Failed WPA2-AES handshake on wlan

Hi Bruno, 

try to avoid use of TKIP.
Some devices won't respond to EAPoL calls while support for TKIP is maintained.

Regards,
Ondrej

Thanks Ondrej I will try CCMP only 

I would also look at the RF environment, are you using SMART-RF, is so can you send the smart-rf configuration, please.   

it will also be worth seeing what the interference is like.

show smart-rf interfering-ap on <rf-domain>

what are you changing the infrastructure too?  

Hi Andrew,

All we have in the smart-rf policy is:

 channel-width 5GHz 20MHz
 no neighbor-recovery
 no coverage-hole-recovery

The interferers are about 4 of our own APs that are part of a different RF-Domain (which I assume is the cause)

-------------------------------------------------------------------------------------
      INTERFERER        VENDOR          RADIO             RADIO-MAC      CHNL  RSSI
-------------------------------------------------------------------------------------
  84-24-8D-91-0B-00   Zebra Tech   AP52:R1            84-24-8D-91-8E-80   1    -64
  74-67-F7-78-3D-10   Zebra Tech   ap6521-43C2F0:R1   FC-0A-81-D3-52-A0   1    -65
  84-24-8D-91-0B-00   Zebra Tech   ap6521-43C7F8:R1   FC-0A-81-D3-51-B0   11   -68
  84-24-8D-91-0B-00   Zebra Tech   ap6521-43C7F8:R1   FC-0A-81-D3-51-B0   1    -68
  84-24-8D-91-0B-00   Zebra Tech   AP22:R1            84-24-8D-91-95-10   1    -68
  74-67-F7-78-3D-10   Zebra Tech   ap6521-43C85A:R1   FC-0A-81-D3-46-C0   1    -68
  74-67-F7-78-3E-10   Zebra Tech   ap6521-43C85A:R1   FC-0A-81-D3-46-C0   1    -69
  84-24-8D-91-0B-00   Zebra Tech   AP26:R1            84-24-8D-8D-E1-F0   1    -70
  84-24-8D-91-0B-00   Zebra Tech   AP25:R1            84-24-8D-8E-2C-10   1    -71
  84-24-8D-91-0B-00   Zebra Tech   AP26:R1            84-24-8D-8D-E1-F0   6    -71
  84-24-8D-91-0B-00   Zebra Tech   AP10:R1            84-24-8D-8F-DE-C0   1    -71
  84-24-8D-91-0B-00   Zebra Tech   ap6521-43C2F0:R1   FC-0A-81-D3-52-A0   1    -72
  84-24-8D-91-0B-00   Zebra Tech   ap6521-43C85A:R1   FC-0A-81-D3-46-C0   1    -72
  84-24-8D-91-0B-00   Zebra Tech   AP24:R1            84-24-8D-91-95-40   11   -73
  84-24-8D-91-0B-00   Zebra Tech   AP24:R1            84-24-8D-91-95-40   1    -73
  74-67-F7-78-3D-10   Zebra Tech   ap6521-43C5DC:R1   FC-0A-81-D3-46-10   1    -73
  74-67-F7-78-48-A0   Zebra Tech   ap6521-43C85A:R1   FC-0A-81-D3-46-C0   1    -73
  74-67-F7-78-3D-10   Zebra Tech   AP12:R1            84-24-8D-8D-CE-00   1    -73
  74-67-F7-77-C4-00   Zebra Tech   AP10:R2            84-24-8D-8E-CD-A0   36   -74
  74-67-F7-78-49-30   Zebra Tech   ap6521-43C85A:R1   FC-0A-81-D3-46-C0   1    -74


We are changing the AP density and likely models soon due to some site changes

it might be worth looking to amend the smart-rf config 

below is an example

sensitivity custom
assignable-power 5GHz max 18
assignable-power 5GHz min 14
assignable-power 2.4GHz min 12
assignable-power 2.4GHz max 18
smart-ocs-monitoring sample-count 5GHz 10
smart-ocs-monitoring sample-count 2.4GHz 15
smart-ocs-monitoring awareness-override schedule 1 23:00 04:00 all
coverage-hole-recovery snr-threshold 5GHz 10
coverage-hole-recovery snr-threshold 2.4GHz 10
coverage-hole-recovery client-threshold 2.4GHz 3
neighbor-recovery dynamic-sampling

the key line is neighbor-recovery dynamic-sampling

when this line is added it is worth running 

service smart-rf clear-config

this will reset smart RF it will take between 10-30min for the process to complete 

I would recommend upgrading to a supported code base.

GTAC can help with this. 

Thanks Andrew,

We had severe issues with coverage-hole and neighbor-recovery but we may not have configured it properly. It worked out much better removing them and that was brought one of our rf-domains to become stable but I will revisit this.

I'm not sure what you mean by a supported code base. Is this just the firmware we are running? We will run the latest (or close to) when we migrate