Wireless Access

Reply
Occasional Contributor I

Neato D7 problems to access the wireless network

Hi, I hae just gotten a Neato D7 Connected robovacuum and it does not connect properly. The process is to use an app to connect to the neato, then supply wifi information and the neato does the rest. However, the neato fails to connect.

 

This is the log from the AP 315:

 

Dec 25 12:11:23 ap-espoo-01.mintsecurity.fi Dec 25 12:11:23 2018 192.168.30.11 cli[3948]: <541004> <WARN> <192.168.30.11 24:F2:7F:C2:72:E4> recv_sta_offline: receive station msg, mac-40:bd:32:75:ce:25 bssid-24:f2:7f:a7:2e:40 essid-trespassers-will-be-shot.
Dec 25 12:11:23 ap-espoo-01.mintsecurity.fi Dec 25 12:11:23 2018 192.168.30.11 stm[3974]: <501105> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> Deauth from sta: 40:bd:32:75:ce:25: AP 192.168.30.11-24:f2:7f:a7:2e:40-ap-espoo-01 Reason Unspecified Failure
Dec 25 12:10:53 ap-espoo-01.mintsecurity.fi Dec 25 12:10:53 2018 192.168.30.11 stm[3974]: <501199> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> User authenticated, mac-40:bd:32:75:ce:25, username-, IP-192.168.1.181, method-Unknown auth type, role-trespassers-will-be-shot
Dec 25 12:10:53 ap-espoo-01.mintsecurity.fi Dec 25 12:10:53 2018 192.168.30.11 stm[3974]: <501216> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> rap_bridge_user_handler 14443: user entry created for 192.168.1.181-40:bd:32:75:ce:25
Dec 25 12:10:52 ap-espoo-01.mintsecurity.fi Dec 25 12:10:52 2018 192.168.30.11 sapd[3956]: <326278> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> |ap| AM: STA 40:bd:32:75:ce:25 Authenticated with AP 24:f2:7f:a7:2e:40
Dec 25 12:10:52 ap-espoo-01.mintsecurity.fi Dec 25 12:10:52 2018 192.168.30.11 sapd[3956]: <127065> <WARN> <192.168.30.11 24:F2:7F:C2:72:E4> |ids-ap| AP(24:f2:7f:a7:2e:40): Valid Client Not Using Encryption: An AP detected an unencrypted frame between a valid client (40:bd:32:75:ce:25) and access point (BSSID 24:f2:7f:a7:2e:40), with source 40:bd:32:75:ce:25 and receiver ff:ff:ff:ff:ff:ff. SNR value is 40.
Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 sapd[3956]: <404400> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> AM:SM: Spectrum: new Wi-Fi device found = 40:bd:32:75:ce:25 SSID = trespassers-will-be-shot BSSID 24:f2:7f:a7:2e:40 DEVICE ID 31
Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 sapd[3956]: <326271> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> |ap| AM: New Node Detected Node = 40:bd:32:75:ce:25 SSID = trespassers-will-be-shot BSSID 24:f2:7f:a7:2e:40
Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 cli[3948]: <541004> <WARN> <192.168.30.11 24:F2:7F:C2:72:E4> recv_stm_sta_update: receive station msg, mac-40:bd:32:75:ce:25 bssid-24:f2:7f:a7:2e:40 essid-trespassers-will-be-shot.
Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 cli[3948]: <541036> <INFO> <192.168.30.11 24:F2:7F:C2:72:E4> send_stm_sta_state: send idle timeout, sta 40:bd:32:75:ce:25 , idle time-36000.
Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501201> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> stm_derive_user_vlan_and_role_by_mac_oui_on_assoc_req775: mac-40:bd:32:75:ce:25, role-trespassers-will-be-shot, intercept-0
Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501100> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> Assoc success @ 12:10:50.328182: 40:bd:32:75:ce:25: AP 192.168.30.11-24:f2:7f:a7:2e:40-ap-espoo-01
Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501100> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> Assoc success @ 12:10:50.327994: 40:bd:32:75:ce:25: AP 192.168.30.11-24:f2:7f:a7:2e:40-ap-espoo-01
Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 cli[3948]: <541032> <INFO> <192.168.30.11 24:F2:7F:C2:72:E4> recv_sta_online: allocate accounting session id, user-40:bd:32:75:ce:25 id-1545732649.
Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 cli[3948]: <541013> <WARN> <192.168.30.11 24:F2:7F:C2:72:E4> recv_sta_online,1185: add client 40:bd:32:75:ce:25, client count 19.
Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 cli[3948]: <541004> <WARN> <192.168.30.11 24:F2:7F:C2:72:E4> recv_sta_online: receive station msg, mac-40:bd:32:75:ce:25 bssid-24:f2:7f:a7:2e:40 essid-trespassers-will-be-shot.
Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501218> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> stm_sta_assign_vlan 18455: VLAN: sta 40:bd:32:75:ce:25, STM assigns MAC based vlan_id 5
Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501095> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> Assoc request @ 12:10:50.327276: 40:bd:32:75:ce:25 (SN 32): AP 192.168.30.11-24:f2:7f:a7:2e:40-ap-espoo-01
Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501095> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> Assoc request @ 12:10:50.327088: 40:bd:32:75:ce:25 (SN 32): AP 192.168.30.11-24:f2:7f:a7:2e:40-ap-espoo-01
Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501093> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> Auth success: 40:bd:32:75:ce:25: AP 192.168.30.11-24:f2:7f:a7:2e:40-ap-espoo-01

 

I have also had a look at my firewall and it seems that the neato does do some UDP:53 and UDP:123 to the firewall and that is all. But in the end, we have a deauth with unspecified failure. 

 

I did find a similar thread which suggested to disable some roaming features - well I've never had those turned on anyway, and still have not the gotten the 'r' option turned on.

