How to setup WPA2-PSK on aironet 1602 i

I have an AIR-SAP1602I-A-K9 WAP and I am interested in configuring it for WPA2-PSK security for WAP access.  I don't see a way to do this in the GUI, does this model support that type of security?  Thank you.

Yes it does support WPA2/AES.  Please review this guide as it should help:
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116599-config-wpa-psk-00.html
-Scott

Similar Messages

  • How to enter WPA2-PSK  key ?

    Hi,
    To connect to my network at work I have a key with 64 hexadecimal digits.
    How do i enter that in the iphone ?
    I read somewhere that for WEP you need to prefix '$' in front of the hex digits. Someone also told me to try to prefix 0x.
    I tried the 64 hex digits without any prefix too.
    None of this worked.
    I also tried to create a configuration profile using the configuration tool, but it doesnt let you enter a password or key in the profile (it has to be done on the phone i guess)
    Thanks

    9 Alphanumeric characters will work just fine, hexadecimal is just another representation of the ASCII characters. In theory, it would take 1000 PC's about 16 years to crack a 9 alphanumeric password.

  • Configuring Aironet 1040 with WPA2-PSK

    I am attempting to configure two Aironet 1040 series wireless access points for the first time and am having some difficulty. This office does not have a RADIUS server so I would like to set them up to use WPA2 with a pre-shared key. However just how this is accomplished is not immediately apparent. I have attempted using both the command line interface and the web interface, but I get errors in both places. It doesn't seem like it is all that difficult, we're just talking about a few lines in the configuration file.
    This is what I have so far:
    Current configuration : 1684 bytes
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname ap1
    logging rate-limit console 9
    enable secret 5 $1$q9i9$V8Z042Zif0H7t4qN5awMM.
    no aaa new-model
    ip domain name Office
    dot11 syslog
    dot11 ssid WLAN
       vlan 30
       authentication open
    username Cisco password 7 05280F1C2243
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption mode ciphers tkip
    ssid WLAN
    antenna gain 0
    station-role root
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio1
    no ip address
    no ip route-cache
    shutdown
    ssid WLAN
    antenna gain 0
    dfs band 3 block
    channel dfs
    station-role root
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface GigabitEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    no keepalive
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface BVI1
    ip address 192.168.2.2 255.255.255.0
    no ip route-cache
    ip default-gateway 192.168.2.1
    ip http server
    no ip http secure-server
    ip http help-path
    http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    access-list 111 permit tcp any any neq telnet
    bridge 1 route ip
    line con 0
    access-class 111 in
    line vty 0 4
    access-class 111 in
    login local
    end

    OK, I figured out some of what was going on. The admin account was set to read only instead of read/write, and both radios had not been added to my VLAN. Now I have successfully (?) configured WPA2-PSK on both wireless access points, and they are broadcasting their SSIDs, but I am unable to connect to them for an unknown reason. I am prompted for the pre shared key and then the connection fails. Hmm...

