cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4066
Views
10
Helpful
6
Replies

APF-1-PROC_RSN_WARP_IE_FAILED: and APF-3-VALIDATE_DOT11i_CIPHERS_FAILED:

Rosa Ladeira
Level 1
Level 1

Any idaea about ?

 

Those are controller and AP:

AIR-WLC2112-K9

AIR-LAP1131AG-A-K9 


WLAN Identifier.................................. 1
Profile Name..................................... impa-nwl
Network Name (SSID).............................. impa-nwl
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control

  Radius-NAC State............................... Disabled
  SNMP-NAC State................................. Disabled
  Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 124
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ wifi-clients
Multicast Interface.............................. Not Configured
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ Disabled
   Accounting.................................... Disabled
   Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security

   802.11 Authentication:........................ Open System
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Disabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Disabled
         AES Cipher.............................. Enabled
   Auth Key Management
         802.1x.................................. Disabled
         PSK..................................... Enabled
         CCKM.................................... Disabled
         FT(802.11r)............................. Disabled
         FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CCKM tsf Tolerance............................... 1000
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   H-REAP Local Switching........................ Disabled
   H-REAP Local Authentication................... Disabled
   H-REAP Learn IP Address....................... Enabled
   Client MFP.................................... Optional
   Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled

 Mobility Anchor List
 WLAN ID     IP Address            Status
 -------     ---------------       ------

 

 

APF-1-PROC_RSN_WARP_IE_FAILED: apf_80211.c:2396 Could not process the RSN and WARP IEs. error processing RSN IE.MobileStation: 7c:d1:c3:e8:bd:11, SSID:impa-nwl,AP: 00:23:5e:d5:dc:90.
APF-3-VALIDATE_DOT11i_CIPHERS_FAILED: apf_rsn_utils.c:734 Could not validate Dot11i security IE. Received an unsupported Multicast 802.11i OUI code from mobile.Mobile:7c:d1:c3:e8:bd:11

 

 

2 Accepted Solutions

Accepted Solutions

HI,

If both are enabled together (wpa-tkip or wpa2-aes) then: Some wireless clients might not handle complex SSID setting and may be unable to associate to WLAN.

 

Regards

Dont forget to rate helpful posts, please also mark this question as answerd

View solution in original post

You can use WPA with AES, WPA2 with AES or both. But sometime Client can not understand the kind of complex setting.

Just for info:

WPA was designed to be used with TKIP (and WPA2 designed to use stronger AES-based).
However, some devices allow WPA (not WPA2) with AES (and WPA2 with TKIP).
AES is optional in WPA;

In WPA2 both AES is mandatory, BUT TKIP is optional.

 

Best way to have WPA2-AES and  WPA-TKIP.

 

Hope it helps.

Regards

Dont forget to rate helpful posts

View solution in original post

6 Replies 6

Sandeep Choudhary
VIP Alumni
VIP Alumni

Hi,

APF-1-PROC_RSN_WARP_IE_FAILED: apf_80211.c:2396 Could not process the RSN and WARP IEs. error processing RSN IE.MobileStation: 7c:d1:c3:e8:bd:11, SSID:impa-nwl,AP: 00:23:5e:d5:dc:90.

Check if the client is Wi-Fi certified for WPA2 and check the configuration of the client for WPA2.

 - Upgrade the client's Driver and Firmware.

 - Turn off Aironet extensions on the WLAN.(wlan>wlan ID > advanced)

 

APF-3-VALIDATE_DOT11i_CIPHERS_FAILED: apf_rsn_utils.c:734 Could not validate Dot11i security IE. Received an unsupported Multicast 802.11i OUI code from mobile.Mobile:7c:d1:c3:e8:bd:11

Validation for Dot11i security IE failed. Received invalid RSN cipher suite or an invalid Unicast/Multicast WPA OUI code.

Recommended Action: This is a debug message only. No action is required.

 

Reagrds

Dont forget to rate helpful posts

Is there any type of conflict having both WPA (AES) and WPA2 (AES) enabled ?

HI,

If both are enabled together (wpa-tkip or wpa2-aes) then: Some wireless clients might not handle complex SSID setting and may be unable to associate to WLAN.

 

Regards

Dont forget to rate helpful posts, please also mark this question as answerd

Yes, I know that.

But my question is about WPA (AES) and WPA2 (AES) enabled.

It is possible to enable booth WLANs > Edit   'impa-nwl' > WPA+WPA2 Parameters

WPA Policy > EAS    and    WPA2 Policy > EAS

Is there any type of conflict ?

 

You can use WPA with AES, WPA2 with AES or both. But sometime Client can not understand the kind of complex setting.

Just for info:

WPA was designed to be used with TKIP (and WPA2 designed to use stronger AES-based).
However, some devices allow WPA (not WPA2) with AES (and WPA2 with TKIP).
AES is optional in WPA;

In WPA2 both AES is mandatory, BUT TKIP is optional.

 

Best way to have WPA2-AES and  WPA-TKIP.

 

Hope it helps.

Regards

Dont forget to rate helpful posts

Tks for "Best way to have WPA2-AES and  WPA-TKIP."

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: