We have a large retail customer using MC9090s with EAP-FAST/MSChap v2/AES and ACS (No certs) strictly username and password. Their devices are a couple of years old with MAC addresses of 00:15:70:XX:XX:XX. They have no issues connecting and authenticating to their network. They have since bought new MC9090s that have MAC addresses of 00:23:68:XX:XX:XX. We have verified on their Cisco wireless controller that there are no access control filters. ALL of the newer devices cannot get through the authentication process. In the wireless logs from the device it shows: Using profile xxxxxxx Setting SSID: xxxxx Disconnected Associated Credentials required Then 35 seconds later: Authentication Timeout It keeps going through this loop. The OSs', Fusion version and WCS_Profiles/Options are identical to a working device. We had to load the customer standard OS and Fusion build on the new devices. OS: BSP 39 (OEM 1.39.0001) Fusion: 2.55.0.0.018R-WM-Photon We had a Cisco engineer do some debugging at the controller and he stated that thedevice that was attempting to connect showed an EAP response of 0 versus a connected device that showed response data. That's according to him. Should get the debug files soon. He states that this means the device isn't meeting the 802.1X profile. We've checked, rechecked and reconfigured the device to no avail. My questions are: Has anyone seen this issue before? Is the Photon radio in the MC9090 the same now as then? And if it's different, has it been certified with EAP-FAST? Does the MAC address of the device play into the creation of the AES/CCMP key? If so, could it be that we are creating a different key string with the new MAC? And we haven't yet checked the ACS server for any kind of access filtering but is that possible? Any help would be greatly appreciated.
Photon radio and EAP-FAST// Expert user has replied. |
3 Replies
Explore PMB 1678
PMB1678: Motorola EMS Mobile Computing is transitioning to a new Organizational Unique Identifier (OUI) – MAC address pool - 00:23:68, from the previous pool of 00:15:70. This is necessary because the previous pool of MAC addresses will be exhausted within the next few months. Motorola Mobile Computing products will transition to the new OUI between April and September 2009.
Bottomline is you need to be on Fusion 2.55.1.0.016R to get the supplicant working OK with new MAC adress range devices.
I recall that there was a resolution for this issue and there were two different Fusion 2.55.1.0.016R releases that had the exact same release version names but only one worked. The one that is posted on Support did not work bcause it was supported only for BSP43 (even though it stated BSP 39 also). We have loaded the version from Support and it still doesn't work. Through laptop issues and reformatting I have lost the version that worked. Does anyone recall where to get the version that will work with BSP 39?
Disregard the last posting. I believe I found it in Hot Fixes.