Security

last person joined: 18 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

WPA2-PSK Auth Issues - EAPoL Key Exchange Doesn't Complete

This thread has been viewed 19 times

  • 1.  WPA2-PSK Auth Issues - EAPoL Key Exchange Doesn't Complete

    MVP
    Posted Sep 12, 2019 11:58 AM

    Hi all,

     

    Trying to troubleshoot a device not authenticating to our WPA2-AES-PSK wireless network. During the authentication the EAPoL key exchange gets half way through (Key 1 and 2) and then just stops. I'm trying to confirm, does Key 2 (from the device to the AP) include the passphrase for the network? That would be the only place that makes sense for it to be included. Assuming that's true, does that possibly indicate an invalid password?

    Image-001-[2019-09-12].png



  • 2.  RE: WPA2-PSK Auth Issues - EAPoL Key Exchange Doesn't Complete

    EMPLOYEE
    Posted Sep 12, 2019 12:04 PM

    show auth-tracebuf mac <mac address of client> is your friend in this circumstance.

     

    In the  log, there would be a key decryption error if the PSK is wrong.



  • 3.  RE: WPA2-PSK Auth Issues - EAPoL Key Exchange Doesn't Complete

    MVP
    Posted Sep 12, 2019 12:05 PM

    Great idea, completely forgot about that, here's the output:

     

    Sep 12 10:10:37 station-up * 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - - wpa2 psk aes
    Sep 12 10:10:37 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
    Sep 12 10:10:37 wpa2-key2 -> 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117 mic failure
    Sep 12 10:10:39 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
    Sep 12 10:10:39 wpa2-key2 -> 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117 mic failure
    Sep 12 10:10:42 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
    Sep 12 10:10:42 wpa2-key2 -> 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117 mic failure
    Sep 12 10:10:46 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
    Sep 12 10:10:46 wpa2-key2 -> 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117 mic failure
    Sep 12 10:10:49 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
    Sep 12 10:10:49 wpa2-key2 -> 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117 mic failure
    Sep 12 10:10:52 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
    Sep 12 10:10:52 wpa2-key2 -> 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117 mic failure
    Sep 12 10:10:55 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
    Sep 12 10:10:55 wpa2-key2 -> 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117 mic failure
    Sep 12 10:10:58 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
    Sep 12 10:11:01 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
    Sep 12 10:11:04 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
    Sep 12 10:11:07 station-down * 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - -

    (C-1-SB) #



  • 4.  RE: WPA2-PSK Auth Issues - EAPoL Key Exchange Doesn't Complete
    Best Answer

    MVP
    Posted Sep 13, 2019 09:18 AM

    Through further troubleshooting of the device, confirmed the device only supports up to a 63 character passphrase, however, our network is configured as a 64 character hex key. The 64th character was not being accepted, so the passphrase provided by the device was invalid for the network. 

     

    Thanks for the help.