We have 2 SSID's. One configured for WPA\TKIP and another configured for WPA2\AES.
All clients have both SSID's configuration deployed via group policy with the WPA2\AES SSID being given priority in the windows supplicant.
However, I am seeing that some clients will connect to AP's using the WPA\TKIP SSID even when they support WPA2\AES and are configured to use WPA2\AES SSID first.
I've been trying to understand why this might happen and I was thinking that perhaps the band select feature could be causing this for clients with only b\g\n radios. By delaying the probe response to the probe request for the WPA2\AES SSID the client then selects WPA\TKIP SSID.
You shouldn't push both out to clients. You should push out which ever profile from GPO depending if they support WPA2 or WPA.
Band select has nothing to do with this and it has to do with the client device which makes the final decision. The only other thing in GPO you can push is the ability to choose to connect to a preferred connection.
Sent from Cisco Technical Support iPhone App
*****Help out other by using the rating system and marking answered questions as "Answered"*****
In the GPO configuration we set the WPA2\AES SSID to be preferred over the WPA\TKIP SSID. So in theory this should mean the clients that support WPA2 should always use that SSID. But sometimes they use the WPA\TKIP. This can happen when roaming between APs.So just trying to work out a reason why they might prefer WPA
I have to say it sounds like a client issue. Capture 802.11 and see what is being negotiated by the client and ap.
__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin __________________________________________________________________________________________ "I'm in a serious relationship with my Wi-Fi. You could say we have a connection." __________________________________________________ "Im like bacon, I make your wireless better"
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
We are moving! Please use WLCCA Forum for updates and discussions
[toc:faq] Wireless LAN Controller (WLC) Config Analyzer Download Click
here to Download To request access, send an e-mail to
firstname.lastname@example.org. Please include your Cisco.com userna...
[toc:faq] IntroductionHere is the step by step process that we have to
take care of while converting LWAPP to IOS and then vice versa..LWAPP to
IOSThe hardware used = 1141 AP (make sure we are using the right
[toc:faq] Introduction AnyConnect Secure Mobility Client 3.0: Network
Access Manager & Profile Editor on Windows Summary Use the Cisco
AnyConnect Network Access Manager Profile Editor to build custom
profiles for the AnyConnect Secure Mobility Client. App...