I ran into a strange issue with AOS10 (10.3.1.3) and a tunneled PSK SSID. When I connect a client to the SSID it gets the message that the PSK is not correct. At the client page in Central the failure is: MAC Auth failed - but there is no MAC Auth configured on the SSID profile.
I'm not quite sure if I am doing something wrong (config) or it is a bug.
Hi, i upgrade my lab form 10.3.1.4 to 10.4.0.0 and the issue persists. Is there any work around? I've opened a TAC case but thought if someone has fixed this they could share here as well .
It is possible that there is a misconfiguration or a bug causing the issue with the tunneled PSK SSID on AOS10. Without more information, it is difficult to determine the exact cause of the problem. You may need to review the configuration settings and troubleshoot the issue further to identify the root cause. home bargains staff portal
I totally agree with you; BUT if the tunneled SSID with PSK authentication is the only configuration which is done (by wizzard), than there isn't much to review.
It is possible that there is a misconfiguration or a bug causing the issue with the tunneled PSK SSID on AOS10. Without more information, it is difficult to determine the exact cause of the problem. You may need to review the configuration settings and troubleshoot the issue further to identify the root cause.
Hi FreddyG,I see the exact same issue with my test setup. I am already on realease 10.4.0.1. Were you able to solve this issue? Or is this a sw bug?
I believe I found the root cause of my(!) issue in the gateway configuration. For some reason I've deleted the autoreacted system_vlan (4087) and created another vlan for system IP purpose in the standard vlan range (1-4000), but it seems this special vlan need to exist on the device. Even my AP was able to build up the tunnel to my gateway, the clients were failing with MAC auth error. After I've created a new group, move there my GW, and didn't touched the autocreated system_vlan the clients were able to connect. So it seems the autoreacted system_Vlan has a special role in the gw configuration and it is better not to touch it :)
How old was your original group you were using? The creation of a new group would also reset the radius proxy key values which is where we occasionally see issues with respect to passing the authentication request up to the gateway. System ID can be set to a different VLAN but normally 4087 sticks around because you use it at the group level to get initially established with Central, then you can override it at the device specific level to map it onto the VLAN you use for LAN access for instance.
Well the original group was created just some day before I've created the new group. But when I tried to put back the gw to the original group (where my APs, and switches are stored) the issue came back, even the system vlan configuration was there now. So most probably I was wrong, not the system_vlan is the key here. There must be some error in my original group config.I even tried to duplicate this group and move the gw there. Central created a new cluster, the AP was able to build up the tunnel, but the MAC Auth issue came back. After that I created again a new gw only group from scratch (with the same setup - I believe) and Tunneled SSID started to work as expected. It would be nice to have a feature which compares the group configurations to see differences...
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.