Host in network is not reachable over WPA2-Enterprise encryption

hello together,
i'm running a WRVS4400N router with parallel WPA2-Enterprise and WPA2-Personal wireless networking. If I try to ping a host on the network I get two different results:
The ping over the WPA2-Personal network is working pretty well.
Over the WPA2-Enterprise network the host isn't reachable.
This happens only to one special host, internet and other host are working well.
Do you have any idea why this host is only reachable over the WPA2-Personal network??
Thank you for any help you can provide in this situation.
phaenovum

Hi,
According to the log, your iPad tried to connect the remote server with IP address 10.100.01.01/32. Please check if it is the correct IP address of the server.
Also, please make sure that your iPad can connect to your VPN network successfully and get a valid IP address so that it can remote your internal server.
Thanks.
Jeremy Wu
TechNet Community Support

Similar Messages

Office Jet Pro 8600 hp cannot connect wirelessly to WPA2 Enterprise encrypted network

HP Office Jet Pro 8600 Premium all in one Printer Scanner CAN NOT connect to encrypted wireless network? Specifics: Wireless network uses WPA 2 Enterprise encryption without passphrase. ( mac filtering only ) Mac address of device is already entered into the wireless router list of devices allowed to connect. Wireless wizard reports ....unable to connect due to authentication failure. alternative instalation attempts ask for passphrase which the wireless network does not use at all. Has been a big issue preventing deployment of mobile wireless scanning and printing throughout the facility. WPA2 is clearly listed as supported wireless protocol. Please help. Several weeks of struggle with India did not resolve the issue. Thank You.

If your router supports dual band broadcasting 5Ghz and 2.4 Ghz, log into your router and look at the two wireless profile names. The names (SSID) should be changed so that they are different from each other for each band 5 and 2.4. Also if the SSID is the default SSID that ships with the router, change it to a unique name as a neighbor within range may have the same SSID. Rename to "my unique SSID" and connect the printer to the new network name "my unique SSID" as example. If you need further assistance, list the exact model of your router
I was an HP employee
Reminder: Please select the "Accept as Solution" button on the post that best answers your question. Also, you may select the "Kudos" button on any helpful post to give that person a quick thanks.

Airport Express bridge mode over WPA2 Enterprise?

I have an Airport Extreme running WPA2 Enterprise with RADIUS on a Snow Leopard Server. Is it possible to have the Express join the WPA2 Enterprise network as an ethernet bridge? I can't seem to set it up. Something tells me this only works with WPA2 Personal?

When you set up the APExtreme through Server Admin, it takes care of all the secret passwords and what-have-you. I did some digging on Apple's site, and it looks like the APExpress can only act as a bridge on WPA2 Personal networks and below. No worries; I am just temporarily running an engineer's SIP phone over wireless, so I brought an old Buffalo router I had kicking around at home into the office; set it up as a WPA2 Personal access point, and have him running off of that with the APExpress as the bridge. This is just a stopgap until I can get him a proper ethernet drop. Thanks for the help regardless.

All the subnets are not reachable over the VPN

Hi all,
We have a EZVPN connection to one of our branch office. Connectivity diagram is attached with this discussion.
HO LAN (10.1.0.0/16 & 192.6.14.0/24) --------- ASA5520-------- Internet ---------- Cisco2911-------- LAN of remote location (10.2.0.0/16)
we are using 10.2.0.0/26 subnet at remote office and 10.1.0.0/16 & 192.6.14.0/24 subnets at HO. From HO through 10.1.0.0/16 & 192.6.14.0/24 all the devices are reachable except the firewall which is connected with GigabitEthernet0/2 interface of cisco2911 router(on which VPN is created).
Its a fortigate firewall and it is reachable locally from the network 10.2.0.0/16. I believe its an issue with phase2 ACLs but didn't able to resolve the issue.
I'm not able to take GUI / CLI interfaces of fortigate firewall even i'm not able to ping the IP of GigabitEthernet0/2 interface of cisco2911.
kindly advise on same.
Below is the configuration of ASA5520 of HO and cisco2911 router of branch office
ASA5520:-
access-list inside_access_in extended permit ip 192.6.14.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list inside_access_in extended permit ip 10.1.0.0 255.255.0.0 10.2.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.6.14.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.0.0 10.2.0.0 255.255.0.0
access-list splittunnelacl_JNC_AUH extended permit ip 192.6.14.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list splittunnelacl_JNC_AUH extended permit ip 10.1.0.0 255.255.0.0 10.2.0.0 255.255.0.0
access-list Outside_cryptomap_65534.191 extended permit ip object-group DM_INLINE_NETWORK_103 10.2.0.0 255.255.0.0
jashanmalasa/sec/act# sho run obj
jashanmalasa/sec/act# sho run object-group | b DM_INLINE_NETWORK_103
object-group network DM_INLINE_NETWORK_103
network-object 10.1.0.0 255.255.0.0
network-object 192.6.14.0 255.255.255.0
group-policy AUHNEW internal
group-policy AUHNEW attributes
dns-server value 192.6.14.189 192.6.14.182
vpn-access-hours none
vpn-idle-timeout none
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec
ip-comp disable
re-xauth disable
pfs enable
ipsec-udp disable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value
default-domain value xxxxxx
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout none
ip-phone-bypass disable
leap-bypass disable
nem enable
tunnel-group AUHNEW type remote-access
tunnel-group AUHNEW general-attributes
authorization-server-group LOCAL
default-group-policy AUHNEW
tunnel-group AUHNEW ipsec-attributes
pre-shared-key *****
peer-id-validate nocheck
isakmp ikev1-user-authentication none
Cisco2911:-
Current configuration : 10258 bytes
! Last configuration change at 19:06:18 AST Thu May 8 2014 by admin
! NVRAM config last updated at 19:01:43 AST Thu May 8 2014 by admin
! NVRAM config last updated at 19:01:43 AST Thu May 8 2014 by admin
version 15.1
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname AUHOffice_RTR
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.151-4.M4.bin
boot-end-marker
card type e1 0 0
no aaa new-model
clock timezone AST 4 0
network-clock-participate wic 0
network-clock-select 1 E1 0/0/0
no ipv6 cef
ip source-route
ip cef
ip name-server 213.42.xxx.xxx
multilink bundle-name authenticated
isdn switch-type primary-net5
crypto pki token default removal timeout 0
voice-card 0
dspfarm
dsp services dspfarm
voice service voip
fax protocol pass-through g711ulaw
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
codec preference 4 g729br8
voice class h323 1
h225 timeout tcp establish 3
voice translation-rule 1
rule 1 /^9$.*$/ /\1/
voice translation-rule 2
rule 1 /^0$2.......$$/ /00\1/
rule 2 /^0$3.......$$/ /00\1/
rule 3 /^0$4.......$$/ /00\1/
rule 4 /^0$5........$$/ /00\1/
rule 5 /^0$6.......$$/ /00\1/
rule 6 /^0$7.......$$/ /00\1/
rule 7 /^0$9.......$$/ /00\1/
rule 8 /^00$.*$/ /0\1/
rule 9 /^.......$/ /0&/
rule 10 // /000\1/
voice translation-rule 3
rule 1 /^3../ /026969&/
voice translation-profile FROM_PSTN
translate calling 2
translate called 1
voice translation-profile TO_PSTN
translate calling 3
license udi pid CISCO2911/K9 sn xxxxxxxxx
license accept end user agreement
license boot module c2900 technology-package securityk9
hw-module pvdm 0/0
hw-module sm 1
username admin privilege 15 secret 4 Ckg/sS5mzi4xFYrh1ggXo92THcL6Z0c6ng70wM9oOxg
redundancy
controller E1 0/0/0
framing NO-CRC4
pri-group timeslots 1-10,16
crypto ipsec client ezvpn jashanvpn
connect auto
group AUHNEW key jashvpn786
mode network-extension
peer 83.111.xxx.xxx
acl 150
nat allow
nat acl 110
xauth userid mode interactive
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 10.2.0.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1430
ip policy route-map temp
duplex auto
speed auto
crypto ipsec client ezvpn jashanvpn inside
h323-gateway voip interface
h323-gateway voip bind srcaddr 10.2.0.1
interface GigabitEthernet0/1
description *** Connected to 40MB Internet ***
no ip address
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface GigabitEthernet0/2
ip address 10.2.0.11 255.255.255.248
duplex auto
speed auto
interface Serial0/0/0:15
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn incoming-voice voice
no cdp enable
interface SM1/0
ip unnumbered GigabitEthernet0/0
service-module ip address 10.2.0.3 255.255.255.248
!Application: CUE Running on SM
service-module ip default-gateway 10.2.0.1
interface SM1/1
description Internal switch interface connected to Service Module
no ip address
interface Vlan1
no ip address
interface Dialer0
description *** JASHANMAL 40MB Internet ***
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password 7 0252150B0C0D5B2748
ppp pap sent-username xxxxxx password 7 15461A5C03217F222C
crypto ipsec client ezvpn jashanvpn
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source route-map nonat interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.2.0.0 255.255.248.0 10.2.0.2
ip route 10.2.0.3 255.255.255.255 SM1/0
ip route 10.2.6.1 255.255.255.255 10.2.0.2
ip route 10.2.7.1 255.255.255.255 10.2.0.2
ip route 172.16.5.0 255.255.255.0 10.2.0.2
access-list 100 deny   ip 10.2.4.0 0.0.0.255 10.1.15.0 0.0.0.255
access-list 100 deny   ip 10.2.4.0 0.0.0.255 192.6.14.0 0.0.0.255
access-list 100 deny   ip 10.2.4.0 0.0.0.255 10.1.50.0 0.0.0.255
access-list 100 deny   ip 10.2.4.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 100 deny   ip 172.16.5.0 0.0.0.255 10.1.6.0 0.0.0.255
access-list 100 permit ip 10.2.4.0 0.0.0.255 any
access-list 100 permit ip 172.16.5.0 0.0.0.255 any
access-list 110 deny   ip 10.2.0.0 0.0.0.255 192.6.14.0 0.0.0.255
access-list 110 deny   ip 10.2.2.0 0.0.0.255 192.6.14.0 0.0.0.255
access-list 110 deny   ip 10.2.3.0 0.0.0.255 192.6.14.0 0.0.0.255
access-list 110 deny   ip 10.2.1.0 0.0.0.255 192.6.14.0 0.0.0.255
access-list 110 deny   ip 10.2.5.0 0.0.0.255 192.6.14.0 0.0.0.255
access-list 110 deny   ip 10.2.5.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 deny   ip 10.2.3.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 deny   ip 10.2.2.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 deny   ip 10.2.1.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 deny   ip 10.2.0.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 deny   ip 10.2.4.0 0.0.0.255 10.1.9.0 0.0.0.255
access-list 110 deny   ip 10.2.4.0 0.0.0.255 10.1.50.0 0.0.0.255
access-list 110 deny   ip 10.2.4.0 0.0.0.255 10.1.15.0 0.0.0.255
access-list 110 deny   ip 10.2.4.0 0.0.0.255 192.6.14.0 0.0.0.255
access-list 110 deny   ip 10.2.4.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 110 deny   ip 10.2.6.0 0.0.0.255 10.1.15.0 0.0.0.255
access-list 110 deny   ip 10.2.6.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 deny   ip 10.2.6.0 0.0.0.255 192.6.14.0 0.0.0.255
access-list 110 deny   ip 172.16.5.0 0.0.0.255 192.6.14.0 0.0.0.255
access-list 110 deny   ip 172.16.5.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 deny   ip 172.16.5.0 0.0.0.255 10.1.9.0 0.0.0.255
access-list 110 deny   ip 172.16.5.0 0.0.0.255 10.1.50.0 0.0.0.255
access-list 110 deny   ip 172.16.5.0 0.0.0.255 10.1.15.0 0.0.0.255
access-list 110 deny   ip 172.16.5.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 110 permit ip host 10.2.6.1 any
access-list 110 permit ip host 10.2.6.2 any
access-list 110 permit ip host 10.2.6.3 any
access-list 110 permit ip host 10.2.6.4 any
access-list 110 permit tcp 10.2.0.0 0.0.255.255 host 86.96.201.72 eq 10008
access-list 110 permit tcp 10.2.0.0 0.0.255.255 host 86.96.254.136 eq 10008
access-list 110 permit tcp 10.2.0.0 0.0.255.255 host 216.52.207.67 eq www
access-list 110 permit tcp 10.2.0.0 0.0.255.255 host 199.168.151.22 eq www
access-list 110 permit tcp 10.2.0.0 0.0.255.255 host 199.168.148.22 eq www
access-list 110 permit tcp 10.2.0.0 0.0.255.255 host 199.168.149.22 eq www
access-list 110 permit tcp 10.2.0.0 0.0.255.255 host 199.168.150.22 eq www
access-list 110 permit tcp 172.16.5.0 0.0.0.255 any
access-list 150 permit ip 10.2.4.0 0.0.0.255 any
access-list 150 permit ip 10.2.0.0 0.0.0.255 any
access-list 150 permit ip 10.2.1.0 0.0.0.255 any
access-list 150 permit ip 10.2.2.0 0.0.0.255 any
access-list 150 permit ip 10.2.3.0 0.0.0.255 any
access-list 150 permit ip 10.2.5.0 0.0.0.255 any
access-list 150 permit ip 10.2.6.0 0.0.0.255 any
access-list 150 permit ip 172.16.5.0 0.0.0.255 any
access-list 150 permit ip 10.2.7.0 0.0.0.255 any
route-map temp permit 100
match ip address 100
set ip next-hop 10.2.0.9
route-map temp permit 110
route-map nonat permit 10
match ip address 110
snmp-server community xxxxxxxx
snmp-server location JNC AbuDhabi Office
snmp-server contact xxxxxxxx
snmp-server enable traps tty
snmp-server enable traps cpu threshold
snmp-server enable traps syslog
snmp-server host xxxxx version 2c jash
control-plane
voice-port 0/0/0:15
translation-profile incoming FROM_PSTN
bearer-cap Speech
voice-port 0/1/0
voice-port 0/1/1
voice-port 0/1/2
voice-port 0/1/3
mgcp profile default
dial-peer cor custom
name CCM
name 0
name 00
dial-peer cor list CCM
member CCM
member 0
member 00
dial-peer cor list 0
member 0
dial-peer cor list 00
member 0
member 00
dial-peer voice 100 voip
corlist incoming CCM
preference 1
destination-pattern [1-8]..
session target ipv4:10.1.2.12
incoming called-number [1-8]..
voice-class codec 1
voice-class h323 1
dtmf-relay h245-alphanumeric
no vad
dial-peer voice 101 voip
corlist incoming CCM
huntstop
preference 2
destination-pattern [1-8]..
session target ipv4:10.1.2.11
incoming called-number [1-8]..
voice-class codec 1
voice-class h323 1
dtmf-relay h245-alphanumeric
no vad
dial-peer voice 201 pots
corlist outgoing 0
translation-profile outgoing TO_PSTN
destination-pattern 0[1-9]T
incoming called-number .
direct-inward-dial
port 0/0/0:15
dial-peer voice 202 pots
corlist outgoing 0
translation-profile outgoing TO_PSTN
destination-pattern 00[1-9]T
incoming called-number .
direct-inward-dial
port 0/0/0:15
prefix 0
dial-peer voice 203 pots
corlist outgoing 00
translation-profile outgoing TO_PSTN
destination-pattern 000T
incoming called-number .
direct-inward-dial
port 0/0/0:15
prefix 00
gateway
timer receive-rtp 1200
gatekeeper
shutdown
call-manager-fallback
secondary-dialtone 0
max-conferences 8 gain -6
transfer-system full-consult
timeouts interdigit 4
ip source-address 10.2.0.1 port 2000
max-ephones 58
max-dn 100
system message primary Your Current Options SRST Mode
transfer-pattern .T
alias 1 300 to 279
call-forward pattern .T
time-zone 35
date-format dd-mm-yy
cor incoming 0 1 100 - 899
line con 0
password 7 030359065206234104
login local
line aux 0
password 7 030359065206234104
login local
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 110E1B08431B09014E
login local
transport input all
line vty 5 15
password 7 030359065206234104
login local
transport input all
scheduler allocate 20000 1000
ntp master 1
end

Attached is the result from packet tracer of ASA5520-ASDM

Wake for network access not reliable over internet...

I've been going through major issues ever since I started tinkering with "Wake for network access" In a nutshell, when I was using my AirPort extreme with 7.4.2 and "Wake for network access" turned on someone or something kept on waking my Mac Mini via VNC. I know strange. So to combat this I back rev'd the AirPort to 7.4.1. This prevents the perpetrator from waking my Mac Mini, but now when I don't wake the Mini after a prolonged period of time it ceases to wake over the internet. If I wake the Mini manually and then let it sleep and then proceed to wake it over the net a few minutes later it wakes just fine ie using a WOL app on my iPhone. Also, it always wakes just fine on my LAN. I'm getting so tired of trying to troubleshoot my WOL issues. Any ideas?

The remote app can either automatically find libraries available on a network (with home sharing available) or if you haven't got home sharing enabled, you can manually pair an itunes library with the remote app (using a number that is generated by the app and then typed into the itunes library).
That is why I am so confused, as it seems to be the home sharing that is the problem!

NetworkManager Won't Connect to WPA2 Enterprise Encrypted Network

I decided to switch back to using NetworkManager instead of wicd as my wireless protocol because I like how NetworkManager has a Gnome 3 applet and GUI that I can easily use to connect to wireless networks. Here at university, the "main" wireless network is WPA2 with PEAP Enterprise-level encryption. However, I've been unable to connect to that network through the NetworkManager GTK GUI. When I open up the network settings window, I can see a list of all available networks (with the "main" network being listed), however when I go to click on it to connect, it won't let me. The program won't try to connect or anything.
I'm using an Intel wireless card that I KNOW can connect to network (as it worked in wicd), however it won't now. And just in case I'm forgetting something, my current daemon's array is:
DAEMONS=(syslog-ng hwclock dbus networkmanager !netfs @gdm @crond @httpd @cupsd dropboxd)
Am I missing something here? Thank you for any and all help, and if I'm leaving out information, please let me know and I'll try to provide as much information as possible.
SOLVED:
I simply entered in all of the information by hand, and NetworkManager connected easily. I'll just submit this as a bug report somewhere.
Last edited by zcdziura (2011-10-14 18:38:48)

I've been connecting through wifi-menu without problems since I installed Arch. As for nmcli, it gives me the following error:
[ralph@AnarchBox ~]$ nmcli dev wifi con AnarchNet password **********
nmcli: error while loading shared libraries: libnm.so.0: cannot open shared object file: No such file or directory
I then checked libnm-glib, and it was not installed, even though it's a dependency for networkmanager. I still couldn't connect through nmcli, so I checked the other dependencies, and dhclient, iproute2 and libmm-glib were also missing. I installed them, and I still have the same problem I started with, both with nm-applet and nmcli (nmcli will just try to connect and then the nm-applet window asking for a password pops up, then tries to connect again and repeats).
Last edited by ralph_13 (2015-02-15 15:29:54)

Wifi w/WPA/WPA2 Enterprise

I have a strange issue. We are trying to connect iPhones to the corporate wifi network. This uses WPA/WPA2 Enterprise encryption with EAP-FAST authentication. I have created a Wifi Configuration Profile using the iPhone Config Utility v3.3. All settings look correct.
I install this config profile to an iPhone 4 and it cannot connect.
I install this same config profile to iPod Touch 2G and it does not connect.
I install this same config to iPad2 and it works perfectly fine. Connects every time no problem.
Apparently there is some difference in how the devices handle wifi security?!?
Does anyone have any insight into this?

Is the wireless network an "n" network?
If so, the iPhone 4 supports 802.11b/g/n Wi-Fi (802.11n 2.4GHz only).
No such 2.4GHz only requirement for an "n" network with the iPad.

Switch profile peers not reachable

Hello:
I have a couple of N5k 5.2(1)N1(1). I'm trying to create a switch profile for all vPC configuration. They are connected to a OOB network through their mgmt0 interface, and ping is succesful. However, the show switch-profile status command shows they can reach eachother.
CONFIG SWITCH 1
feature telnet
feature tacacs+
cfs ipv4 distribute
cfs eth distribute
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature vtp
feature fex
interface mgmt0
vrf member management
ip address 10.161.20.88/24
switch-profile XXX
sync-peers destination 10.161.20.87
SWITCH 1# sh cfs status
Distribution : Enabled
Distribution over IP : Enabled - mode IPv4
IPv4 multicast address : 239.255.70.83
IPv6 multicast address : ff15::efff:4653
Distribution over Ethernet : Enabled
SWITCH 1# sh switch-profile status
switch-profile : XXX
Profile-Revision: 1
Session-type: Initial-Exchange
Session-subtype: Init-Exchange-All
Peer-triggered: No
Profile-status: -
Local information:
Status: Verify Failure
Error(s): Peer not reachable over CFS
Peer information:
IP-address: 10.161.20.87
Sync-status: Not yet merged
Merge Flags: pending_merge:1 rcv_merge:0 pending_validate:0
Status: -
Error(s):
CONFIG SWICTH 2
feature telnet
feature tacacs+
cfs ipv4 distribute
cfs eth distribute
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature vtp
feature fex
interface mgmt0
vrf member management
ip address 10.161.20.87/24
switch-profile XXX
sync-peers destination 10.161.20.88
SWITCH 2# SH CFS STATUs
Distribution : Enabled
Distribution over IP : Enabled - mode IPv4
IPv4 multicast address : 239.255.70.83
IPv6 multicast address : ff15::efff:4653
Distribution over Ethernet : Enabled
SWITCH 2# SH SWItch-PROfile STATUs
switch-profile : XXX
Start-time: 371925 usecs after Thu Jan 17 06:37:58 2013
End-time: 107348 usecs after Thu Jan 17 06:39:58 2013
Profile-Revision: 1
Session-type: Initial-Exchange
Session-subtype: Init-Exchange-All
Peer-triggered: No
Profile-status: -
Local information:
Status: Verify Failure
Error(s): Peer not reachable over CFS
Peer information:
IP-address: 10.161.20.88
Sync-status: Not yet merged
Merge Flags: pending_merge:1 rcv_merge:0 pending_validate:0
Status: -
Error(s):
What can I be missing here?

Hi Robert:
Sadly, not even the TAC could solve this. We ended up not using vPC, which is a pity.
Best regards, Faimy.

Spontaneous disconnects from a WPA2 Enterprise network with iwlwifi

The wireless network at my work uses WPA2-Enterprise with PEAP authentication and MSCHAPv2 inner authentication. Given this, cacert.org.crt, and the username and password, I am sometimes able to connect. However, I am often spontaneously disconnected. Sometimes this happens seconds after I connect, sometimes, I stay connected for hours. I use network manager to connect within gnome-shell.
The following describes my wireless card.
$ lspci | grep Net
07:00.0 Network controller: Intel Corporation Centrino Advanced-N 6235 (rev 24)
The NetworkManager log is not much help...
May 09 10:10:24 ocelot NetworkManager[299]: <info> (wlan0): supplicant interface state: scanning -> disconnected
May 09 10:10:24 ocelot NetworkManager[299]: <info> (wlan0): supplicant interface state: disconnected -> scanning
Last edited by astex (2013-05-09 14:27:44)

I had the same problems with my Intel Centrino Advanced-N 6000 and the WPA2 Enterprise network at university. And now since my last update where the driver seemed to be updated when also netctl replaced netcfg I am completly unable to connect to the network. But with my WPA2-PSK network I don't have any problems and my Notebook connects instantly.
I'm using wicd but also tried NetworkManager, netctl and also manually using wpa_supplicant but it was the same problem.
Also shutting down hardware encrpyption and 11n like mentioned in this topic:
option iwlwifi swcrypto=1
option iwlwifi 11n_disable=1
I guess it must be a driver bug.

Weblogic Server is not reachable

Hi Guys,
we use a Weblogic Server 4.5.1 SP8 on Solaris 2.7 und JDK 1.2.1_04 and the
performance pack.
In addition we use a Netscape Enterprise Server as a proxy with the nsapi
bridge. Sometime the Weblogic Server is not reachable over the T3 protocol.
In the access log of the NES we get timeout errors for Weblogic Server. We
used the weblogic.Admin class to ping the server at every minute. So we
could realize that the server was not reachable for about 5 minutes. After
that time the server worked normally. But during this time the server seemed
to be dead. There was no logging at all. Does anyone has an idea?
Thanks in advance
Lutz Strobel

Thanks a lot. It is restarted. Could you please elaborate the solution... this was related to some security right?

WPA2 - Enterprise

I need to disable certificate verification in 8.1 for auto-discovered wireless networks. I've tried manually creating new connections (unchecking the "verify" checkbox in PEAP properties) but still cannot get the system to authenticate using WPA2-Enterprise.
I honestly cannot tell if the system is using the manually created connection or the auto-discovered connection. I've tried changing the properties in PC settings->Network->Connections->Wi-Fi->"Manage known networks" but cannot get to
a properties page to change any of the configuration settings.
I hope this is making sense. I miss having more control over the OS vs MS thinking they can do everything for me...

Check here
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3916561/Implement-WPA2-Enterprise-Encryption-on-Your-WLAN.htm
Rgds

Free RADIUS/802.1X Service for WPA/WPA2-Enterprise

Hi, just wanted to let everyone know that I recently started offering a Free Edition of our AuthenticateMyWiFi service, a hosted RADIUS/AAA service offering 802.1X authentication for use with WPA/WPA2-Enterprise encryption.
The Free Edition features 1 user account, supports 1 AP, and includes: PEAP authentication for wireless and wired connections, web-based control panel, and activity logging.
This is great for IT professionals wanting to experiment with 802.1X or to get enterprise Wi-Fi security in homes and small offices.
For more info visit our site:
http://www.nowiressecurity.com/service.htm
- Eric Geier

I recommend contacting Linksys support on the phone and ask them which model router has Radius or Enterprise WPA features. Some home class routers may not have this. Ask and see what is available.

Certificate renewal with WPA2-Enterprise PEAP MS-CHAPv2

Hello
We have a wireless network which is secured with WPA2-Enterprise with PEAP and MS-CHAPv2. The Radius servers (Windows Server 2008r2 with the Radius Feature installed) currently use a public signed certificate. This is about to expire soon and will need to be renewed.
The clients are non-managed and from all variety (OS, wifi-software, ...).
The Wifi is 4400 controller based and managed with the new Prime Infrastructure 1.3.
What is the best way to do the renewal with as little disturbance for the client as possible? The less manual interaction for the end user the better.
Thanks
Patrick

Hello Patrick,
As per your query i can suggest you the following steps-
Since the root CA is the most critical CA in the hierarchy, you may prefer to have a strategy here that reduces the need to renew the root certificate often.
The first consideration is choosing the key length of the root's public key and private key pair during setup of the root authority. By using a long key length, which is generally more secure against brute force attack than a shorter key length, you increase the length of time that the CA can use the same private key and have reasonable confidence that it has not been compromised. The second consideration is establishing the validity period of the root certificate itself. In general, you will want to create a root certificate that has a shorter validity period than the estimated lifetime of the key.
For more information you can refer to the link-
http://technet.microsoft.com/en-us/library/cc740209(v=ws.10).aspx
Hope this will help you.

Lumia 820 WPA2 Enterprise

Hello,
I have one big problem. I can't reach wifi WPA2 Enterprise (Encryption: AES, Auth method: EAP (PEAP)).
It says: Connection unsuccessfull: Your phone couldn't reach the Wi-Fi network ...
But I'm able to connect WPA2-Personal, WEP. But that one in my school I can't
Other guys with WP8 can connect, also with androids and iPhones.
What I'm did? Factory reset and hard reset after. None of these help :/
Currently info:
Model: Lumia 820
OS ver: 8.0.10328.78
Firmware: 3047.0000.1328.3003 (Operator Plus PL SW variant)
Hardware: 1.0.0.0
Communication soft: 1.0.202132.3
I heard some people work with new Network+, my ver is: 1.3.2.1
Restored today!
Thanks for any help!

BUMP
New progress, I get log
here is log from windows phone 8 to cisco:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: SSAKHK\veteska.lukas
Account Name: veteska.lukas
Account Domain: SSAKHK
Fully Qualified Account Name: ssakhk.cz/####
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 0014.f262.6300
Calling Station Identifier: 4c25.7894.01ac
NAS:
NAS IPv4 Address: 172.30.1.22
NAS IPv6 Address: -
NAS Identifier: aps320
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 15199
RADIUS Client:
Client Friendly Name: aps320
Client IP Address: 172.30.1.22
Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: pristup na wifi
Authentication Provider: Windows
Authentication Server: ####.ssakhk.cz
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
Password and user name is CORRECT!

Problem wireless connection with WPA2 Enterprise

Hello,
I am experiencing an annoying problem while trying to connect at the wireless network at the University, adopting WPA2 Enterprise. After some days of frustration I decided to post a help message here, I hope it's the right section (my problem could be kernel related...). Basically I can't connect to the network, no matter how many times i may try. Other operating systems do not give me the same problem, I can connect without issues thus my card is working properly.
Summarizing:
- My card is a BCM4313 (Broadcom), natively supported within the kernel by the module brcmsmac.
- I tried the module wl as well, with no result.
- I tried both Arch standard kernel and the LTS one.
- I am Gnome user, hence I use NetworkManager (never had a problem in the last 2 years at least...)
- I tried Wicd as well (in the past it was working when NM was failing), with no result.
- Both MS Windows, Ubuntu and Linux Mint (driver brcmsmac) allow me to connect to the network.
- The problem occurrs only in case of WPA2 Enterprise, unfortunately this is a "parameter" I cannot change...
What follows is a portion of NM log file, where I isolated the part related to one connection attempt.
NetworkManager[305]: <info> (eth1): device state change: prepare -> config (reason 'none') [40 50 0]
NetworkManager[305]: <info> Activation (eth1/wireless): access point 'MY_SSID' has security, but secrets are required
NetworkManager[305]: <info> (eth1): device state change: config -> need-auth (reason 'none') [50 60 0]
NetworkManager[305]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) complete.
NetworkManager[305]: <info> Activation (eth1) Stage 1 of 5 (Device Prepare) scheduled...
NetworkManager[305]: <info> Activation (eth1) Stage 1 of 5 (Device Prepare) started...
NetworkManager[305]: <info> (eth1): device state change: need-auth -> prepare (reason 'none') [60 40 0]
NetworkManager[305]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) scheduled...
NetworkManager[305]: <info> Activation (eth1) Stage 1 of 5 (Device Prepare) complete.
NetworkManager[305]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) starting...
NetworkManager[305]: <info> (eth1): device state change: prepare -> config (reason 'none') [40 50 0]
NetworkManager[305]: <info> Activation (eth1/wireless): connection 'MY_SSID' has security, and secrets exist. No new secret [I can't read after this but it's not relevant...]
NetworkManager[305]: <info> Config: added 'ssid' value 'MY_SSID'
NetworkManager[305]: <info> Config: added 'scan_ssid' value '1'
NetworkManager[305]: <info> Config: added 'key_mgmt' value 'WPA-EAP'
NetworkManager[305]: <info> Config: added 'password' value '<omitted>'
NetworkManager[305]: <info> Config: added 'eap' value 'PEAP'
NetworkManager[305]: <info> Config: added 'fragment_size' value '1300'
NetworkManager[305]: <info> Config: added 'phase2' value 'auth=MSCHAPV2'
NetworkManager[305]: <info> Config: added 'ca_path' value '/etc/ssl/certs'
NetworkManager[305]: <info> Config: added 'ca_path2' value '/etc/ssl/certs'
NetworkManager[305]: <info> Config: added 'identity' value 'username'
NetworkManager[305]: <info> Config: added 'bgscan' value 'simple:30:-45:300'
NetworkManager[305]: <info> Config: added 'proactive_key_caching' value '1'
NetworkManager[305]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) complete.
NetworkManager[305]: <info> Config: set interface ap_scan to 1
NetworkManager[305]: <info> (eth1): supplicant interface state: disconnected -> scanning
NetworkManager[305]: <info> (eth1): supplicant interface state: scanning -> associating
NetworkManager[305]: <info> (eth1): supplicant interface state: associating -> associated
NetworkManager[305]: <warn> Connection disconnected (reason -3)
NetworkManager[305]: <info> (eth1): supplicant interface state: associated -> disconnected
NetworkManager[305]: <info> (eth1): supplicant interface state: disconnected -> scanning
NetworkManager[305]: <info> (eth1): supplicant interface state: scanning -> associating
NetworkManager[305]: <info> (eth1): supplicant interface state: associating -> associated
NetworkManager[305]: <warn> Connection disconnected (reason -3)
NetworkManager[305]: <info> (eth1): supplicant interface state: associated -> disconnected
NetworkManager[305]: <info> (eth1): supplicant interface state: disconnected -> scanning
NetworkManager[305]: <warn> Activation (eth1/wireless): association took too long.
NetworkManager[305]: <info> (eth1): device state change: config -> need-auth (reason 'none') [50 60 0]
NetworkManager[305]: <warn> Activation (eth1/wireless): asking for new secrets
NetworkManager[305]: <warn> Couldn't disconnect supplicant interface: This interface is not connected.
NetworkManager[305]: <warn> Couldn't disconnect supplicant interface: This interface is not connected.
NetworkManager[305]: <info> (eth1): supplicant interface state: scanning -> inactive
NetworkManager[305]: <info> (eth1): disconnecting for new activation request.
NetworkManager[305]: <info> (eth1): device state change: need-auth -> disconnected (reason 'none') [60 30 0]
NetworkManager[305]: <info> (eth1): deactivating device (reason 'none') [0]
As I said before, it may be a kernel related problem, but it seems very strange since I would expect a higher number of users experiencing some troubles.
As a final note, I've been Arch-dependent since 4 years already and I love it. I can't really imagine to change distribution just for this...but I am stuck at present and I need to work with the laptop, so any help is really appreciated.
Thank you
Last edited by Demind (2013-05-30 12:38:40)

cfr wrote:Try to connect manually and post the output you get.
I did what you suggested and I could connect to the network, ergo it was a NetworkManager problem.
I am migrating to netctl, and I will test it at the university in the next days. I hope it will work.
Thanks for the hint, I should have done this test in the first place...:(

Host in network is not reachable over WPA2-Enterprise encryption

Similar Messages

Maybe you are looking for