Hello Folks,
Question: What could cause the WiFi to have so many handshake error?
Configuration
- Sophos is providing the WiFi - UTM 9.701-5
- WiFi has AES enabled only
- Fast transition is disabled
- No special character in SSID name
I do see clients connected. It seems to work fine from our client feedback. However, I want to understand and fix those messages.
I read on other post that could come from SSID invalid characters, Fast transition or having TKIP + AES. Therefore I am wondering why do we have those messages in WiFi live log. It shows a many failed connection attempts.
Note: MAC and Wifi name changed. WiFi SSID is only 3 letters.
Log
2020:03:05-09:56:11 ABC hostapd: wifi1: STA AB:CD:ED:GF:12:23 WPA: sending 1/4 msg of 4-Way Handshake
2020:03:05-09:56:11 ABC hostapd: wifi1: STA AB:CD:ED:GF:12:23 WPA: received EAPOL-Key frame (2/4 Pairwise)
2020:03:05-09:56:11 ABC hostapd: wifi1: STA AB:CD:ED:GF:12:23 WPA: invalid MIC in msg 2/4 of 4-Way Handshake
2020:03:05-09:56:13 ABC hostapd: wifi1: AP-STA-WPA-DISCONNECT AB:CD:ED:GF:12:23
2020:03:05-09:56:13 ABC hostapd: id="4105" severity="info" sys="System" sub="WiFi" name="STA WPA failure" ssid="ABC" ssid_id="WIFI1" bssid="AB:CD:ED:GF:12:23" sta="AB:CD:ED:GF:12:23" reason_code="2"
2020:03:05-09:56:13 ABC hostapd: wifi1: STA AB:CD:ED:GF:12:23 WPA: event 3 notification
2020:03:05-09:56:13 ABC hostapd: wifi1: STA AB:CD:ED:GF:12:23 IEEE 802.1X: unauthorizing port
2020:03:05-09:56:13 ABC hostapd: wifi1: STA AB:CD:ED:GF:12:23 MLME: MLME-DEAUTHENTICATE.indication(AB:CD:ED:GF:12:23, 2)
2020:03:05-09:56:13 ABC hostapd: wifi1: STA AB:CD:ED:GF:12:23 MLME: MLME-DELETEKEYS.request(AB:CD:ED:GF:12:23)
2020:03:05-09:56:18 ABC hostapd: wifi1: STA AB:CD:ED:GF:12:23 IEEE 802.11: deauthenticated due to local deauth request
2020:03:05-09:56:18 ABC hostapd: wifi1: STA AB:CD:ED:GF:12:23 IEEE 802.11: deauthenticated due to local deauth request
Thanks,
Steven
This thread was automatically locked due to age.
