WPA problem

Answered Question
Dec 18th, 2007
User Badges:

Hi everyone,


We're having a WPA problem with a new 1130 AP. Below are debug snippets and below that is our sanitized config. Any ideas?


Thanks!!


Stephen


*Mar 1 01:43:51.813: Client 0012.1714.1dad failed: Dot1x replay count not from most recent request,exp=2, act=1

*Mar 1 01:43:51.884: Client 0012.1714.1dad failed: Dot1x MIC mismatch

*Mar 1 01:43:51.983: dot11_auth_client_abort: Received abort request for client 0012.1714.1dad

*Mar 1 01:43:51.983: dot11_auth_client_abort: No client entry to abort: 0012.1714.1dad for application 0x1


version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

!

no aaa new-model

clock timezone CST -6

clock summer-time CDT recurring

!

!

!

dot11 ssid wireless

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii 7

!

power inline negotiation prestandard source

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm tkip

!

ssid wireless

!

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

dfs band 3 block

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 1.1.1.2 255.255.255.0

no ip route-cache

!

ip default-gateway 1.1.1.1

no ip http server

ip http authentication local

ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

login local

!

end



Correct Answer by chald about 9 years 5 months ago

Hi microsage,


It might sound stupid question but I have seen a problem like this cisco has or had a problem with long WPS-PSK keys.


You have to restrict youself between 8 - 12 Char. if it is the same problem I have seen.


That is a big problem if you see the error message

R-Home(config-ssid)#wpa-psk ascii 0 test

Invalid key length, expecting 8 to 63 characters

R-Home(config-ssid)#


best regards

Christian


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
chald Tue, 12/18/2007 - 11:07
User Badges:

Hi microsage,


It might sound stupid question but I have seen a problem like this cisco has or had a problem with long WPS-PSK keys.


You have to restrict youself between 8 - 12 Char. if it is the same problem I have seen.


That is a big problem if you see the error message

R-Home(config-ssid)#wpa-psk ascii 0 test

Invalid key length, expecting 8 to 63 characters

R-Home(config-ssid)#


best regards

Christian


microsage Tue, 12/18/2007 - 11:30
User Badges:

We shortened our key from 19 chars to 11 and it works fine now. Thanks!!


We have tkip and aes setup. It only works with tkip though. Any suggestions there?

chald Tue, 12/18/2007 - 12:26
User Badges:

Hi Microsage,


works ok, and is supported by many chips/firmware and drivers.


BTW what 12.4 version the problem stil is in it.


glad you got it to work please remember til give a grade ;o)


Best regards

Christian


microsage Thu, 01/03/2008 - 12:37
User Badges:

Cisco IOS Software, C1130 Software (C1130-K9W7-M), Version 12.4(10b)JA, RELEASE SOFTWARE (fc2)


Actions

This Discussion

 

 

Trending Topics - Security & Network