[TIP] Cisco 9800: Baselining MAC filtering and PSK failures
TIP - Cisco 9800: Baselining MAC filtering and PSK failures
MAC Filtering Failure
Some times is good to leverage a quick call to solve an issue to baseline the behaviour of both correct authentication or failures. This time is an SSID with WPA2 Personal, with MAC filtering for Dynamic VLAN asignment via Cisco ISE.
A field engineer called me because one RF Gun was not authenticating to the SSID. Knowing there is a MAC filtering on the SSID (for Dynamic Vlan Assignment) in addition to a PSK, I quickly checked the exclusion reason on the 9800:
And also on ISE it was clear that the MAC address was not added to the allowed list :
Although I didn´t used the Cisco Wireless Debug Analyzer until this was solved, this is the output for the current issue:
PSK Failure
While I was adding the MAC address, the field engineer informed me, he re-entered the PSK on the RF Gun thinking that maybe that was the error ¬¬. This time the message on the 9800 was the following:
Again, I didn´t used the Cisco Wireless Debug Analyzer until this was solved, but for this base-lining, here is documented the output:
Solution: Even more clear now, right? the PSK was not entered correctly, so it was double checked and re-entered correctly again.
Correct behavior
And to end this TIP/Baseline, let´s see the correct expected behavior
Run status on the 9800:
MAC address added to the authorization list which will assign the device to an specific VLAN:The Cisco Wireless Debug Analyzer will provide the following output:
And although is not a very interesting capture, here we can see the capture performed on the 9800:
Comentarios
Publicar un comentario