1240AG WPA problems

Unanswered Question
Aug 6th, 2012

Hello, I have a Cisco 1240 AG with two SSID.

One is WPA2 protected and the other WPA.

I cannot connect a Zebra QL 420 mobile printer with WPA's SSID.

The log is:

Station 00a0.f83c.cffd Authentication failed

and so

Packet to client 00a0.f83c.cffd reached max retries,  removing the client

Howewer if I connect the printer with a Access point with only one SSID WPA protected it's working fine, so in my opionion isn't a problem regarding printer's wireless setup.

the firmware is:

System Software Filename:c1240-k9w7-tar.124-10b.JA
System Software Version:12.4(10b)JA
Bootloader Version:12.4(13d)JA

the 1240 configuration is:

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap.default.domain.invalid

!

enable secret 5 $1$gTb/$V5xhnuaXSAK3fOLHsaR9o1

!

no aaa new-model

clock timezone +0100 1

!

!

!

dot11 ssid betaorionis159

   authentication open

   authentication key-management wpa version 2

   wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

!

dot11 ssid inventario

   authentication open

   authentication key-management wpa

   guest-mode

   wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

!

power inline negotiation prestandard source

!

!

username Cisco password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

ssid betaorionis159

!

ssid inventario

!

channel 2412

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

!

encryption mode ciphers tkip

no dfs band block

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.16.18 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.16.11

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

login local

!

end

What can I do?

My printer doesn't support WPA2, and pc's are connected with WPA2.

Please help me.

kind regards

Renis Ganz

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Amjad Abdullah Mon, 08/06/2012 - 23:28

Hello Renis,

I think that your printer does not understand RSN IE in the beacons and hence is not able to communicate with the WLAN.

I think things should work fine if we can turn off the RSN IE for your SSID's beacon.
I am not sure how to turn that off with autonomous APs, but you can try this under your printer's SSID:

  authentication key-management wpa optional

by adding the word "optional" to the command I hope that will turn off the RSN IE so the printer would understand better.

Please try and let us know if that helps.

If not, please provide show logging from the AP while the printer tries to connect.

HTH

Amjad

fbarboza Thu, 08/09/2012 - 20:34

Hi , i checked the configurationa and you have configured the one ssid to work with wpa version one and the other ssid to work with wpa version 2 which is okay, but under the radio you have onky configured to use the ciper of tkip which is for wpa version 1

If you would like to work with The setup you have you should create vlans and link each vlan with the corresponding ssid and specific encryption method, if you have 2 ssids configured and not workin with lans you will have to use the same encryption method on oth ssids.

The errors that you report are see when you have configured the unit incorrectley client issues or rf interfirence.

Also if you try to configure the ap via the gui it will give you an error that you need to use to different encryption ethods on each ssid.

Sent from Cisco Technical Support iPhone App

fbarboza Mon, 08/13/2012 - 06:05

Hi Renis,

If you access the AP via the GUi, click on security, then SSID manager and then on the ? on the left side you will be able to check on this information.

WPA Pre-shared Key

To support client devices using static  WEP keys                and WPA key management, you must configure a pre-shared  key on the                access point. Enter the key and choose the appropriate  radio button to specify if you are entering hexadecimal or ASCII  characters.

If you use hexadecimal, you must enter 64  hexadecimal character to complete the 256-bit key. If you use ASCII,  you must enter a minimum of 8 letters, numbers, or symbols, and the  access point expands the key for you. You can enter a maximum of 63  ASCII characters.

Actions

Login or Register to take actions

This Discussion

Posted August 6, 2012 at 8:49 AM
Stats:
Replies:3 Avg. Rating:
Views:525 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard