Configure 877W as wireless client?

Unanswered Question
Jan 4th, 2010
User Badges:

Hi guys,


I have a small CCENT/CCNA lab with a few switches and routers which I would like to connect to my D-link home router so that it can access the outside world. I have an 877W which I believe is supposed to be able to connect to a wifi network as a client.


I have seen reference to configuring a bridge but this is something outside of my current understanding. The idea is to have the 877W with it's wireless interface connected to my wireless network and the Lab connected to the 877's intergrated switch, using the 877 as a basic router connecting the two networks.

I've scoured Google and put together a configuration using what I could find in forum posts and Cisco documentation.

The D-link is set up for auto WPA/WPA2 Personal (TKIP or AES). I'm using an ASCII key with an update interval of 0. I've never had a problem with other devices trying to connecting to it.


At the moment the 877W seems to connect to the D-link but then lose it's association, from what I can see it looks like the 877 is trying to rotate the key? Once this happens my laptop loses it's wireless connection and I need to reboot the D-link to get it back. Interestingly the Windows 7 network icon shows three computers with a link between each as the network icon when this happens. It's as if the 877W acts as a Rogue access point and steals my client's connection. On one attempt the debug output showed the 877 geting an IP address from the D-link's DHCP so it does seem to connect initially.


Config and debug output are below. I hope someone can show me where I've gone wrong as this is becomming very frustrating.


Config:


!
dot11 ssid MYSSID
authentication open
authentication key-management wpa
infrastructure-ssid
wpa-psk ascii 7 MYWPAKEY

!
interface Dot11Radio0
ip address dhcp
shutdown
!
encryption mode ciphers aes-ccm tkip
!
ssid MYSSID
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role non-root
!
interface Vlan1
description Management IP
ip address 200.0.0.10 255.255.255.252
!
!


Debug output:


C877W(config-if)#no shutdown
*Mar  1 05:07:12.162: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  1 05:07:12.378: [D]WPA/CCKM:SNonce is:F8 90 02 44 E8 63 3A 45 60 E3 1B 7B 3E 45 01 BB AE 87 FC E2 C7 E9 96 1A D8 D4 38 C8 34 4E 48 49
*Mar  1 05:07:12.382: [D]WPA/CCKM:wpa_cckm_km_process_key: descriptor type = 2pmkid support 0 len 5F
*Mar  1 05:07:12.382: [D]WPA/CCKM:RSNA Descriptor 0x2
*Mar  1 05:07:12.382: [D]WPA/CCKM:wpa_cckm_km_process_key: key length = 16
*Mar  1 05:07:12.382: [D]WPA/CCKM:wpa v2 handshake 1: passed the flags checking
*Mar  1 05:07:12.382: [D]WPA/CCKM:Replay counter for the first handshake is 0
*Mar  1 05:07:12.382: [D]WPA/CCKM:handshake2 key information is 010A, handshake1 is 008A
*Mar  1 05:07:12.390: [D]WPA/CCKM:wpa_cckm_km_process_key: descriptor type = 2pmkid support 0 len AF
*Mar  1 05:07:12.390: [D]WPA/CCKM:RSNA Descriptor 0x2
*Mar  1 05:07:12.390: [D]WPA/CCKM:wpa_cckm_km_process_key: key length = 16
*Mar  1 05:07:12.390: [D]WPA/CCKM:Handshake 3 - checking the key packet
*Mar  1 05:07:12.390: [D]WPA/CCKM:Start RSC from authenticator is -6267321831439466496
wpav2 msg3 decrypted key data: 30 18 01 00 00 0F AC 02 02 00 00 0F AC 04 00 0F AC 02 01 00 00 0F AC 02 00 00 DD 26 00 0F AC 01 01 00 1F 6E 01 CD E2 D1 CB 5C F5 DA 49 BB A3 33 EC CA 61 16 19 88 3B 76 9F EB 0D A6 D7 A5 07 41 F3 36 DD 00 00 00 00 00
*Mar  1 05:07:12.394:
*Mar  1 05:07:12.394: [D]WPA/CCKM:wpav2 handshake 3 gtk len 32
*Mar  1 05:07:12.394: [D]WPA/CCKM:wpav2 handshake4 key information is 030A, handshake3 is 13CA
*Mar  1 05:07:12.394: [D]WPA/CCKM:Index for the key is 0
*Mar  1 05:07:12.398: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio0, Associated To AP  001b.11ad.a157 [None WPAv2 PSK]
*Mar  1 05:07:12.402: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  1 05:07:13.403: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar  1 05:07:14.223: [D]WPA/CCKM:wpa_cckm_km_process_key: descriptor type = 2pmkid support 0 len 5F
*Mar  1 05:07:14.223: [D]WPA/CCKM:RSNA Descriptor 0x2
*Mar  1 05:07:14.223: [D]WPA/CCKM:wpa_cckm_km_process_key: key length = 16
*Mar  1 05:07:14.223: [D]WPA/CCKM:wpav2 GTK message 1 has invalid bits set (is 080A, expecting 1382)
*Mar  1 05:07:14.223: [D]WPA/CCKM:wpav2 GTK handshake packet 1 failed check
*Mar  1 05:07:14.227: %DOT11-4-UPLINK_DOWN: Interface Dot11Radio0, parent lost: EAP authentication failed 16
*Mar  1 05:07:14.471: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio0, Associated To AP  001b.11ad.a157 [None WPAv2 PSK]
*Mar  1 05:07:15.219: [D]WPA/CCKM:wpa_cckm_km_process_key: descriptor type = 2pmkid support 0 len 5F
*Mar  1 05:07:15.223: [D]WPA/CCKM:RSNA Descriptor 0x2
*Mar  1 05:07:15.223: [D]WPA/CCKM:wpa_cckm_km_process_key: key length = 16
*Mar  1 05:07:15.223: [D]WPA/CCKM:wpav2 GTK message 1 has invalid bits set (is 080A, expecting 1382)
*Mar  1 05:07:15.223: [D]WPA/CCKM:wpav2 GTK handshake packet 1 failed check
*Mar  1 05:07:15.223: %DOT11-4-UPLINK_DOWN: Interface Dot11Radio0, parent lost: EAP authentication failed 16
*Mar  1 05:07:15.651: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
*Mar  1 05:07:16.651: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar  1 05:07:17.144: [D]WPA/CCKM:SNonce is:8E E5 B2 39 B6 B8 46 41 66 7F 79 DD 5D FF 97 30 A2 62 B7 56 FF 6D 9E 31 6A 3E B6 C9 F1 40 06 E4
*Mar  1 05:07:17.524: *** AES-CCMP Replay [mcast q 4]: TA=001b.11ad.a157, RSC=0x2607,TSC=0x2606
*Mar  1 05:07:19.524: *** AES-CCMP Replay [mcast q 4]: TA=001b.11ad.a157, RSC=0x2607,TSC=0x2606
*Mar  1 05:07:20.304: *** AES-CCMP Replay [mcast q 4]: TA=001b.11ad.a157, RSC=0x2607,TSC=0x2606
*Mar  1 05:07:21.629: *** AES-CCMP Replay [mcast q 4]: TA=001b.11ad.a157, RSC=0x2607,TSC=0x2606
*Mar  1 05:07:23.305: *** AES-CCMP Replay [mcast q 4]: TA=001b.11ad.a157, RSC=0x2607,TSC=0x2606
*Mar  1 05:07:23.525: *** AES-CCMP Replay [mcast q 4]: TA=001b.11ad.a157, RSC=0x2607,TSC=0x2606
*Mar  1 05:07:24.905: *** AES-CCMP Replay [mcast q 4]: TA=001b.11ad.a157, RSC=0x2607,TSC=0x2606
*Mar  1 05:07:24.909: *** AES-CCMP Replay [mcast q 4]: TA=001b.11ad.a157, RSC=0x2607,TSC=0x2606
*Mar  1 05:07:25.525: *** AES-CCMP Replay [mcast q 4]: TA=001b.11ad.a157, RSC=0x2607,TSC=0x2606
*Mar  1 05:07:26.090: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: EAP authenticating
*Mar  1 05:07:27.306: *** AES-CCMP Replay [mcast q 4]: TA=001b.11ad.a157, RSC=0x2607,TSC=0x2606
*Mar  1 05:07:27.526: *** AES-CCMP Replay [mcast q 4]: TA=001b.11ad.a157, RSC=0x2607,TSC=0x2606
*Mar  1 05:07:29.522: *** AES-CCMP Replay [mcast q 4]: TA=001b.11ad.a157, RSC=0x2607,TSC=0x2606
C877W(config-if)#shutdown

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
justinfielding Mon, 01/04/2010 - 12:49
User Badges:

I have successfully connected to a WEP network so this is definitely a WPA / Cipher issue.


Update:


Tried setting the access point to WPA (rather than WPA/WPA2 mixed mode).  Still can't connect, same errors.

vincent.monnier Thu, 03/29/2012 - 01:59
User Badges:

Hi Justin,


I've try to achieve the same setup : A Cisco 877w as a WAP client. And  I've got the same issue with WPA. Since your last post, did you ever retried with WAP authentication ?


Thanks in advance.


Vincent

Actions

This Discussion

Related Content