WPA2 ISSUE with AC6005 and AP5030DN

lionelhuck · Created Sep 23, 2014 09:54:08

Hello,

Excuse me for the late answer I was on vacancy.

To update the thread, here are the steps I follow, and I encounter again the same issue with differents laptop :

- I reset default factory the two AC.

- I follow the Huawei CLI Vrrp hot standby guide

- I implement my service set.

I'm still running into the same problem. Good SSID, Good ESS (vlan) interface, but no security...

I attached the diag file.

Thanks

This article contains more resources

You need to log in to download or view. No account? Register

x

lionelhuck · Created Sep 26, 2014 09:41:27

Hello everybody,

I'll finally found the issue.

My configuration was good.

The Huawei support give me the solution

It was a FitAP bootrom issue. I upgrade all AP 5030DN bootrom in this version :

http://support.huawei.com/enterprise/softdownload.action?lang=en&idAbsPath=fixnode01|7919710|9856726|9858628|20987615|19922882&pid=19922882&vrc=19923284|19923285|19923287|21318113&sh

Thanks everybody.

jjjason · Created Sep 1, 2014 17:56:44

Hi, we can see the picture, but they are not so clear.

Could you copy the configuration (command line) and paste again ?

That will be clear and easy to do troubling shooting.

lionelhuck · Created Sep 1, 2014 18:24:25

Reply 2 #

Hi,

Thanks for your reply.

Here is the output of the configuration :

#
sysname AC_CHTDP_1
#
snmp-agent local-engineid 800007DB0330D17EE9BCA2
snmp-agent
#
http secure-server ssl-policy default_policy
http server enable
#
info-center timestamp log format-date
#
vlan batch 4 to 5 11 15 999
#
wlan ac-global country-code FR
#
dhcp enable
#
diffserv domain default
#
vlan 4
description Administration
vlan 5
description Vlan_Wifi_Invite
vlan 11

[AC_CHTDP_1]display current-configuration
#
sysname AC_CHTDP_1
#
snmp-agent local-engineid 800007DB0330D17EE9BCA2
snmp-agent
#
http secure-server ssl-policy default_policy
http server enable
#
info-center timestamp log format-date
#
vlan batch 4 to 5 11 15 999
#
wlan ac-global country-code FR
#
dhcp enable
#
diffserv domain default
#
vlan 4
description Administration
vlan 5
description Vlan_Wifi_Invite
vlan 11
description Vlan_Wifi_Metier
vlan 15
description Vlan_Wifi_Tablettes
vlan 999
description HSB Channel
#
pki realm default
enrollment self-signed
#
ssl policy default_policy type server
pki-realm default
#
ip pool AP_Mgmt
gateway-list 172.16.4.254
network 172.16.4.0 mask 255.255.255.0
excluded-ip-address 172.16.4.1 172.16.4.9
excluded-ip-address 172.16.4.40 172.16.4.253
dns-list 172.24.38.3
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@6/#~C(,|)YXJ*n"+HFO,hd$$%@%@
local-user admin privilege level 15
local-user admin service-type telnet http
#
interface Vlanif1
ip address 169.254.1.1 255.255.0.0
#
interface Vlanif4
description Administration
ip address 172.16.4.1 255.255.255.0
dhcp select global
#
interface Vlanif999
description HSB Channel
ip address 1.1.1.1 255.255.255.252
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 999
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 4
undo port hybrid vlan 1
port hybrid tagged vlan 5 11 15
port hybrid untagged vlan 4
#
interface GigabitEthernet0/0/4
port hybrid pvid vlan 4
undo port hybrid vlan 1
port hybrid tagged vlan 5 11 15
port hybrid untagged vlan 4
#
interface GigabitEthernet0/0/5
port hybrid pvid vlan 4
undo port hybrid vlan 1
port hybrid tagged vlan 5 11 15
port hybrid untagged vlan 4
#
interface GigabitEthernet0/0/6
port hybrid pvid vlan 4
undo port hybrid vlan 1
port hybrid tagged vlan 5 11 15
port hybrid untagged vlan 4
#
interface GigabitEthernet0/0/7
port hybrid pvid vlan 4
undo port hybrid vlan 1
port hybrid tagged vlan 5 11 15
port hybrid untagged vlan 4
#
interface GigabitEthernet0/0/8
port hybrid pvid vlan 4
undo port hybrid vlan 1
port hybrid tagged vlan 5 11 15
port hybrid untagged vlan 4
#
interface Wlan-Ess11
port hybrid pvid vlan 11
port hybrid untagged vlan 11
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 Vlanif4 172.16.4.254 description Route par defaut
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound all
user-interface vty 16 20
#
hsb-service 0
service-ip-port local-ip 1.1.1.1 peer-ip 1.1.1.2 local-data-port 10241 peer-data-port 10241
#
hsb-service-type access-user hsb-service 0
#
hsb-service-type ap hsb-service 0
#
wlan
wlan ac source interface vlanif4
wlan ac protect enable protect-ac 172.16.4.2
ap-profile name CHTDP_Profile id 1
default-ap-profile id 1
ap-region id 0
ap-region-name ap-region-CHTDP
country-code FR
ap id 0 type-id 35 mac 1051-7250-fdc0 sn 210235810810E7000967
profile-id 0
ap id 1 type-id 35 mac 1051-7250-ff60 sn 210235810810E7000980
profile-id 0
ap id 2 type-id 35 mac 1051-7251-5ee0 sn 210235810810E7001072
profile-id 0
ap id 3 type-id 35 mac 1051-7250-ff80 sn 210235810810E7000981
profile-id 0
ap id 4 type-id 35 mac 1051-7250-fea0 sn 210235810810E7000974
profile-id 0
ap id 5 type-id 35 mac 1051-7250-fe40 sn 210235810810E7000971
profile-id 0
wmm-profile name chtdp_wmm id 0
wmm-profile name default id 1
traffic-profile name chtdp_tp id 0
security-profile name chtdp_metier id 0
security-policy wpa2
wpa2 authentication-method psk pass-phrase cipher %@%@23x&.K]8*MOn!|'eQFA5VrFn%@%@ encryption-method ccmp
service-set name WIFI_Metier id 0
wlan-ess 11
ssid WIFI_Metier
traffic-profile id 0
security-profile id 0
service-vlan 11
radio-profile name chtdp_rp id 0
wmm-profile id 0
radio-profile name default id 1
wmm-profile id 1
ap 0 radio 0
radio-profile id 0
service-set id 0 wlan 1
ap 0 radio 1
radio-profile id 0
service-set id 0 wlan 1
ap 1 radio 0
radio-profile id 0
service-set id 0 wlan 1
ap 1 radio 1
radio-profile id 0
service-set id 0 wlan 1
ap 2 radio 0
radio-profile id 0
service-set id 0 wlan 1
ap 2 radio 1
radio-profile id 0
service-set id 0 wlan 1
ap 3 radio 0
radio-profile id 0
service-set id 0 wlan 1
ap 3 radio 1
radio-profile id 0
service-set id 0 wlan 1
ap 4 radio 0
radio-profile id 0
service-set id 0 wlan 1
ap 4 radio 1
radio-profile id 0
service-set id 0 wlan 1
ap 5 radio 0
radio-profile id 0
service-set id 0 wlan 1
ap 5 radio 1
radio-profile id 0
service-set id 0 wlan 1
#
return

Thanks again

jjjason · Created Sep 1, 2014 19:55:26

I pasted the configuration into the simulator eNSP， and it works well.

The only problem is there is no ip pool for terminals ( ip pool for service ).

Please check,

1 commit the configuration, not just configured.

Like this,

AC_CHTDP_1-wlan-view]commit all
Warning: Committing configuration may cause service interruption,continue?[Y/N]y
[AC_CHTDP_1-wlan-view]

2. create one ip pool for service,

#
interface Vlanif11
ip address 192.168.11.1 255.255.255.0
dhcp select interface
#

lionelhuck · Created Sep 2, 2014 06:10:48

Hi,

The DHCP for this service is provided by a server. That's why I didn't create an IP Pool.

For me it still doesn't show the security...

I see the wright SSID, I connect (without security), I retreive a good IP adress from the DHCP server, and I go in the wrigth VLAN.

I don't understand why it shows unprotected, the security profile is set...weird.

Thanks.

jjjason · Created Sep 2, 2014 09:05:39

Reply 5 #

Have try more terminals？

I thought it was your laptop.

Please try some other terminals.

lionelhuck · Created Sep 2, 2014 09:09:02

Yesterday, I tried whith my android smartphone.

I'll be on site Friday, I'll try with some other laptops.

I keep you in touch. Thank's.

LilStylz237 · Created May 28, 2021 11:34:48

Thanks for the post

WPA2 ISSUE with AC6005 and AP5030DN

This article contains more resources

This article contains more resources

Reply 2 #

Reply 5 #

Third Party’s Trade Secret

My Followers

Enterprise

Consumer

Corporate

Carriers

WPA2 ISSUE with AC6005 and AP5030DN

This article contains more resources

This article contains more resources

Reply 2 #

Reply 5 #

Third Party’s Trade Secret

My Followers