auth failed - but there is no MAC Auth configured on the SSID profile.
I'm not quite sure if I am doing something wrong (config) or it is a bug.
------------------------------
Frederik
------------------------------