Got it

WPA2 ISSUE with AC6005 and AP5030DN

Latest reply: May 28, 2021 11:34:48 6274 9 0 0 0

Hello everybody,


I'm facing some issue during the installation of a basic WLAN Network.


I have 2 6500 AC in a Dual-link backup mode. This is Ok.

I have some AP5030DN registered correctly on it.


I want to create a WLAN with WPA2 security on it.


It works except that the security won't work.

The SSID workds but shows unprotected.

I get access to the network, but impossible to get the WPA2 Protection Working.


I put some printscreen attached to this post.


Does someone haved this issue already ?


Thanks for your help.


This article contains more resources

You need to log in to download or view. No account? Register

x

Hello,


Excuse me for the late answer I was on vacancy.


To update the thread, here are the steps I follow, and I encounter again the same issue with differents laptop :

  - I reset default factory the two AC.

  - I follow the Huawei CLI Vrrp hot standby guide

  - I implement my service set.


I'm still running into the same problem. Good SSID, Good ESS (vlan) interface, but no security...


I attached the diag file.


Thanks

View more

This article contains more resources

You need to log in to download or view. No account? Register

x
  • x
  • convention:

Hello everybody,


I'll finally found the issue.


My configuration was good.


The Huawei support give me the solution

It was a FitAP bootrom issue. I upgrade all AP 5030DN bootrom in this version :

http://support.huawei.com/enterprise/softdownload.action?lang=en&idAbsPath=fixnode01|7919710|9856726|9858628|20987615|19922882&pid=19922882&vrc=19923284|19923285|19923287|21318113&sh


Thanks everybody.

View more
  • x
  • convention:

Hi, we can see the picture, but they are not so clear.

Could you copy the configuration (command line) and paste again ?

That will be clear and easy to do troubling shooting.

 

View more
  • x
  • convention:

Reply 2 #

Hi,

Thanks for your reply.


Here is the output of the configuration :


#
 sysname AC_CHTDP_1
#
 snmp-agent local-engineid 800007DB0330D17EE9BCA2
 snmp-agent
#
 http secure-server ssl-policy default_policy
 http server enable
#
 info-center timestamp log format-date
#
vlan batch 4 to 5 11 15 999
#
wlan ac-global country-code FR
#
dhcp enable
#
diffserv domain default
#
vlan 4
 description Administration
vlan 5
 description Vlan_Wifi_Invite
vlan 11

[AC_CHTDP_1]display current-configuration
#
 sysname AC_CHTDP_1
#
 snmp-agent local-engineid 800007DB0330D17EE9BCA2
 snmp-agent
#
 http secure-server ssl-policy default_policy
 http server enable
#
 info-center timestamp log format-date
#
vlan batch 4 to 5 11 15 999
#
wlan ac-global country-code FR
#
dhcp enable
#
diffserv domain default
#
vlan 4
 description Administration
vlan 5
 description Vlan_Wifi_Invite
vlan 11
 description Vlan_Wifi_Metier
vlan 15
 description Vlan_Wifi_Tablettes
vlan 999
 description HSB Channel
#
pki realm default
 enrollment self-signed
#
ssl policy default_policy type server
 pki-realm default
#
ip pool AP_Mgmt
 gateway-list 172.16.4.254
 network 172.16.4.0 mask 255.255.255.0
 excluded-ip-address 172.16.4.1 172.16.4.9
 excluded-ip-address 172.16.4.40 172.16.4.253
 dns-list 172.24.38.3
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher %@%@6/#~C(,|)YXJ*n"+HFO,hd$$%@%@
 local-user admin privilege level 15
 local-user admin service-type telnet http
#
interface Vlanif1
 ip address 169.254.1.1 255.255.0.0
#
interface Vlanif4
 description Administration
 ip address 172.16.4.1 255.255.255.0
 dhcp select global
#
interface Vlanif999
 description HSB Channel
 ip address 1.1.1.1 255.255.255.252
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 999
#
interface GigabitEthernet0/0/3
 port hybrid pvid vlan 4
 undo port hybrid vlan 1
 port hybrid tagged vlan 5 11 15
 port hybrid untagged vlan 4
#
interface GigabitEthernet0/0/4
 port hybrid pvid vlan 4
 undo port hybrid vlan 1
 port hybrid tagged vlan 5 11 15
 port hybrid untagged vlan 4
#
interface GigabitEthernet0/0/5
 port hybrid pvid vlan 4
 undo port hybrid vlan 1
 port hybrid tagged vlan 5 11 15
 port hybrid untagged vlan 4
#
interface GigabitEthernet0/0/6
 port hybrid pvid vlan 4
 undo port hybrid vlan 1
 port hybrid tagged vlan 5 11 15
 port hybrid untagged vlan 4
#
interface GigabitEthernet0/0/7
 port hybrid pvid vlan 4
 undo port hybrid vlan 1
 port hybrid tagged vlan 5 11 15
 port hybrid untagged vlan 4
#
interface GigabitEthernet0/0/8
 port hybrid pvid vlan 4
 undo port hybrid vlan 1
 port hybrid tagged vlan 5 11 15
 port hybrid untagged vlan 4
#
interface Wlan-Ess11
 port hybrid pvid vlan 11
 port hybrid untagged vlan 11
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 Vlanif4 172.16.4.254 description Route par defaut
#
user-interface con 0
user-interface vty 0 4
 authentication-mode aaa
 user privilege level 15
 protocol inbound all
user-interface vty 16 20
#
hsb-service 0
 service-ip-port local-ip 1.1.1.1 peer-ip 1.1.1.2 local-data-port 10241 peer-data-port 10241
#
hsb-service-type access-user hsb-service 0
#
hsb-service-type ap hsb-service 0
#
wlan
 wlan ac source interface vlanif4
 wlan ac protect enable protect-ac 172.16.4.2
 ap-profile name CHTDP_Profile id 1
 default-ap-profile id 1
 ap-region id 0
  ap-region-name ap-region-CHTDP
  country-code FR
 ap id 0 type-id 35 mac 1051-7250-fdc0 sn 210235810810E7000967
  profile-id 0
 ap id 1 type-id 35 mac 1051-7250-ff60 sn 210235810810E7000980
  profile-id 0
 ap id 2 type-id 35 mac 1051-7251-5ee0 sn 210235810810E7001072
  profile-id 0
 ap id 3 type-id 35 mac 1051-7250-ff80 sn 210235810810E7000981
  profile-id 0
 ap id 4 type-id 35 mac 1051-7250-fea0 sn 210235810810E7000974
  profile-id 0
 ap id 5 type-id 35 mac 1051-7250-fe40 sn 210235810810E7000971
  profile-id 0
 wmm-profile name chtdp_wmm id 0
 wmm-profile name default id 1
 traffic-profile name chtdp_tp id 0
 security-profile name chtdp_metier id 0
  security-policy wpa2
  wpa2 authentication-method psk pass-phrase cipher %@%@23x&.K]8*MOn!|'eQFA5VrFn%@%@ encryption-method ccmp
 service-set name WIFI_Metier id 0
  wlan-ess 11
  ssid WIFI_Metier
  traffic-profile id 0
  security-profile id 0
  service-vlan 11
 radio-profile name chtdp_rp id 0
  wmm-profile id 0
 radio-profile name default id 1
  wmm-profile id 1
 ap 0 radio 0
  radio-profile id 0
  service-set id 0 wlan 1
 ap 0 radio 1
  radio-profile id 0
  service-set id 0 wlan 1
 ap 1 radio 0
  radio-profile id 0
  service-set id 0 wlan 1
 ap 1 radio 1
  radio-profile id 0
  service-set id 0 wlan 1
 ap 2 radio 0
  radio-profile id 0
  service-set id 0 wlan 1
 ap 2 radio 1
  radio-profile id 0
  service-set id 0 wlan 1
 ap 3 radio 0
  radio-profile id 0
  service-set id 0 wlan 1
 ap 3 radio 1
  radio-profile id 0
  service-set id 0 wlan 1
 ap 4 radio 0
  radio-profile id 0
  service-set id 0 wlan 1
 ap 4 radio 1
  radio-profile id 0
  service-set id 0 wlan 1
 ap 5 radio 0
  radio-profile id 0
  service-set id 0 wlan 1
 ap 5 radio 1
  radio-profile id 0
  service-set id 0 wlan 1
#
return



Thanks again

View more
  • x
  • convention:

I pasted the configuration into the simulator eNSP, and it works well.

 

 The only problem is there is no ip pool for terminals ( ip pool for service ).

Please check,

1 commit the configuration, not just configured.

Like this,

AC_CHTDP_1-wlan-view]commit all
  Warning: Committing configuration may cause service interruption,continue?[Y/N]y
[AC_CHTDP_1-wlan-view]

 

2. create one ip pool for service,

#
interface Vlanif11
 ip address 192.168.11.1 255.255.255.0
 dhcp select interface
#

 

 

 

View more
  • x
  • convention:

Hi,

The DHCP for this service is provided by a server. That's why I didn't create an IP Pool.


For me it still doesn't show the security...


I see the wright SSID, I connect (without security), I retreive a good IP adress from the DHCP server, and I go in the wrigth VLAN.

I don't understand why it shows unprotected, the security profile is set...weird.


Thanks.

View more
  • x
  • convention:

Reply 5 #

Have try more terminals?

I thought it was your laptop.

Please try some other terminals.

View more
  • x
  • convention:

Yesterday, I tried whith my android smartphone.


I'll be on site Friday, I'll try with some other laptops.


I keep you in touch. Thank's.

View more
  • x
  • convention:

Thanks for the post
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.