Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WPA problem

Hi everyone,

We're having a WPA problem with a new 1130 AP. Below are debug snippets and below that is our sanitized config. Any ideas?

Thanks!!

Stephen

*Mar 1 01:43:51.813: Client 0012.1714.1dad failed: Dot1x replay count not from most recent request,exp=2, act=1

*Mar 1 01:43:51.884: Client 0012.1714.1dad failed: Dot1x MIC mismatch

*Mar 1 01:43:51.983: dot11_auth_client_abort: Received abort request for client 0012.1714.1dad

*Mar 1 01:43:51.983: dot11_auth_client_abort: No client entry to abort: 0012.1714.1dad for application 0x1

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

!

no aaa new-model

clock timezone CST -6

clock summer-time CDT recurring

!

!

!

dot11 ssid wireless

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii 7

!

power inline negotiation prestandard source

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm tkip

!

ssid wireless

!

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

dfs band 3 block

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 1.1.1.2 255.255.255.0

no ip route-cache

!

ip default-gateway 1.1.1.1

no ip http server

ip http authentication local

ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

login local

!

end

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: WPA problem

Hi microsage,

It might sound stupid question but I have seen a problem like this cisco has or had a problem with long WPS-PSK keys.

You have to restrict youself between 8 - 12 Char. if it is the same problem I have seen.

That is a big problem if you see the error message

R-Home(config-ssid)#wpa-psk ascii 0 test

Invalid key length, expecting 8 to 63 characters

R-Home(config-ssid)#

best regards

Christian

4 REPLIES
New Member

Re: WPA problem

Hi microsage,

It might sound stupid question but I have seen a problem like this cisco has or had a problem with long WPS-PSK keys.

You have to restrict youself between 8 - 12 Char. if it is the same problem I have seen.

That is a big problem if you see the error message

R-Home(config-ssid)#wpa-psk ascii 0 test

Invalid key length, expecting 8 to 63 characters

R-Home(config-ssid)#

best regards

Christian

New Member

Re: WPA problem

We shortened our key from 19 chars to 11 and it works fine now. Thanks!!

We have tkip and aes setup. It only works with tkip though. Any suggestions there?

New Member

Re: WPA problem

Hi Microsage,

works ok, and is supported by many chips/firmware and drivers.

BTW what 12.4 version the problem stil is in it.

glad you got it to work please remember til give a grade ;o)

Best regards

Christian

New Member

Re: WPA problem

Cisco IOS Software, C1130 Software (C1130-K9W7-M), Version 12.4(10b)JA, RELEASE SOFTWARE (fc2)

2071
Views
5
Helpful
4
Replies