Security

Reply
MVP Expert

WPA2-PSK Auth Issues - EAPoL Key Exchange Doesn't Complete

Hi all,

 

Trying to troubleshoot a device not authenticating to our WPA2-AES-PSK wireless network. During the authentication the EAPoL key exchange gets half way through (Key 1 and 2) and then just stops. I'm trying to confirm, does Key 2 (from the device to the AP) include the passphrase for the network? That would be the only place that makes sense for it to be included. Assuming that's true, does that possibly indicate an invalid password?

Image-001-[2019-09-12].png



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Highlighted
Guru Elite

Re: WPA2-PSK Auth Issues - EAPoL Key Exchange Doesn't Complete

show auth-tracebuf mac <mac address of client> is your friend in this circumstance.

 

In the  log, there would be a key decryption error if the PSK is wrong.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
MVP Expert

Re: WPA2-PSK Auth Issues - EAPoL Key Exchange Doesn't Complete

Great idea, completely forgot about that, here's the output:

 

Sep 12 10:10:37 station-up * 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - - wpa2 psk aes
Sep 12 10:10:37 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
Sep 12 10:10:37 wpa2-key2 -> 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117 mic failure
Sep 12 10:10:39 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
Sep 12 10:10:39 wpa2-key2 -> 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117 mic failure
Sep 12 10:10:42 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
Sep 12 10:10:42 wpa2-key2 -> 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117 mic failure
Sep 12 10:10:46 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
Sep 12 10:10:46 wpa2-key2 -> 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117 mic failure
Sep 12 10:10:49 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
Sep 12 10:10:49 wpa2-key2 -> 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117 mic failure
Sep 12 10:10:52 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
Sep 12 10:10:52 wpa2-key2 -> 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117 mic failure
Sep 12 10:10:55 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
Sep 12 10:10:55 wpa2-key2 -> 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117 mic failure
Sep 12 10:10:58 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
Sep 12 10:11:01 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
Sep 12 10:11:04 wpa2-key1 <- 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - 117
Sep 12 10:11:07 station-down * 00:23:68:bb:01:eb 00:1a:1e:66:81:53 - -

(C-1-SB) #



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
MVP Expert

Re: WPA2-PSK Auth Issues - EAPoL Key Exchange Doesn't Complete

Through further troubleshooting of the device, confirmed the device only supports up to a 63 character passphrase, however, our network is configured as a 64 character hex key. The 64th character was not being accepted, so the passphrase provided by the device was invalid for the network. 

 

Thanks for the help.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: