Which debug command can find out the wrong authentication method?

Unanswered Question
Mar 16th, 2010
User Badges:

Hi All,


I have configured fat Cisco Aironet 1242 APs on remote site with WPA/TKIP authentication. Local technician configured wireless tec printers with corressponding configuration. I just want to know if there is a debug command to allow me to find out the wrong authentication method. Say WPA2 instead of WPA. I've tried "debug dot11 wpa-cckm-km-dot1x". It didn't help. It can only find out wrong username and password. Which means I know client passed association but failed authentication because of wrong password. I need a debug command for association process. Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
robert.huang Wed, 03/17/2010 - 12:06
User Badges:

Thanks Scott.


I've tried the following command. But none of them can tell the wrong Key Mgmt type(Supposed to be WPA, but input WPA2).

debug dot11 wpa-cckm-km-dot1x

debug dot11 events
debug dot11 packets  
debug dot11 mgmt station detail
debug dot11 aaa authenticator state-machine
debug dot11 aaa manager keys 
debug dot11 station connection failure    
debug dot11 dot11radio 0 trace print

debug dot11 aaa authenticator process


Any input will be appreciated.

Scott Fella Wed, 03/17/2010 - 12:19
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

What errors doyou see in the logs when a client fails.... usually the info in the logs points to encryption mismatch like this:


apf_80211.c:1923 APF-1-PROC_RSN_WARP_IE_FAILED: Could not process the RSN and WARP IE's. station not using RSN (WPA2) on WLAN requiring RSN.MobileStation:00:0c:f1:0c:51:22, SSID:<>

robert.huang Thu, 03/18/2010 - 06:34
User Badges:

Thanks again for your reply, Scott.


I can get the error message from WLC for lightweight APs.


However, for the autonomous AP, I can't get any error message regarding the wrong key mgmt type from the log. Actually, if I change my wifi card setting from WPA to WPA2, I can see connection failed on my laptop, but there is no logs on the AP. I've tried so many debug command and always got the same result.


I'm pretty sure there must be a debug command to allow me to see the association process on the fat AP.

Scott Fella Thu, 03/18/2010 - 11:47
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

You should see in the logs when uses associate and disassociate also when users fail.... don't know why you can't see that... maybe check your logging settings.

Actions

This Discussion