 

Any specific features I should turn on or off to get this working, and any ideas on how to continue the debug process?

 

 

 

 

---
https://www.mintsecurity.fi
Occasional Contributor I

Re: Neato D7 problems to access the wireless network

Just some tips on which of the many setting I could even start to try out here?

---
https://www.mintsecurity.fi
Highlighted
Guru Elite

Re: Neato D7 problems to access the wireless network

Please excuse me in advance, because the logs do not have much information.

 

Are you using WPA2-PSK?

Does the device obtain an ip address?

Can you ping the device and does it stay connected to the network before you try to use the app?

What is your SSID configuration?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor I

Re: Neato D7 problems to access the wireless network

Are you using WPA2-PSK?

--> Yes. WPA2-Personal

 

Does the device obtain an ip address?

--> Yes.

 

Can you ping the device and does it stay connected to the network before you try to use the app?

--> It works like this. Neato creates its own wifinetwork, you connect to this using the app, and using the app you define the local wifi you wan't it to connect to. So to get the process going, you need the app. I have not tried to ping the device, but I assume tha answer is "yes" (until deauth).

 

What is your SSID configuration?

asd1.PNGasd2.PNGasd3.PNGasd4.PNG

 

 

---
https://www.mintsecurity.fi
Occasional Contributor I

Re: Neato D7 problems to access the wireless network

Then there is this:

https://support.neatorobotics.com/hc/en-us/articles/225370947-What-are-the-System-Requirements-for-using-Botvac-Connected-with-the-Neato-app-

 

---

  1. Internet connection required
    • An Internet connection is required to run the robot in connected mode
    • An Internet connection is required to use the Neato app.
    • Basic internet connection speeds (56kbsp and higher)
  2. Router / Extenders
    • Neato Botvac Connected Series robots ONLY support 2.4GHz Wi-Fi networks.  The Neato app automatically shows you only 2.4GHz wireless networks when you setup up your robot.

 

  1. Network Security
    • WPA and WPA2 using TKIP, PSK, AES/CCMP encryption.
    • WEP EAP (Enterprise Authentication Protocol) are not supported.
  2. Wi-Fi Channels
    • The FCC requires all wireless devices in the US to operate on wireless spectrum channels 1-11.
    • Countries outside of North America can use spectrum channels above channel 11. Please refer to your local regulatory agency to determine what channels are accessible.
    • A future robot software release will support access to channels above 11 to users outside of North America.  Until then, please use channels 1-11.
    • Please check www.NeatoRobotics.com/support for software updates.
---
https://www.mintsecurity.fi
Guru Elite

Re: Neato D7 problems to access the wireless network

Do you have a VLAN 5 trunked to that access point?

Dec 25 12:10:50 ap-espoo-01.mintsecurity.fi Dec 25 12:10:50 2018 192.168.30.11 stm[3974]: <501218> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> stm_sta_assign_vlan 18455: VLAN: sta 40:bd:32:75:ce:25, STM assigns MAC based vlan_id 5

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor I

Re: Neato D7 problems to access the wireless network

This is how the wire going from my switch to the AP's is configured:

- VLAN 5 is tagged on my switch and used for my office WLAN (where the neato is supposed to be connected)

- VLAN X is tagged on my switch and used for my guest WLAN

- VLAN Y is untagged nd used as my management network for the AP's themselves, the virtual controller and also for my management WLAN

 

The SSID using VLAN5 works just fine for a bunch devices: monitors, tv's, chromecasts, laptops, phones, tablets, thermostats and whatnot.

 

IIRC this does not equal trunking in the HP world (https://www.techieshelp.com/configuring-trunk-ports-on-the-hp-procurve/) - trunking involves grouping several physical ports/cables to one for superior bandwidth. In my case, there is one cable going to each AP and my VLAN's are tagged/untagged in that single cable.

 

---
https://www.mintsecurity.fi
Guru Elite

Re: Neato D7 problems to access the wireless network

Got it.

 

It looks like the client gets an ip address and everything.  Typically if there is something wrong with the wifi configuration, the client will not get an ip address until you change a parameter.  It seems like this client does get an ip address and then sends a deauth 30 seconds later:

 

Dec 25 12:11:23 ap-espoo-01.mintsecurity.fi Dec 25 12:11:23 2018 192.168.30.11 stm[3974]: <501105> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> Deauth from sta: 40:bd:32:75:ce:25: AP 192.168.30.11-24:f2:7f:a7:2e:40-ap-espoo-01 Reason Unspecified Failure
Dec 25 12:10:53 ap-espoo-01.mintsecurity.fi Dec 25 12:10:53 2018 192.168.30.11 stm[3974]: <501199> <NOTI> <192.168.30.11 24:F2:7F:C2:72:E4> User authenticated, mac-40:bd:32:75:ce:25, username-, IP-192.168.1.181, method-Unknown auth type, role-trespassers-will-be-shot

 

 

That is unless you have restrictions in the trespassers-will-be-shot role.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor I

Re: Neato D7 problems to access the wireless network

Is there any way to find out what happens in those 30 seconds - and what may be the root cause of the "Unspecified Failure"?

---
https://www.mintsecurity.fi
Guru Elite

Re: Neato D7 problems to access the wireless network

The unspecified failure means that the device disassociates and does not state a reason code.

 

You can also mirror the ethernet port of the Instant AP on the switch and do a packet capture on it  with wireshark to see what traffic the device is sending decrypted.  You can also do a packet dump to see what traffic the device is sending:  https://community.arubanetworks.com/t5/Controller-less-WLANs/What-are-tools-available-in-Instant-AP-to-troubleshoot-DHCP/ta-p/182956


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: