Comware Wireless / Unified Series
1748041 Members
4967 Online
108757 Solutions
New Discussion юеВ

HP830 client connection issues

 
SOLVED
Go to solution
ChristianG_LE
Occasional Visitor

HP830 client connection issues

Hi there,

got an HP 830 here that's driving me crazy for some time. A lot of devices cannot connect or disconnect after a while and won't connect again.

I'm running WPA2-PSK AES256 and WPA2-Enterpise (w/ Microsoft AD) on the controller. AP are around 16 HP 425 scattered around the building. Same setup works on another site.

Most of the android phones have no problem connecting to either WPA2-PSK or to WPA2-Enterprise (using PEAP/MSChap). iOS is another story but I consider these as collateral damage for now.

Problem is with Laptops.  I guess that 80% of our laptop/tablet devices have problems connecting. Tried different models with different wifi adapters, updated drivers, some MS hotfixes, tried Win7 and Win10, tried WPA2-PSK and WPA2-Enterprise. Some work, a lot of them won't or loose connection.

Today I got a call from a coworker trying to connect an ASUS tablet running Win10 and some Broadcom 802.11abgn Wireless without success. When trying to connect to WPA2-PSK syslog shows:

2018-09-24 09:13:14 192.168.62.39 local7 info %%10WMAC/6/WMAC_CLIENT_JOIN_WLAN(l): Client e076-d04f-0806 successfully joins WLAN Radon, on APID 11 with BSSID bcea-fa1f-8710.
2018-09-24 09:13:15 192.168.62.39 local7 notice %%10WMAC/5/WSEC_CLIENT_ASSIGN_PTK_FAILED(l): Failed to assign PTK to the client e076-d04f-0806, IP address: 0.0.0.0.
2018-09-24 09:13:16 192.168.62.39 local7 info %%10WMAC/6/WMAC_CLIENT_GOES_OFFLINE(l): Client e076-d04f-0806 disconnected from WLAN Radon. Reason code is 15.
2018-09-24 09:13:16 192.168.62.39 local7 notice %%10PORTSEC/5/PORTSEC_VIOLATION(l): -IfName=WLAN-DBSS1:70-MACAddr=E0:76:D0:4F:08:06-VlanId=-130-IfStatus=Up; Intrusion detected.

When trying to connect to WPA2-Enterpise I can see the machine successfully authenticate on Windows NPS but the log on the controller shows:

2018-09-24 07:54:09 192.168.62.39 local7 info %%10WMAC/6/WMAC_CLIENT_JOIN_WLAN(l): Client e076-d04f-0806 successfully joins WLAN Haldron, on APID 1 with BSSID bcea-fa1f-90b1.
2018-09-24 07:54:09 192.168.62.39 local7 info %%10WMAC/6/WMAC_CLIENT_GOES_OFFLINE(l): Client e076-d04f-0806 disconnected from WLAN Haldron. Reason code is 1.

At the same time other devices are connected without issue to both networks.

WPA2-PSK has a plain and simple config without changing any of the default values:

wlan service-template 4 crypto
 ssid Haldron
 bind WLAN-ESS 3
 cipher-suite ccmp
 security-ie rsn
 key-derivation sha1-and-sha256
 service-template enable
#

interface WLAN-ESS1
port link-type hybrid
port hybrid vlan 1 120 130 untagged
port hybrid pvid vlan 130
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher XXXXXXX

What bugs me most is, that it works nearly flawlessly with a stack of FSC Win7 Laptops (Centrino(R) Wireless-N 2230 chipset) and nearly all android phones. But every other device has eitehr issues with WPA2-PSK or Enterpsie or both of them.

Any ideas?

What could be the issue with "WSEC_CLIENT_ASSIGN_PTK_FAILED"?

TIA
Christian

2 REPLIES 2
drk787
HPE Pro

Re: HP830 client connection issues

Hi Christian,

 

What is the comware version running on the controller.

 

 

Thank You!
I am an HPE Employee

Accept or Kudo

ChristianG_LE
Occasional Visitor
Solution

Re: HP830 client connection issues

Thanks for replying rajkumar787.
Not sure about the comware version and atm I have no VPN to the controller to check it out but it was updated to the latest firmware.

Anyway, after 2 days I finally figured out what bothered me for nearly a year.

Solution:

It looks like our ASUS T100 (Win 10 Pro, Broadcom 802.11abgn) do like PMF which was disabled at the controller. So I set PMF to optinal and the tablets could join. This also solved the issue wtih WSEC_CLIENT_ASSIGN_PTK_FAILED and the IDS message.

Being happy to have solved the issue I noticed that nearly all androids (<=7.x) went offline. Turned out they didn't like either 256Bit AES or AES at all, so I enabled TKIP or AES and 128Bit or 256Bit.

Next in line were some ancient Samsung R700 laptops (Win7, Intel 4965AGN) which refused to connect to WPA2. I set the networks to WPA1 or WPA2 and the Laptops could join and stayed connected. With WPA2 I could sometimes even see some request on our radius but this happened only occasionaly and they would never fully connect.

Then I had a bunch of Asus K72F (Win7 Atheros AR9285) which happily worked with WPA2-Enterprise and AES without PMF.

Fingers crossed for monday, when the Apple crowd tries to connect.

 

So basically I ended up with a network where every encryption standard is allowed :-(

Man, do I miss the good ol' days when there was only wired networks...

 

Christian