03-26-2014 10:24 AM - edited 07-05-2021 12:33 AM
Any idaea about ?
Those are controller and AP:
AIR-WLC2112-K9
AIR-LAP1131AG-A-K9
WLAN Identifier.................................. 1
Profile Name..................................... impa-nwl
Network Name (SSID).............................. impa-nwl
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 124
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ wifi-clients
Multicast Interface.............................. Not Configured
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CCKM tsf Tolerance............................... 1000
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Local Authentication................... Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Mobility Anchor List
WLAN ID IP Address Status
------- --------------- ------
APF-1-PROC_RSN_WARP_IE_FAILED: apf_80211.c:2396 Could not process the RSN and WARP IEs. error processing RSN IE.MobileStation: 7c:d1:c3:e8:bd:11, SSID:impa-nwl,AP: 00:23:5e:d5:dc:90.
APF-3-VALIDATE_DOT11i_CIPHERS_FAILED: apf_rsn_utils.c:734 Could not validate Dot11i security IE. Received an unsupported Multicast 802.11i OUI code from mobile.Mobile:7c:d1:c3:e8:bd:11
Solved! Go to Solution.
03-26-2014 12:57 PM
HI,
If both are enabled together (wpa-tkip or wpa2-aes) then: Some wireless clients might not handle complex SSID setting and may be unable to associate to WLAN.
Regards
Dont forget to rate helpful posts, please also mark this question as answerd
03-26-2014 01:21 PM
You can use WPA with AES, WPA2 with AES or both. But sometime Client can not understand the kind of complex setting.
Just for info:
WPA was designed to be used with TKIP (and WPA2 designed to use stronger AES-based).
However, some devices allow WPA (not WPA2) with AES (and WPA2 with TKIP).
AES is optional in WPA;
In WPA2 both AES is mandatory, BUT TKIP is optional.
Best way to have WPA2-AES and WPA-TKIP.
Hope it helps.
Regards
Dont forget to rate helpful posts
03-26-2014 10:37 AM
Hi,
APF-1-PROC_RSN_WARP_IE_FAILED: apf_80211.c:2396 Could not process the RSN and WARP IEs. error processing RSN IE.MobileStation: 7c:d1:c3:e8:bd:11, SSID:impa-nwl,AP: 00:23:5e:d5:dc:90.
Check if the client is Wi-Fi certified for WPA2 and check the configuration of the client for WPA2.
- Upgrade the client's Driver and Firmware.
- Turn off Aironet extensions on the WLAN.(wlan>wlan ID > advanced)
APF-3-VALIDATE_DOT11i_CIPHERS_FAILED: apf_rsn_utils.c:734 Could not validate Dot11i security IE. Received an unsupported Multicast 802.11i OUI code from mobile.Mobile:7c:d1:c3:e8:bd:11
Validation for Dot11i security IE failed. Received invalid RSN cipher suite or an invalid Unicast/Multicast WPA OUI code.
Recommended Action: This is a debug message only. No action is required.
Reagrds
Dont forget to rate helpful posts
03-26-2014 12:15 PM
Is there any type of conflict having both WPA (AES) and WPA2 (AES) enabled ?
03-26-2014 12:57 PM
HI,
If both are enabled together (wpa-tkip or wpa2-aes) then: Some wireless clients might not handle complex SSID setting and may be unable to associate to WLAN.
Regards
Dont forget to rate helpful posts, please also mark this question as answerd
03-26-2014 01:12 PM
Yes, I know that.
But my question is about WPA (AES) and WPA2 (AES) enabled.
It is possible to enable booth WLANs > Edit 'impa-nwl' > WPA+WPA2 Parameters
WPA Policy > EAS and WPA2 Policy > EAS
Is there any type of conflict ?
03-26-2014 01:21 PM
You can use WPA with AES, WPA2 with AES or both. But sometime Client can not understand the kind of complex setting.
Just for info:
WPA was designed to be used with TKIP (and WPA2 designed to use stronger AES-based).
However, some devices allow WPA (not WPA2) with AES (and WPA2 with TKIP).
AES is optional in WPA;
In WPA2 both AES is mandatory, BUT TKIP is optional.
Best way to have WPA2-AES and WPA-TKIP.
Hope it helps.
Regards
Dont forget to rate helpful posts
03-26-2014 01:24 PM
Tks for "Best way to have WPA2-AES and WPA-TKIP."
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: