Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Сlient can't be associated to SSID WPA-PSK upon transition between AP 1142 & AP 1602

The client was connected to the SSID1 on access point 1142 according to the password. Then the client moves from access point 1142 to access point 1602 on which the same SSID1 with the same parameters is set up. But the client can't be connected to this SSID1 because of an unknown error. Then the client does "to forget a SSID" and again is connected to SSID1 on access point 1602, but is now successful.

What this?! 

P.S.: Both points in autonomous mode. The WDS (WLCCP) infrastructure is set up. WDS-AP is access point 1602, AP1142 successful authenticated on WDS. If the client moves between APs1142 that everything is successfully connected!

 

 

AP1602 config (ap1g2-k9w7-mx.152-4.JB5):

 

dot11 ssid SSID1
   vlan 1101
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii PaSsWoRd
!

interface Dot11Radio0
 no ip address
 no ip route-cache
 load-interval 30
 !
 encryption vlan 1101 mode ciphers aes-ccm tkip

ssid SSID1
 !
 antenna gain 0
 stbc
 beamform ofdm
 mbssid
 channel 2462
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding

!

 

 

AP1142 config (c1140-k9w7-mx.152-2.JA):

dot11 ssid SSID1
   vlan 1101
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii PaSsWoRd
!

interface Dot11Radio0
 no ip address
 no ip route-cache
 load-interval 30
 !
 encryption vlan 1101 mode ciphers aes-ccm tkip

ssid SSID1
 !
 antenna gain 0
 beamform ofdm
 mbssid
 channel 2462
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding

!

 
Everyone's tags (1)
2 REPLIES

IMO I'd simplify the config.

IMO I'd simplify the config.

 

in the SSID you are only calling for WPA, so using aes-ccm isn't going to gain you anything.

If you are wanting WPA then just stick with TKIP for the encryption

 

If you are wanting 802.11n speed, you should move to WPA version 2 and aes-ccm as the encryption.

Either way, you only want one selected.

 

If you only have the one SSID, I would get rid of mbssid-guest mode and the mbssid command under the radio, and just use guest-mode under the SSID configuration.

 

WDS only is relevant if you are doing 802.1X authentication, as you are doing a PSK there is no value add to having WDS configured.

 

HTH,
Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Hi, SteaveMy config is

Hi, Steave

My config is universal for WPA/WPA2 & TKIP/AES -supported clients. And I don't see correlation in a mode of encoding and the described problem. 

Generally on a network only five access points. In the beginning all points were 1142, then one of them replaced on 1602, and such problem began.

82
Views
0
Helpful
2
Replies
CreatePlease login to create content