Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

802.1x failed after device wake up from sleep

This thread has been viewed 2 times

  • 1.  802.1x failed after device wake up from sleep

    Posted Sep 27, 2017 05:22 AM

    Hi Everyone,

     

    We are observing an issue on Aruba Instant deployment with a WPA2-Enterprise SSID (using EAP-SIM). The device is iPhone with configuration profile pre-installed.

     

    When the device first associate with the network, the authentication process went through smoothly.

    However, after the iPhone went to sleep mode (iOS normally will disconnect from Wi-Fi), user wakes the phone up to use, due to Auto-Join is on from the profile, the phone will attempt to connect back to the SSID, and never succeed.

     

    Managed to capture "show ap debug auth-trace-buf" log pertaining to the device:

     

    Sep 27 12:28:56  station-up             *  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -    wpa2 aes

    Sep 27 12:28:56  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

    Sep 27 12:29:58  station-up             *  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -    wpa2 aes

    Sep 27 12:29:58  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

    Sep 27 12:29:58  eap-id-resp           ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    56   <imsi>@wlan.mnc003.mcc

    Sep 27 12:29:58  rad-req               ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         87   299

    Sep 27 12:29:58  rad-resp              <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  87   -

    Sep 27 12:29:58  eap-req               <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         76   20

    Sep 27 12:29:58  eap-resp              ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         76   88

    Sep 27 12:29:58  rad-req               ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  66   351

    Sep 27 12:29:59  rad-resp              <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  66   -

    Sep 27 12:29:59  eap-req               <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         188  200

    Sep 27 12:29:59  eap-resp              ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         188  28

    Sep 27 12:29:59  rad-req               ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  85   291

    Sep 27 12:30:00  rad-accept            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  85   -

    Sep 27 12:30:00  eap-success           <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         248  4

    Sep 27 12:30:00  wpa2-key1             <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    117

    Sep 27 12:30:00  wpa2-key2             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    117

    Sep 27 12:30:00  wpa2-key3             <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    175

    Sep 27 12:30:00  wpa2-key4             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    95

    Sep 27 12:30:00  rad-acct-start        ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

    Sep 27 12:30:50  rad-acct-stop         ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

     

    At the last entry, the iPhone has already gone to sleep mode and disconnect from Wi-Fi.

     

    Below is log after iPhone awake from sleep and attempting to reconnect back to the SSID. The device stuck at sending eap-start, and does not respond with eap-id-resp after AP send eap-id-req.

     

    Sep 27 12:31:55  station-up             *  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -    wpa2 aes

    Sep 27 12:31:55  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

    Sep 27 12:32:01  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

    Sep 27 12:32:01  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

    Sep 27 12:32:06  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

    Sep 27 12:32:06  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

    Sep 27 12:32:11  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         2    5

    Sep 27 12:32:11  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

    Sep 27 12:32:11  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         2    5

    Sep 27 12:32:25  station-up             *  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -    wpa2 aes

    Sep 27 12:32:25  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

    Sep 27 12:32:29  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

    Sep 27 12:32:29  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

    Sep 27 12:32:34  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

    Sep 27 12:32:34  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

    Sep 27 12:32:40  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

    Sep 27 12:32:40  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         2    5

     

    The iAP is running on 6.5.2.0 with OKC, 802.11r/k/v all disabled.

     

    Appreciate if someone could help advise on this.

     

    Many thanks!



  • 2.  RE: 802.1x failed after device wake up from sleep
    Best Answer

    Posted Jul 25, 2018 06:00 AM

    Just to update on this, in case it might help someone facing the same issue. Apparently IAP firmware supports username string length up to 63 characters.Newer Instant firmware could extend the username length support for more than 63 characters.