  • WLAN User Idle Timeout and WPA2-PSK authentication

    Hi,
    There is a WLAN for Guest users with Session Timeout of 65535 sec and User Idle Timeout of 28800 sec. The WLAN uses PSK as Layer-2 authentication and Web Auth as Layer-3 authentication. Authentication source is locally created users on the controllers (LocalEAP) - can be RADIUS through ISE as well. 
    (Cisco Controller) show>sysinfo
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.6.130.0
    RTOS Version..................................... 7.6.130.0
    Bootloader Version............................... 7.6.130.0
    Emergency Image Version.......................... 7.6.130.0
    Build Type....................................... DATA + WPS
    System Name...................................... vwlc-1
    System Location.................................. Matrix
    System Contact................................... IT HelpDesk Matrix
    System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
    IP Address....................................... 10.10.10.50
    System Up Time................................... 6 days 17 hrs 30 mins 26 secs
    System Timezone Location......................... (GMT+10:00) Sydney, Melbourne, Canberra
    System Stats Realtime Interval................... 5
    System Stats Normal Interval..................... 180
    Configured Country............................... AU - Australia
    --More-- or (q)uit
    State of 802.11b Network......................... Enabled
    State of 802.11a Network......................... Enabled
    Number of WLANs.................................. 2
    Number of Active Clients......................... 0
    Burned-in MAC Address............................ 00:0C:29:74:15:2F
    Maximum number of APs supported.................. 200
    (Cisco Controller) show> wlan 2
    WLAN Identifier.................................. 2
    Profile Name..................................... Matrix-LocalEAP
    Network Name (SSID).............................. Matrix-LocalEAP
    Status........................................... Enabled
    MAC Filtering.................................... Disabled
    Broadcast SSID................................... Enabled
    AAA Policy Override.............................. Disabled
    Network Admission Control
    Client Profiling Status
    Radius Profiling ............................ Disabled
    DHCP ....................................... Disabled
    HTTP ....................................... Disabled
    Local Profiling ............................. Disabled
    DHCP ....................................... Disabled
    HTTP ....................................... Disabled
    Radius-NAC State............................... Disabled
    SNMP-NAC State................................. Disabled
    Quarantine VLAN................................ 0
    Maximum number of Associated Clients............. 0
    Maximum number of Clients per AP Radio........... 200
    Number of Active Clients......................... 0
    Exclusionlist Timeout............................ 60 seconds
    Session Timeout.................................. 65535 seconds
    User Idle Timeout................................ 28800 seconds
    Sleep Client..................................... disable
    Sleep Client Timeout............................. 12 hours
    User Idle Threshold.............................. 0 Bytes
    NAS-identifier................................... vwlc-1
    CHD per WLAN..................................... Enabled
    Webauth DHCP exclusion........................... Disabled
    Interface........................................ management
    Multicast Interface.............................. Not Configured
    WLAN IPv4 ACL.................................... unconfigured
    WLAN IPv6 ACL.................................... unconfigured
    WLAN Layer2 ACL.................................. unconfigured
    mDNS Status...................................... Disabled
    mDNS Profile Name................................ unconfigured
    DHCP Server...................................... Default
    DHCP Address Assignment Required................. Enabled
    Static IP client tunneling....................... Disabled
    Quality of Service............................... Silver
    Per-SSID Rate Limits............................. Upstream Downstream
    Average Data Rate................................ 0 0
    Average Realtime Data Rate....................... 0 0
    Burst Data Rate.................................. 0 0
    Burst Realtime Data Rate......................... 0 0
    Per-Client Rate Limits........................... Upstream Downstream
    Average Data Rate................................ 0 0
    Average Realtime Data Rate....................... 0 0
    Burst Data Rate.................................. 0 0
    Burst Realtime Data Rate......................... 0 0
    Scan Defer Priority.............................. 4,5,6
    Scan Defer Time.................................. 100 milliseconds
    WMM.............................................. Allowed
    WMM UAPSD Compliant Client Support............... Disabled
    Media Stream Multicast-direct.................... Disabled
    CCX - AironetIe Support.......................... Enabled
    CCX - Gratuitous ProbeResponse (GPR)............. Disabled
    CCX - Diagnostics Channel Capability............. Disabled
    Dot11-Phone Mode (7920).......................... Disabled
    Wired Protocol................................... 802.1P (Tag=2)
    Passive Client Feature........................... Disabled
    Peer-to-Peer Blocking Action..................... Disabled
    Radio Policy..................................... All
    DTIM period for 802.11a radio.................... 1
    DTIM period for 802.11b radio.................... 1
    Radius Servers
    Authentication................................ 10.10.10.70 1812
    Accounting.................................... 10.10.10.70 1813
    Interim Update............................. Disabled
    Framed IPv6 Acct AVP ...................... Prefix
    Dynamic Interface............................. Disabled
    Dynamic Interface Priority.................... wlan
    Local EAP Authentication......................... Enabled (Profile 'local-eap-matrix')
    Security
    802.11 Authentication:........................ Open System
    FT Support.................................... Disabled
    Static WEP Keys............................... Disabled
    802.1X........................................ Disabled
    Wi-Fi Protected Access (WPA/WPA2)............. Enabled
    WPA (SSN IE)............................... Disabled
    WPA2 (RSN IE).............................. Enabled
    TKIP Cipher............................. Disabled
    AES Cipher.............................. Enabled
    Auth Key Management
    802.1x.................................. Disabled
    PSK..................................... Enabled
    CCKM.................................... Disabled
    FT-1X(802.11r).......................... Disabled
    FT-PSK(802.11r)......................... Disabled
    PMF-1X(802.11w)......................... Disabled
    PMF-PSK(802.11w)........................ Disabled
    FT Reassociation Timeout................... 20
    FT Over-The-DS mode........................ Disabled
    GTK Randomization.......................... Disabled
    SKC Cache Support.......................... Disabled
    CCKM TSF Tolerance......................... 1000
    WAPI.......................................... Disabled
    Wi-Fi Direct policy configured................ Disabled
    EAP-Passthrough............................... Disabled
    CKIP ......................................... Disabled
    Web Based Authentication...................... Enabled
    IPv4 ACL........................................ Unconfigured
    IPv6 ACL........................................ Unconfigured
    Web-Auth Flex ACL............................... Unconfigured
    Web Authentication server precedence:
    1............................................... local
    2............................................... radius
    3............................................... ldap
    Web-Passthrough............................... Disabled
    Conditional Web Redirect...................... Disabled
    Splash-Page Web Redirect...................... Disabled
    Auto Anchor................................... Disabled
    FlexConnect Local Switching................... Enabled
    flexconnect Central Dhcp Flag................. Disabled
    flexconnect nat-pat Flag...................... Disabled
    flexconnect Dns Override Flag................. Disabled
    flexconnect PPPoE pass-through................ Disabled
    flexconnect local-switching IP-source-guar.... Disabled
    FlexConnect Vlan based Central Switching ..... Disabled
    FlexConnect Local Authentication.............. Disabled
    FlexConnect Learn IP Address.................. Enabled
    Client MFP.................................... Optional
    PMF........................................... Disabled
    PMF Association Comeback Time................. 1
    PMF SA Query RetryTimeout..................... 200
    Tkip MIC Countermeasure Hold-down Timer....... 60
    Eap-params.................................... Disabled
    AVC Visibilty.................................... Disabled
    AVC Profile Name................................. None
    Flow Monitor Name................................ None
    Split Tunnel (Printers).......................... Disabled
    Call Snooping.................................... Disabled
    Roamed Call Re-Anchor Policy..................... Disabled
    SIP CAC Fail Send-486-Busy Policy................ Enabled
    SIP CAC Fail Send Dis-Association Policy......... Disabled
    KTS based CAC Policy............................. Disabled
    Assisted Roaming Prediction Optimization......... Disabled
    802.11k Neighbor List............................ Disabled
    802.11k Neighbor List Dual Band.................. Disabled
    Band Select...................................... Disabled
    Load Balancing................................... Disabled
    Multicast Buffer................................. Disabled
    Mobility Anchor List
    WLAN ID IP Address Status
    802.11u........................................ Disabled
    MSAP Services.................................. Disabled
    Local Policy
    Priority Policy Name
    The wireless user on joining the WLAN enters the PSK and than gets redirected to WLC Web Auth portal for authentication. On successful login, the user is granted access. The issue is that despite Idle Timeout being 28800 sec (8 hours), the WLC removes the client entry before 8 hours if the device goes to sleep - mostly within the first hour. Tested this on Windows 7 notebook multiple times. When the PC is put to sleep, the WLC loses its record after some time. When PC wakes up, it has to undergo Web Auth again. Debugging the client MAC generates these logs - from initial association to final clearing.
    (Cisco Controller) >*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Association received from mobile on BSSID 00:26:cb:4c:89:d1
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Global 200 Clients are allowed to AP radio
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Max Client Trap Threshold: 0 cur: 1
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Rf profile 600 Clients are allowed to AP wlan
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 override for default ap group, marking intgrp NULL
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 10
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Re-applying interface policy for client
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2219)
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2240)
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 In processSsidIE:4850 setting Central switched to FALSE
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Applying site-specific Local Bridging override for station 3c:a9:f4:0b:91:70 - vapId 2, site 'default-group', interface 'management'
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Applying Local Bridging Interface Policy for station 3c:a9:f4:0b:91:70 - vlan 10, interface id 0, interface 'management'
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 processSsidIE statusCode is 0 and status is 0
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 processSsidIE ssid_done_flag is 0 finish_flag is 0
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 STA - rates (6): 152 36 176 72 96 108 0 0 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 suppRates statusCode is 0 and gotSuppRatesElement is 1
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Processing RSN IE type 48, length 22 for mobile 3c:a9:f4:0b:91:70
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 AID 1 in Assoc Req from flex AP 00:26:cb:4c:89:d0 is same as in mscb 3c:a9:f4:0b:91:70
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 apfMs1xStateDec
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Change state to START (0) last state WEBAUTH_REQD (8)
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 START (0) Initializing policy
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 START (0) Change state to AUTHCHECK (2) last state START (0)
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Encryption policy is set to 0x80000001
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Central switch is FALSE
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Sending Local Switch flag = 1
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 8021X_REQD (3) DHCP Not required on AP 00:26:cb:4c:89:d0 vapId 2 apVapId 2for this client
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:26:cb:4c:89:d0 vapId 2 apVapId 2 flex-acl-name:
    *apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 3c:a9:f4:0b:91:70 on AP 00:26:cb:4c:89:d0 from Associated to Associated
    *apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 apfPemAddUser2:session timeout forstation 3c:a9:f4:0b:91:70 - Session Tout 65535, apfMsTimeOut '65535' and sessionTimerRunning flag is 0
    *apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 Scheduling deletion of Mobile Station: (callerId: 49) in 65535 seconds
    *apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 Func: apfPemAddUser2, Ms Timeout = 65535, Session Timeout = 65535
    *apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 Sending Assoc Response to station on BSSID 00:26:cb:4c:89:d1 (status 0) ApVapId 2 Slot 0
    *apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 apfProcessAssocReq (apf_80211.c:8294) Changing state for mobile 3c:a9:f4:0b:91:70 on AP 00:26:cb:4c:89:d0 from Associated to Associated
    *pemReceiveTask: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 10.10.1.130 Removed NPU entry.
    *spamApTask7: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Sent 1x initiate message to multi thread task for mobile 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Creating a PKC PMKID Cache entry for station 3c:a9:f4:0b:91:70 (RSN 2)
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Resetting MSCB PMK Cache Entry 0 for station 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Removing BSSID 00:26:cb:4c:89:d1 from PMKID cache of station 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Setting active key cache index 0 ---> 8
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Setting active key cache index 8 ---> 0
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Adding BSSID 00:26:cb:4c:89:d1 to PMKID cache at index 0 for station 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: New PMKID: (16)
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: [0000] 67 67 8f 7d 2a 8d 78 f9 6d 29 c7 74 d2 fd 6a 25
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Initiating RSN PSK to mobile 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 EAP-PARAM Debug - eap-params for Wlan-Id :2 is disabled - applying Global eap timers and retries
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 dot1x - moving mobile 3c:a9:f4:0b:91:70 into Force Auth state
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Skipping EAP-Success to mobile 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 EAPOL Header:
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 00000000: 02 03 5f 00 .._.
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Found an cache entry for BSSID 00:26:cb:4c:89:d1 in PMKID cache at index 0 of station 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Found an cache entry for BSSID 00:26:cb:4c:89:d1 in PMKID cache at index 0 of station 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: Including PMKID in M1 (16)
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: [0000] 67 67 8f 7d 2a 8d 78 f9 6d 29 c7 74 d2 fd 6a 25
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Starting key exchange to mobile 3c:a9:f4:0b:91:70, data packets will be dropped
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
    state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
    state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Allocating EAP Pkt for retransmission to mobile 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.567: 3c:a9:f4:0b:91:70 Received EAPOL-Key from mobile 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Received EAPOL-key in PTK_START state (message 2) from mobile 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Stopping retransmission timer for mobile 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 EAPOL Header:
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 00000000: 02 03 5f 00 .._.
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
    state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
    state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Reusing allocated memory for EAP Pkt for retransmission to mobile 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Received EAPOL-Key from mobile 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Stopping retransmission timer for mobile 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Freeing EAP Retransmit Bufer for mobile 3c:a9:f4:0b:91:70
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 apfMs1xStateInc
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Central switch is FALSE
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Sending the Central Auth Info
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Central Auth Info Allocated PMKLen = 32
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: EapolReplayCounter: 00 00 00 00 00 00 00 01
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: EapolReplayCounter: 00 00 00 00 00 00 00 01
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 PMK: pmkActiveIndex = 0
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 EapolReplayCounter: 00 00 00 00 00 00 00 01
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
    apfMsEntryType = 0 apfMsEapType = 0
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Sending Local Switch flag = 1
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 L2AUTHCOMPLETE (4) DHCP Not required on AP 00:26:cb:4c:89:d0 vapId 2 apVapId 2for this client
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Not Using WMM Compliance code qosCap 00
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 00:26:cb:4c:89:d0 vapId 2 apVapId 2 flex-acl-name:
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 L2AUTHCOMPLETE (4) Change state to WEBAUTH_REQD (8) last state L2AUTHCOMPLETE (4)
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) pemAdvanceState2 6236, Adding TMP rule
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Adding Fast Path rule
    type = Airespace AP Client - ACL passthru
    on AP 00:26:cb:4c:89:d0, slot 0, interface = 1, QOS = 0
    IPv4 ACL ID
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Fast Path rule (contd...) 802.1P = 2, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 10, Local Bridging intf id = 0
    *Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
    *spamApTask7: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 spamEncodeCentralAuthInoMsPayload: msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
    apfMsEntryType = 0 pmkLen = 32
    *pemReceiveTask: Feb 04 07:48:10.570: 3c:a9:f4:0b:91:70 10.10.1.130 Added NPU entry of type 2, dtlFlags 0x0
    *pemReceiveTask: Feb 04 07:48:10.570: 3c:a9:f4:0b:91:70 Pushing IPv6: fe80:0000:0000:0000:c915:4a8e:6d1a:e20d , and MAC: 3C:A9:F4:0B:91:70 , Binding to Data Plane. SUCCESS !!
    *DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP received op BOOTREPLY (2) (len 308,vlan 10, port 1, encap 0xec03)
    *DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP processing DHCP ACK (5)
    *DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP xid: 0xcce207f6 (3437365238), secs: 0, flags: 0
    *DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP chaddr: 3c:a9:f4:0b:91:70
    *DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP ciaddr: 0.0.0.0, yiaddr: 10.10.1.130
    *DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
    *DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP server id: 10.10.1.20 rcvd server id: 10.10.1.20
    *SNMPTask: Feb 04 07:48:16.594: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *SNMPTask: Feb 04 07:48:16.594: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *SNMPTask: Feb 04 07:48:16.595: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *SNMPTask: Feb 04 07:48:16.595: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *ewmwebWebauth1: Feb 04 07:48:31.129: 3c:a9:f4:0b:91:70 Username entry (local1) created for mobile, length = 6
    *ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 Username entry (local1) created in mscb for mobile, length = 6
    *ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Change state to WEBAUTH_NOL3SEC (14) last state WEBAUTH_REQD (8)
    *ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 apfMsRunStateInc
    *ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_NOL3SEC (14) Change state to RUN (20) last state WEBAUTH_NOL3SEC (14)
    *ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 Session Timeout is 65535 - starting session timer for the mobile
    *ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 10.10.1.130 RUN (20) Reached PLUMBFASTPATH: from line 6571
    *ewmwebWebauth1: Feb 04 07:48:31.131: 3c:a9:f4:0b:91:70 10.10.1.130 RUN (20) Replacing Fast Path rule
    type = Airespace AP Client
    on AP 00:26:cb:4c:89:d0, slot 0, interface = 1, QOS = 0
    IPv4 ACL ID = 255, IPv6 ACL ID =
    *ewmwebWebauth1: Feb 04 07:48:31.131: 3c:a9:f4:0b:91:70 10.10.1.130 RUN (20) Fast Path rule (contd...) 802.1P = 2, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 10, Local Bridging intf id = 0
    *ewmwebWebauth1: Feb 04 07:48:31.131: 3c:a9:f4:0b:91:70 10.10.1.130 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
    *pemReceiveTask: Feb 04 07:48:31.132: 3c:a9:f4:0b:91:70 10.10.1.130 Added NPU entry of type 1, dtlFlags 0x0
    (Cisco Controller) >
    (Cisco Controller) >
    (Cisco Controller) >
    (Cisco Controller) >
    (Cisco Controller) >
    (Cisco Controller) >
    (Cisco Controller) >
    (Cisco Controller) >
    (Cisco Controller) >*pemReceiveTask: Feb 04 07:48:31.132: 3c:a9:f4:0b:91:70 Pushing IPv6: fe80:0000:0000:0000:c915:4a8e:6d1a:e20d , and MAC: 3C:A9:F4:0B:91:70 , Binding to Data Plane. SUCCESS !!
    *emWeb: Feb 04 07:49:14.120: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *emWeb: Feb 04 07:49:14.120: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *emWeb: Feb 04 07:49:14.120: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *SNMPTask: Feb 04 07:51:19.646: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *SNMPTask: Feb 04 07:51:19.646: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *SNMPTask: Feb 04 07:51:19.662: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *SNMPTask: Feb 04 07:51:19.662: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *SNMPTask: Feb 04 07:51:19.663: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *SNMPTask: Feb 04 07:51:19.663: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *IPv6_Msg_Task: Feb 04 07:53:35.661: 3c:a9:f4:0b:91:70 Link Local address fe80::c915:4a8e:6d1a:e20d updated to mscb. Not Advancing pem state.Current state: mscb in apfMsMmInitial mobility state and client state APF_MS_STATE_A
    *dot1xMsgTask: Feb 04 07:54:26.664: GTK Rotation Kicked in for AP: 00:26:cb:4c:89:d0 SlotId = 1 - (0x47440ef0)
    *dot1xMsgTask: Feb 04 07:54:26.665: Generated a new group key for AP 00:26:cb:4c:89:d0(1) - vap 1
    *dot1xMsgTask: Feb 04 07:54:26.665: Sending of M5 for 00:26:cb:4c:89:d0 is Skipped, rc = 1
    *dot1xMsgTask: Feb 04 07:54:26.665: Generated a new group key for AP 00:26:cb:4c:89:d0(1) - vap 2
    *dot1xMsgTask: Feb 04 07:54:26.665: Sending of M5 for 00:26:cb:4c:89:d0 is Skipped, rc = 1
    *SNMPTask: Feb 04 07:56:19.689: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *SNMPTask: Feb 04 07:56:19.689: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *SNMPTask: Feb 04 08:01:19.730: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *SNMPTask: Feb 04 08:01:19.730: 3c:a9:f4:0b:91:70 Central Switch = FALSE
    *dot1xMsgTask: Feb 04 08:01:23.904: GTK Rotation Kicked in for AP: 00:26:cb:4c:89:d0 SlotId = 0 - (0x47440ef0)
    *dot1xMsgTask: Feb 04 08:01:23.904: Generated a new group key for AP 00:26:cb:4c:89:d0(0) - vap 1
    *dot1xMsgTask: Feb 04 08:01:23.905: Sending of M5 for 00:26:cb:4c:89:d0 is Skipped, rc = 1
    *dot1xMsgTask: Feb 04 08:01:23.905: Generated a new group key for AP 00:26:cb:4c:89:d0(0) - vap 2
    *dot1xMsgTask: Feb 04 08:01:23.905: GTK rotation for 3c:a9:f4:0b:91:70
    *dot1xMsgTask: Feb 04 08:01:23.905: 3c:a9:f4:0b:91:70 EAPOL Header:
    *dot1xMsgTask: Feb 04 08:01:23.905: 00000000: 02 03 5f 00 .._.
    *dot1xMsgTask: Feb 04 08:01:23.905: 3c:a9:f4:0b:91:70 Key exchange done, data packets from mobile 3c:a9:f4:0b:91:70 should be forwarded shortly
    *dot1xMsgTask: Feb 04 08:01:23.905: 3c:a9:f4:0b:91:70 Key exchange done, data packets from mobile 3c:a9:f4:0b:91:70 should be forwarded shortly
    *dot1xMsgTask: Feb 04 08:01:23.906: Confirmation Key: (16)
    *dot1xMsgTask: Feb 04 08:01:23.906: [0000] fa a3 68 28 46 1f 49 18 a0 60 7a 92 c4 f5 64 3d
    *dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
    state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
    *dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
    state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
    *dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 Allocating EAP Pkt for retransmission to mobile 3c:a9:f4:0b:91:70
    *dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
    *dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
    *dot1xMsgTask: Feb 04 08:01:23.907: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 1 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
    *dot1xMsgTask: Feb 04 08:01:23.907: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
    *dot1xMsgTask: Feb 04 08:01:23.907: 3c:a9:f4:0b:91:70 Updated broadcast key sent to mobile 3C:A9:F4:0B:91:70
    *dot1xMsgTask: Feb 04 08:01:23.907: 3c:a9:f4:0b:91:70 Updated broadcast key sent to mobile 3C:A9:F4:0B:91:70
    *dot1xMsgTask: Feb 04 08:01:23.907: Sending of M5 for 00:26:cb:4c:89:d0 is Skipped, rc = 1
    *osapiBsnTimer: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 802.1x 'timeoutEvt' Timer expired for station 3c:a9:f4:0b:91:70 and for message = M5
    *dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 Retransmit 1 of EAPOL-Key M5 (length 131) for mobile 3c:a9:f4:0b:91:70
    *dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
    *dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
    *dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 1 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
    *dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
    *osapiBsnTimer: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 802.1x 'timeoutEvt' Timer expired for station 3c:a9:f4:0b:91:70 and for message = M5
    *dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 Retransmit 2 of EAPOL-Key M5 (length 131) for mobile 3c:a9:f4:0b:91:70
    *dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
    *dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
    *dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 1 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
    *dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
    *osapiBsnTimer: Feb 04 08:01:27.104: 3c:a9:f4:0b:91:70 802.1x 'timeoutEvt' Timer expired for station 3c:a9:f4:0b:91:70 and for message = M5
    *dot1xMsgTask: Feb 04 08:01:27.104: 3c:a9:f4:0b:91:70 Retransmit failure for EAPOL-Key M5 to mobile 3c:a9:f4:0b:91:70, retransmit count 3, mscb deauth count 0
    *dot1xMsgTask: Feb 04 08:01:27.104: 3c:a9:f4:0b:91:70 Resetting MSCB PMK Cache Entry 0 for station 3c:a9:f4:0b:91:70
    *dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Removing BSSID 00:26:cb:4c:89:d1 from PMKID cache of station 3c:a9:f4:0b:91:70
    *dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Setting active key cache index 0 ---> 8
    *dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Sent Deauthenticate to mobile on BSSID 00:26:cb:4c:89:d0 slot 0(caller 1x_ptsm.c:598)
    *dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Setting active key cache index 8 ---> 8
    *dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Deleting the PMK cache when de-authenticating the client.
    *dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Global PMK Cache deletion failed.
    *dot1xMsgTask: Feb 04 08:01:27.106: 3c:a9:f4:0b:91:70 Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
    *dot1xMsgTask: Feb 04 08:01:27.106: 3c:a9:f4:0b:91:70 Freeing EAP Retransmit Bufer for mobile 3c:a9:f4:0b:91:70
    *osapiBsnTimer: Feb 04 08:01:37.105: 3c:a9:f4:0b:91:70 apfMsExpireCallback (apf_ms.c:626) Expiring Mobile!
    *apfReceiveTask: Feb 04 08:01:37.105: 3c:a9:f4:0b:91:70 apfMsExpireMobileStation (apf_ms.c:6655) Changing state for mobile 3c:a9:f4:0b:91:70 on AP 00:26:cb:4c:89:d0 from Associated to Disassociated
    *apfReceiveTask: Feb 04 08:01:37.105: 3c:a9:f4:0b:91:70 Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds
    *osapiBsnTimer: Feb 04 08:01:47.105: 3c:a9:f4:0b:91:70 apfMsExpireCallback (apf_ms.c:626) Expiring Mobile!
    *apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Sent Deauthenticate to mobile on BSSID 00:26:cb:4c:89:d0 slot 0(caller apf_ms.c:6749)
    *apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Setting active key cache index 8 ---> 8
    *apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Deleting the PMK cache when de-authenticating the client.
    *apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Global PMK Cache deletion failed.
    *apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 apfMsAssoStateDec
    *apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 apfMsExpireMobileStation (apf_ms.c:6787) Changing state for mobile 3c:a9:f4:0b:91:70 on AP 00:26:cb:4c:89:d0 from Disassociated to Idle
    *apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Scheduling deletion of Mobile Station: (callerId: 47) in 10 seconds
    *osapiBsnTimer: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 apfMsExpireCallback (apf_ms.c:626) Expiring Mobile!
    *apfReceiveTask: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
    *apfReceiveTask: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 10.10.1.130 START (0) Deleted mobile LWAPP rule on AP [00:26:cb:4c:89:d0]
    *apfReceiveTask: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 Username entry deleted for mobile
    *apfReceiveTask: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 Deleting mobile on AP 00:26:cb:4c:89:d0(0)
    If Layer-2 Auth (PSK) is set to "none" and only Layer-3 Web Auth is kept, then there are no issues. PC can wake up before 8 hours and not prompted for Web Auth again. As a test, I setup the WLAN with Layer-2 PSK auth only with Layer-3 auth set to none. The WLC removed the client entry after 25 minutes. Not an issue for PSK based auth only as PC on wake up seamlessly gets associated to WLAN. 
    Is User Idle Timeout setting not valid when WPA2-PSK is used as the auth method ?
    Thanks, 
    Rick.

    Thanks Scott, The code version is 7.6.130.0 which supports Sleeping Client feature. However, as per the docu "http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_010111.html#reference_7008E6F7D7094BA7AD39491D7361622D"
    The authentication of sleeping clients feature is not supported with Layer 2 security and web authentication enabled.
    and as you mentioned as well
    ...Sleeping client like George mentioned is a better way than adjusting the idle timer but strictly for layer 3 only...
    Sleeping Client wasn't an option in my case. That is why I was hoping that Idle Timeout may do the trick here. This is an actual case where a client with an existing wireless network just wanted to enable sleeping client feature so that their guests don't need to re-auth if their device sleeps or they go out (break) and come back after some time. Layer-3 Web Auth alone should be enough I think. Keeping L2-PSK is probably their security team's decision, as they also use the same SSID for BYOD devices and don't want nearby people/buildings to see that there is an Open Wifi available and on joining would see the Web Auth portal and company disclaimer. 
    George, I agree with Dot1X method. It can be used for the BYOD devices (separate SSID) while we can keep the Guest WLAN as L3-WebAuth only on controller (or do CWA through ISE if available). 
    Thanks for all your help.
    Rick.

  • WPA2 configuration on Aironet 1042N

    Just started at a new job and had three new Cisco Aironet 1042Ns thrown at me and asked to configure them.  They are running the latest software; C1040 Software (C1140-K9W7-M), Version 12.4(25d)JA1.  I had no issues configuring them with no security and with WEP, but would very much like to avoid this and configure WPA or better WPA2.
    The settings for WPA under the web-based interface require a RADIUS server, which we do not have.  Are there any instructions on the Cisco site (or elsewhere) that explain how to configure WPA2 for added security on a Aironet 1042N without using a RADIUS server for authentication?  It just seems to me that these enterprise-level WAPs should be able to do the same as any of the commodity wireless APs and provide extra security.
    Thanks in advance.
    KJ

    Try to reference this document for wpa v1 or v2 for preshared key.  If you want to use AD, you need to implement a radius server.  Start out with wpa2 psk first and then if you get that going, then try 802.1x.  Requires the use of certificates on the radius.
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • WPA2-PSK

    Greetings -
    I currently have a Cisco AIR-AP1231G-A-K9 that is running IOS version 12.3(8)JEA1. I am trying to setup WPA2 "Personal" (WPA2-PSK) with a client running Windows XP SP2. The WLAN Nic is a Cisco a/b/g PCMCIA, driver version 2.5.0.22. I have configured the PSK on both the AP and the client and verified that I did not make a typing mistake. I have installed the Microsoft WPA2 hotfix to see if that was causing the problem but it is not. The actual problem is that the client says it's "Authenticated" but will not allow any traffic to pass through. Whenever I created an SSID NOT using WPA2-PSK, the client can ge an IP address and things function normally. Here is the current AP configuration:
    sh run
    Building configuration...
    Current configuration : 4170 bytes
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname AP1
    enable secret ****
    ip subnet-zero
    no aaa new-model
    dot11 vlan-name Joes-VLANofFUN vlan 237
    dot11 vlan-name Joes-VLANofFUN-PartII vlan 238
    dot11 ssid -=b0Gg$=-
    vlan 237
    authentication open
    --More-- authentication key-management wpa
    wpa-psk ascii ****
    username Cisco password ****
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption vlan 237 mode ciphers aes-ccm
    ssid -=b0Gg$=-
    --More-- speed basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    no power client local
    power client 50
    power local cck 50
    power local ofdm 30
    station-role root
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio0.237
    encapsulation dot1Q 237
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    no ip route-cache
    no cdp enable
    bridge-group 237
    bridge-group 237 subscriber-loop-control
    bridge-group 237 block-unknown-source
    --More-- no bridge-group 237 source-learning
    no bridge-group 237 unicast-flooding
    bridge-group 237 spanning-disabled
    interface FastEthernet0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    no ip route-cache
    speed 100
    full-duplex
    hold-queue 160 in
    interface FastEthernet0.237
    encapsulation dot1Q 237
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    no ip route-cache
    no cdp enable
    bridge-group 237
    --More-- bridge-group 237 subscriber-loop-control
    bridge-group 237 block-unknown-source
    no bridge-group 237 source-learning
    no bridge-group 237 unicast-flooding
    bridge-group 237 spanning-disabled
    interface FastEthernet0.238
    encapsulation dot1Q 238 native
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface BVI1
    ip address 10.238.1.100 255.255.0.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    no ip route-cache
    --More-- ip default-gateway 10.238.1.10
    no ip http server
    ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    control-plane
    bridge 1 route ip
    line con 0
    privilege level 15
    logging synchronous
    line vty 0 4
    login local
    end
    I have tried upgrading the WLAN NIC drivers to the latest version (3.5 I believe) but it does not help. If I run the troubleshooting task of the Aironet Desktop Utility is sasys that the Authentication tests failed, even though the status shows me as "Authenticated". Perhaps there is something in the above config that I am missing.
    Any help would be greatly appreciated.
    Joe

    Check the hardware version of your AP radio(S).
    Earlier versions (ending in "20") do not support AES (used for WPA2 / 802.11i).
    You should have at least a "Radio AIR-MP31G " for your 802.11G and "Radio AIR-RM21A" for your 802.11a radio.
    THe (probably) easiest way to check this is the Web GUI ... go to INterfaces, select each band, then the "Detailed Status" tab.
    If your radios are older than this, the CLI and GUI will accept your configuration for WPA2/802.11i, but will not operate in that mode (and usually fail).
    Either radio is independently upgradeable for ~US$100.00 through someplace like www.cdw.com.
    Good Luck
    Scott

  • Connect WAP4410 to Aironet 1602 in Client mode doesn't work

    Hello,
    I wish to associate my WAP4410 Aironet 1602 to a wifi bridge.
    I will explain my progress.
    I configured an SSID on the Aironet (not in guest-mode) with WPA-PSK.
    My iphone and my Android able to connect to the Aironet, so we can assume that the link works.
    I configured my Android ICS Wifi + 3G with similar parameters.
    The WAP4410 can connect to the Android, but does not connect to the Aironet.
    The configuration on the WAP4410 is AP "Wireless Client / Repeater" mode with the SSID of the Aironet.
    And security in WPA-TKIP + Personnal.
    Do you have any idea?
    Thanks for your help.

    As Cody wrote, SP2 introduced changes in the way App-V handles permissions inside the package (which effectively hits the client's physical locations), also changes in how environments with folder redirection are supported change in SP2.
    HF4 for SP2 made some modifications, too.
    Are you using Folder Redirection for Appdata? Are you publishing the package in both scenarios (SP1, SP2) with the same scopes (user vs. global)?
    Falko
    Twitter
    @kirk_tn   |   Blog
    kirxblog   |   Web
    kirx.org   |   Fireside
    appvbook.com
    Hi
    We're not redirecting AppData and we only ever publish packages globally to the servers. I'm going to test the package using the HF4 client with the 'write to VFS' option selected and all files outside of the PVAD as per Cody's suggestion.
    I've done some more investigation and the two servers are both in the same OU, from what I can gather the only difference between the two is that one is SP1 and one is SP2.
    Thanks

  • Wga54g connecting to sony blu ray using WPA-PSK (TKIP) or WPA2-PSK (AES)

    My Wga54g is to be the interenet source to my sony blu ray player. I have a wireless broadband router modem setup that uses WPA-PSK (TKIP) and WPA2-PSK (AES). How do I configure everything to work? Since the WGA54G only does WEP is there a way to configure it or the Sony Blu ray to get a internet signal to it? The sony seems to have a automatic IP or manual IP configuration setting option.  I suppose I can step down to WEP on the router settings but I'd rather not. I tried that and couldn't get it to work regardless. Please help!

    To connect the Wireless-G Game adapter to a wireless network, please determine your SSID, Wireless Security and/or Network Key. Second you need to lower down the security mode to WEP, since WGA54G do not have any other security mode. Here is the link for connecting the Wireless Network using a WGA54G: http://www6.nohold.net/Cisco2/ukp.aspx?pid=93&login=1&vw=1&app=search&articleid=4558&userrole=Linksy...

  • Help! Confusion over how to setup intel3945 wireless and rc.conf

    Hi,
    I'm very confused.  I've already read through all the wikis and searched many forum posts.  I can't get my wireless intel3945 to work on my dell vostro 1400.
    Iwconfig says the wireless card is at wlan0 and dmesg | grep iwl says it has detected it.  However, when I try a iwlist wlan0 scan it returns :
    wlan0 Interface doesn't support scanning : Network is down
    I think the problem is that I don't know how to setup rc.conf correctly or use the command line to test the wireless.  Forum posts say many different things on how this is done.
    These are the steps I have taken:
    uninstalled the ipw3945 and ipw3945-ucode and ipw3945d.
    installed iwlwifi and iwlwifi-3945-ucode
    in my rc.conf modules, added iwl3945.
    I'm not sure how to setup the networking section, this what I have now:
    lo="lo 127.0.01"
    eth0="dhcp"
    wlan0="dhcp"
    INTERFACES=(lo etho)
    gateway="default gw 192.168.1.1"
    ROUTES=(!gateway)
    And in my dameons I have 'network'.
    How can I scan for networks and connect to them on the commandline?  I'd prefer not to use a gui tool because they never work and never tell me why they're not working.
    Any help is greatly appreciated!
    Cheers!
    kilolima

    iphitus wrote:
    broch wrote:I have ipw3945 and iwl3945 working with wpa2 (or vpn)
    (less complicatd than the above)
    don't use netcfg2
    Why?
    no particular reason.
    Simply when I configured wireless, netcfg2 wasn't available. Since then it (wireless) works, so not having any problems, I did not modify network setup. Next week or so I am going to install Arch on my daughter's laptop (per her request ) so I will try netcfg2.
    So this is what I have for ipw3945 wpa2 or iwl3945 with wpa2
    Below you will find a lot of words so read slowly but there is not much actual work
    ipw3945 setup
    kernel 2.6.23.x (Arch or vanilla)
    or
    kernel 2.6.24/2.6.24-gitX (patched with ipw3945 patch from gentoo -> compiling separate module for 2.6.24 may fail. if you want kernel patch I can post a link)
    for default kernel install Arch packages for ipw3945, ipw3945d, ipw3945-ucode
    or
    if you want to compile modules, you will also need ieee80211 (first uninstall kernel's default, then install from sources otherwise ieee80211 from sources may refuse to install)
    modify /etc/rc.conf
    DAEMONS=(.... @ipw3945d @network ....)
    that is all you don't need to add ipw3945 to MODULES=(.....)
    because ipw3945d will automatically start ipw3945 module
    do not list eth1 in network config section:
    lo="lo 127.0.0.1"
    eth0="dhcp"
    INTERFACES=(eth0)
    as you see, in my case only eth0 (wired) is listed and eth1 (wireless) is not listed
    now you are done with basic network configuration for ipw3945, restart network/computer to bring up ipw3945d/ipw3945
    check if modules are up and basic network is set:
    #lsmod | grep ipw
    #ifconfig -a
    or
    #iwconfig
    if all is o.k. configure
    WPA2:
    configure router for wpa2
    client: basically follow Arch wiki:
    configure wpa_supplicant (installed already of course)
    #wpa_passphrase your_ssid your_psk
    keep terminal window open with created encrypted wpa passphrase  and in the second terminal window edit /etc/wpa_supplicant.conf
    ctrl_interface=/var/run/wpa_supplicant
    network={
            ssid="your_ssid"
            scan_ssid=1
            proto=WPA RSN
            key_mgmt=WPA-PSK
            pairwise=CCMP TKIP
            group=CCMP TKIP
                    psk=whatever_output_from_wpa_passphrase
    Above pairwise and group setup will depend on your router (network capabilities)
    almost done:
    run
    #wpa_supplicant -Bw -Dwext -i eth1 -c/etc/wpa_supplicant.conf
    the above assumes that your ipw3945 is set as eth1 (from iwconfig output)
    to connect to the network I am using "wireless assistant" http://www.kde-apps.org/content/show.ph … tent=21832
    that is all for ipw3945. You may automate network starting/connecting to wpa2 by writing simple script.
    iwl3945
    --kernel 2.6.23.x
    install iwlwifi and iwlwifi-3945-ucode
    --kernel 2.6.24.x
    install only iwlwifi-3945-ucode as kernel has iwlwifi module incorporated
    default iwlwifi does not support LED so I suggest to install something like knemo for kde to show active network icon. The latest iwlwifi does support LED but it is not yet incorporated into 2.6.24 vanilla kernel.
    if you have kernel 2.6.23.x with external iwlwifi module
    modify /etc/rc.conf
    and add iwlwifi to
    MODULES=(.....)
    nothing else is required.
    if you have kernel 2.6.24 with integrated iwlwifi module you don't have to edit /etc/rc.conf
    As in the case of ipw3945, I do not list wireless interface (wlan0) in /etc/rc.conf
    for kernel 2.6.23.x
    load module/restart network or simply restart computer
    check if module is up
    #lsmod | grep iwl
    #iwconfig
    or
    #ifconfig -a
    WPA2
    same wpa_supplicant.conf as above, so if you already have it no need for modifications.
    start wpa2
    #wpa_supplicant -Bw -Dwext -i wlan0 -c/etc/wpa_supplicant.conf
    the only difference in the command is wireless interface: wlan0
    connect to the network, again I am using "wireless assistant"
    vpn
    I am using cisco vpn. Client is provided by vpn host, cisco does not provide vpn client for individual download, but you can find it on line.
    vpn host will provide pcf file for you
    - install vpnclient
    - copy your VPN profile (vpn.pcf) to the
    /etc/CiscoSystemsVPNClient/Profiles
    directory
    -- start vpn client
    /opt/cisco-vpnclient/bin/vpnclient connect vpn pcf_file_name
    provide username and password and off you go
    From my experience none of linux gui for vpn works reliably so you will have to resort to the command line.
    That is all, a lot of writing, but actual ipw3945 and iwl3945 configuration is straightforward and very short.
    Hopefully this will work for you.
    forgot to add regarding vpnclient (cisco)
    you will have to modify
    /etc/init.d/vpnclient_init
    line 38 and line 101
    replace
    /sbin/lsmod
    with
    /bin/lsmod
    Last edited by broch (2008-02-07 15:55:45)

  • How to setup a password protection in my wireless airPort?

    How to setup a password protection to my wireless AirPort?

    To configure the AirPort base station for wireless security, you will need to use the AirPort Utility.
    AirPort Utility > Select the AirPort > Manual Setup > AirPort > Wireless tab
    Wireless Security: <None | WEP (Transitional Security Network) | WPA/WPA2 Personal | WPA2 Personal>
    Wireless Password: <enter your desired password>
    Verify Password: <reenter your desired password>

  • Unable to connect to Wi-Fi connection using WPA2 PSK authentication and encryption type TKIP

    I was referred to here from this thread at the Windows Insider Program: http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_web/unable-to-connect-to-wi-fi-connection-using-wpa2/07bae1ed-c7fb-4f85-9d26-5549cc23e57a?msgId=2eb70420-fe35-494b-a13d-dcacd4d55eb9&rtAction=1426697691002
    My issue is copy/pasted below:
    Original Title: TKIP selection in WiFi network settings
    I have a workplace WiFi connection using WPA2 PSK authentication and encryption type TKIP.
    On the machine I used to test Windows 10, I had a previous installation of Windows 7 professional which connected to my workplace WiFi using the above settings. After installing Windows 10, my workplace wifi settings were imported and worked fine.
    Windows 10 had a system crash, and since I had deleted my previous windows installation, I performed a complete reinstall of Windows 7. However, when I went to install Windows 10 again, I had not taken the time to set up my workplace Wifi on Windows
    7 before installing Windows 10. As a result, I had to set up my workplace wifi as a new connection in Windows 10.
    When going to set up the wifi connection, the encryption type was grayed out, but appeared to default to AES. Searching the internet suggested that Windows 8.1 did not need a encryption type selected, because Windows could automatically determine
    if it was TKIP or AES, hence why the option to select encryption type was grayed out. However, after completing the setup of my workplace wifi, Windows 10 could not connect to my workplace wifi. After restoring Windows 7 with a factory reset, and setting up
    the workplace wifi (the encryption type selection was not grayed out and I manually selected TKIP encryption), my workplace wifi was working again.

    I was referred to here from this thread at the Windows Insider Program: http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_web/unable-to-connect-to-wi-fi-connection-using-wpa2/07bae1ed-c7fb-4f85-9d26-5549cc23e57a?msgId=2eb70420-fe35-494b-a13d-dcacd4d55eb9&rtAction=1426697691002
    My issue is copy/pasted below:
    Original Title: TKIP selection in WiFi network settings
    I have a workplace WiFi connection using WPA2 PSK authentication and encryption type TKIP.
    On the machine I used to test Windows 10, I had a previous installation of Windows 7 professional which connected to my workplace WiFi using the above settings. After installing Windows 10, my workplace wifi settings were imported and worked fine.
    Windows 10 had a system crash, and since I had deleted my previous windows installation, I performed a complete reinstall of Windows 7. However, when I went to install Windows 10 again, I had not taken the time to set up my workplace Wifi on Windows
    7 before installing Windows 10. As a result, I had to set up my workplace wifi as a new connection in Windows 10.
    When going to set up the wifi connection, the encryption type was grayed out, but appeared to default to AES. Searching the internet suggested that Windows 8.1 did not need a encryption type selected, because Windows could automatically determine
    if it was TKIP or AES, hence why the option to select encryption type was grayed out. However, after completing the setup of my workplace wifi, Windows 10 could not connect to my workplace wifi. After restoring Windows 7 with a factory reset, and setting up
    the workplace wifi (the encryption type selection was not grayed out and I manually selected TKIP encryption), my workplace wifi was working again.

  • How To Setup WPA on WRT54G?

    I have looked everywhere but cannot seem to find a how-to guide on WPA.
    Everything I hear says WPA is more secure than WEP, but if it automatically exchanges keys, what prevents someone else from hopping on the wireless? My thought is it has something to do with an initial code to connect it to the network... but won't this just be like WEP?
    I just need a how-to guide how to setup WPA.
    I have a WRT54G v3.1 with latest firmware, and am using XP SP2 with latest updates. The card is non-linksys (I want to say Broadcom, but I am not sure).
    Just need to know what to configure on the router and my PC.
    From what I understand Personal vs Enterprise (If I remember, maybe it is called Corporate or something) is that the non-personal version requires a server, which I don't have. So I need personal.
    The router does also have WPA2 on there, I do not know the differences but I would assume it to be better than regular WPA.
    Thanks!

    You may go to the linksys router set up page http://192.168.1.1 leave username blank and admin is the password.
    Click on the wireless tab and the sub category tab under wireless the wireless security , you can choose wpa on the security mode, choose TKIP as the algorithms, on the pre-shared key typed in here your password for your wireless, this will server as your network, it should be at least 8 characters long. Leave it on 3600 seconds.

  • WPA2+PSK with local webauth?

    Hi all, I'm trying to configure a guest wlan with WPA2+PSK and local webauth. This will authenticate against ISE and once authentication is complete dropped into a authz profile.
    This is supposed to be possible per cisco's docs, however when I try to set this up on the WLAN I get the message:
    Only PSK can be enabled for WPA with web-auth and Radius Nac.
    Well, I've got only WPA with PSK configured. Is there any 'trick' to this config that I'm missing? I've got L2 security set to WPA+WPA2, WPA2 Policy and AES with only PSK configured. Under advanced I've got AAA override and NAC state sent to radius NAC. What else, that should be it right? I've tried it on multiple controllers with the same results every time.

    That error is a little confusing and I don't think is a proper description of what the WLC is trying to tell you; there are actually a couple errors you may see depending on the combination of RADIUS NAC with L3 security.  Essentially, you shouldn't be able to enable RADIUS NAC if you're configured for a PSK.  What exactly are you trying to accomplish?  It sounds like you want ISE to perform CWA for your wireless guests, but you mention local webauth.  In order to do the CWA, you will use the mac-filtering option for L2 security and set security type to None.  This will allow you to specify the RADIUS NAC option correctly. 
    When you say that "ISE will authenticate the users", how are you planning on doing this with a PSK WLAN, or are you intending that the local webauth will use RADIUS for authentication to ISE?  What is the end-user flow or experience you are expecting?  ie. user connects to guest, redirects, logs in, gets appropriate access. 
    Please also post what version of ISE and WLC you are running so we can determine what features will and will not work.

  • Aironets 1602 - clients with ~1700 ms responses ( random devices )

    Hello
    I am straggling with quite complex case, here is short description ( ask for more whats needed ).
    - i had 9 AP of Aironet 1130AG in one location (two building) - running correctly for at least 4 years (except some individual incidents). Those AP was placed with Channels set based on surveys.
    - ~4 months ago i replaced them by Aironet 1602 - applying same configuration and same channels.
    - there were no problems identified until late December when i received frist claim. Clients connected to one of those AP has very poor network performance.
    Here is what i have:
    - ping to clients connected to this AP takes ~1700 ms or more ( some packed failed )
    - no more that ~25 clients connected at that time ( based on experience in my topology i am running good with more than 40 clients and ~5ms respones on regular daily traffic basis )
     during reboot of such AP, clients roam to other AP wich in turn have sometimes 60 clients - and there all are running fine
    - ping from Lan to AP interface is  1ms (constant) and i don't have any problem with clients in same vlan/switch connected by lan
    - on LAN Switch port to which AP is connected to - there is no heavy or abnormal traffic coming from those clients ( sometimes even less that usual where usual is ~6 Mb, peaks ~10Mb
    - based on inSSIDer its channel had no noise coming from other APs or foreign networks, anyway setting it with "Least Congested Fraquency" doesn't change the situation.
    - there were no changes applied in lan/wifi infr. that i can start to check the issue.
    - lately i applied 15.3(3)JAB firmware but seems is not resolving the problem
    - in logs nothing to start with ( at least for me )
    And maybe the most important:
    - it start to occur with other APs as well and now from time to time it happens almost on all of those 9 devices ( different time frames and areas )
    - when probelm occur i am able to "resolve" it only by changing channel to "other" one. it resolves for some time (1 or 2 days) until appear again and i can still resolve it by channing to other channel ( for example the same channel on which day ago was causing the slowness )
    - i have 5 of such 1602 APs in other country ( same model and firmware ) and have no issue for last ~1,5 year ( those 5 differs by no VLANs and second SSID configured)
    I am sorry for long post - trying to share the most i can.
    I am not expecting resolution just help how to, where to start looking for the root problem ?
    Thank you in advance
    Regards

    - 802.11n was one of the reasons why i moved to 1602
    - i wrote "lately i applied 15.3(3)JAB firmware but seems is not resolving the problem" - but after checks could be "false alarm" as not related issue, I will keep it as is for next days awaiting feedback.
    If not resolved i will follow your advice by "disabling the 802.11n"
    Regarding "wireless NICs firmware" - what exactly do you mean?  is it separate upgrade not included in 15.3(3)JAB firmware upgrade?
    Thank You

  • WPA2 PSK Protected Management Frames Support

    Hi I have been trying to connect the above printer using WPA2 PSK security mode with my router. This failed every time until I disable Protect Management Frames within the router. All my other devices connect fine some I have confirmed support PMF. As PMF is now mandatory as of July 2014 does HP fully support PMF with there drivers?

    Few things I would just change:
    Load Balancing................................... Enabled <---Disable this!!!!
    Band Select...................................... Enabled <--- Disable this since you have 802.1b/g only defined in the WLAN
    CCX - AironetIe Support.......................... Enabled <---Disable this too for now
    Thanks,
    Scott
    *****Help out other by using the rating system and marking answered questions as "Answered"*****

Maybe you are looking for