Hi Team, Honeywell 6500 can connect to the customer's network with the following settings: AES, PEAPv0 MSCHAPV2 or PEAPv1 MSCHAPV2 MC3190 with Fusion 3.0 failed to do that with the following setting: WPA-ENTERPIRSE, PEAP, MSCHAPV2, AES The customer says WiFi clients in their system should download digital certificates automatically, and they installed no certificate manually on Honeywell 6500, so our partner doubts maybe they are using GTC and also tried replacing MSCHAPv2 with EAP-GTC, but it failed too. Enable “AllowProvisioning” setting in Fusion’s options also failed.
None of the other options, such as EAP-fast worked.
Also tried setting two profiles (PEAP+MSCHAPv2 and PEAP+GTC) according to a post on DevCentral, but it did not work. Maybe Honeywell can do the same job as Intermec does to mix two kinds of tunnel protocol?
Wireless log shows “authentication timeout”.
Could anyone give us some advice?
Thank you! Junhua
6 Replies
As I know our product(Fusion) don't support PEAP v1(Cisco) and we only support PEAP v0(Microsoft) Regards. - Jaehoon -
All, Jaehoon is correct. Motorola devices only support PEAPv0 which is commonly referred to as the "Microsoft" version. Most infrastructure should be able to support this. Also, you cannot just pick settings on the mobile device. You need to know what the infrastucture is setup using. As for the certificates, if you are using PEAPv0 and MSCHAPv2, then you can choose to not use certificates at all (you can configure the WLAN profile to not use a server certificate), but this reduces the security. Perhaps the Honeywell device is not using a server certificate. Dave
Try unchecking "Validate Server Certificate" in Fusion (sorry, have no device to check where exactly this option is). Most of the times this is the source of problem as
Authenticator has no cert at all
Uses self-signed cert (which is untrusted unless you CORRECTLY add it to mobile device's certificate store). You may see lots of such issues in Motorola intranet.
The hostname in the cert does not match authenticator's hostname (if any, this may explain the domain issue) and thus the cert is deemed invalid. You may see lots of such issues in Motorola intranet.
many other nice certificate issues.
Hi Jun Hua, I had similar issue, eventhough the authentication is different. Below is the customer's setting & keep failing to get authenticated no matter how we to try to change the settings around.
Security: WPA2-Enterprise Authentication: EAP-FAST Domain: APAC. Encryption: TKIP Tunnel Authentication Type: MS CHAP v2 Suddenly, it seems to work fine when we try to key-in the full domain name, as shown below. Domain: APAC.XXXX.COM I'm not sure if this will solve your problem but it's worth trying. Thanx, Dennis
First, it would be good to find out the right configuration of customer's wireless infrastructure. That would allow using the right settings on the device and save time. Second, what do you see on Wireless Log? Requesting a DHCP address forever maybe? If so, it also happened to me with MC75 BSP35 and WPA2+PEAP+MsChapv2 at Spanish Post. We just downgraded to BSP27 and it worked.
Hi Junhua, I am testing MC5590 to connect to Cisco AP using the same authentication, but it seems that it has the same problem with you. Customer said that Intermec can connect to it, but don't know detailed model. If you have solution, please let me know. Thank you!
Thanks
Sun zhenzhong