Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

Key provided but cannot decrypt wireless packets

Hi,

I'm working on a case for a Hospital and seeking advice as client is pretty unhappy with lack of resolution.

Cisco 5508 WLCs HA-SSO running latest 7.6.130. Cisco 3602i APs.

After an upgrade to the WLC code some time ago and/or network upgrades, the client's wireless pump devices stopped communicating. We have capture from NetMon v3.4 and capture shows the pumps de-authenticating, but TAC claims they cannot decrypt packets even though key was provided and we can login from a laptop with that same key no problem.

Any observations, suggestions, recommendations appreciated.

Thanks

 

 

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Purple

If it is WPA-PSK or WPA2-PSK,

If it is WPA-PSK or WPA2-PSK, then you have to capture the complete 4 -way handshake process (when a device associate from fresh) in order to decrypt.

You can test it using wireshark & see whether you can decrypt it (also makesure M1-M4 EAPoL Key messages can be seen on your capture)

Here how you could do it in wireshark

http://mrncciew.com/2014/08/16/decrypt-wpa2-psk-using-wireshark/

HTH

Rasika

*** Pls rate all useful responses ****

Symptom : Cisco WLC using

Symptom : Cisco WLC using Releases 7.3 and 7.4 fail authenticate One Time Password (OTP) users when attempting to authenticate to the Cisco WLC using TACACS+. The following debug output is displayed when the debug aaa tacacs enable command is entered on the WLC CLI:

TPLUS_AUTHEN_STATUS_GETPASS auth_cont get_pass reply: pkt_length=25 processTplusAuthResponse: Continue auth transaction No auth response from: <SERVER IP> retrying with next server Preparing message for retransmit. Decrypting first Forwarding request to <SERVER IP> port=4900 AUTH Socket closed underneath No auth response from: <SERVER IP> retrying with next server Preparing message for retransmit. Decrypting first Forwarding request to <SERVER IP> port=4900 AUTH Socket closed underneath Exhausted all available servers for Auth/Author packet
 

Conditions : Cisco WLC using Releases 7.3 and 7.4; TACACS+ used for Management User Authentication; OTP used for TACACS+ static passwords are not affected.

Workaround : Extend the TACACS+ Management Server Timeout value by entering these commands:

config tacacs auth disable server-index

config tacacs auth mgmt-server-timeout server-index

config tacacs auth enable server-index

2 REPLIES
VIP Purple

If it is WPA-PSK or WPA2-PSK,

If it is WPA-PSK or WPA2-PSK, then you have to capture the complete 4 -way handshake process (when a device associate from fresh) in order to decrypt.

You can test it using wireshark & see whether you can decrypt it (also makesure M1-M4 EAPoL Key messages can be seen on your capture)

Here how you could do it in wireshark

http://mrncciew.com/2014/08/16/decrypt-wpa2-psk-using-wireshark/

HTH

Rasika

*** Pls rate all useful responses ****

Symptom : Cisco WLC using

Symptom : Cisco WLC using Releases 7.3 and 7.4 fail authenticate One Time Password (OTP) users when attempting to authenticate to the Cisco WLC using TACACS+. The following debug output is displayed when the debug aaa tacacs enable command is entered on the WLC CLI:

TPLUS_AUTHEN_STATUS_GETPASS auth_cont get_pass reply: pkt_length=25 processTplusAuthResponse: Continue auth transaction No auth response from: <SERVER IP> retrying with next server Preparing message for retransmit. Decrypting first Forwarding request to <SERVER IP> port=4900 AUTH Socket closed underneath No auth response from: <SERVER IP> retrying with next server Preparing message for retransmit. Decrypting first Forwarding request to <SERVER IP> port=4900 AUTH Socket closed underneath Exhausted all available servers for Auth/Author packet
 

Conditions : Cisco WLC using Releases 7.3 and 7.4; TACACS+ used for Management User Authentication; OTP used for TACACS+ static passwords are not affected.

Workaround : Extend the TACACS+ Management Server Timeout value by entering these commands:

config tacacs auth disable server-index

config tacacs auth mgmt-server-timeout server-index

config tacacs auth enable server-index

131
Views
10
Helpful
2
Replies
CreatePlease to create content