Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 3699 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Correct way to setup a Staff and Guest connection?

Dozer

I have a SG125 with the latest software and updates etc. and 2 x AP15 access points on the LAN.

First of all is there a document explaining the best practice for setting this up with a Guest WLAN?

The "Staff" SSID is bridged to LAN AP and a "Guest" SSID set as "Separate Zone".

The Guest Network is on the default IP range 172.x.x.x as per the setup wizard. DHCP is enabled on this network and I have a masquerade in place. DNS access is allowed for the Guest network to google DNS.

Firewall is set to allow "any" traffic to "Internet" only.

The problem lies when I turn on encryption  - I get a de-auth error message as follows - and the end user keeps getting prompted to enter the password.
Turning off the encryption appears to resolve the issue.

Logs: 

 
2016:11:02-10:41:09 A4003116B42E36E netifd: Network device 'wlan0' link is up
2016:11:02-10:41:09 A4003116B42E36E netifd: Network device 'wlan1' link is up
2016:11:02-10:41:09 A4003116B42E36E netifd: lan (976): Performing a DHCP renew
2016:11:02-10:41:09 A4003116B42E36E netifd: lan (976): Sending renew...
2016:11:02-10:41:09 A4003116B42E36E netifd: lan (976): Lease of 192.168.64.54 obtained, lease time 691200
2016:11:02-10:41:10 A4003116B42E36E kernel: [2590785.550000] br-lan: port 2(wlan0) entered forwarding state
2016:11:02-10:41:10 A4003116B42E36E kernel: [2590785.600000] br-vxlan102: port 2(wlan1) entered forwarding state
2016:11:02-10:42:39 A40031051D8BDCD hostapd: wlan0: STA c0:ce:cd:5f:db:86 IEEE 802.11: authenticated
2016:11:02-10:42:39 A40031051D8BDCD hostapd: wlan0: STA c0:ce:cd:5f:db:86 IEEE 802.11: associated (aid 1)
2016:11:02-10:42:39 A40031051D8BDCD hostapd: wlan0: STA c0:ce:cd:5f:db:86 WPA: pairwise key handshake completed (RSN)
2016:11:02-10:42:39 A40031051D8BDCD awelogger[16107]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="Ffynone-Staff" ssid_id="WLAN1.0" bssid="00:1a:8c:98:73:bf" sta="c0:ce:cd:5f:db:86" status_code="0"
2016:11:02-10:42:39 A40031051D8BDCD awelogger[16107]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="Ffynone-Staff" ssid_id="WLAN1.0" bssid="00:1a:8c:98:73:bf" sta="c0:ce:cd:5f:db:86" status_code="0"
2016:11:02-10:42:39 A40031051D8BDCD awelogger[16107]: id="4101" severity="info" sys="System" sub="WiFi" name="STA connected" ssid="Ffynone-Staff" ssid_id="WLAN1.0" bssid="00:1a:8c:98:73:bf" sta="c0:ce:cd:5f:db:86"
2016:11:02-10:42:49 A40031051D8BDCD hostapd: wlan0: STA c0:ce:cd:5f:db:86 IEEE 802.11: disassociated
2016:11:02-10:42:49 A40031051D8BDCD awelogger[16107]: id="4102" severity="info" sys="System" sub="WiFi" name="STA disconnected" ssid="Ffynone-Staff" ssid_id="WLAN1.0" bssid="00:1a:8c:98:73:bf" sta="c0:ce:cd:5f:db:86"
2016:11:02-10:42:50 A40031051D8BDCD hostapd: wlan0: STA c0:ce:cd:5f:db:86 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
2016:11:02-10:51:49 A4003116B42E36E hostapd: wlan0: STA 68:db:ca:7a:21:37 IEEE 802.11: authenticated
2016:11:02-10:51:49 A4003116B42E36E hostapd: wlan0: STA 68:db:ca:7a:21:37 IEEE 802.11: associated (aid 1)
2016:11:02-10:51:49 A4003116B42E36E hostapd: wlan0: STA 68:db:ca:7a:21:37 WPA: pairwise key handshake completed (RSN)
2016:11:02-10:51:49 A4003116B42E36E awelogger[5132]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="Ffynone-Staff" ssid_id="WLAN1.0" bssid="00:1a:8c:99:9c:5b" sta="68:db:ca:7a:21:37" status_code="0"
2016:11:02-10:51:49 A4003116B42E36E awelogger[5132]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="Ffynone-Staff" ssid_id="WLAN1.0" bssid="00:1a:8c:99:9c:5b" sta="68:db:ca:7a:21:37" status_code="0"
2016:11:02-10:51:49 A4003116B42E36E awelogger[5132]: id="4101" severity="info" sys="System" sub="WiFi" name="STA connected" ssid="Ffynone-Staff" ssid_id="WLAN1.0" bssid="00:1a:8c:99:9c:5b" sta="68:db:ca:7a:21:37"
2016:11:02-10:52:06 A4003116B42E36E hostapd: wlan0: STA 68:db:ca:7a:21:37 IEEE 802.11: disassociated
2016:11:02-10:52:06 A4003116B42E36E awelogger[5132]: id="4102" severity="info" sys="System" sub="WiFi" name="STA disconnected" ssid="Ffynone-Staff" ssid_id="WLAN1.0" bssid="00:1a:8c:99:9c:5b" sta="68:db:ca:7a:21:37"
2016:11:02-10:52:06 A4003116B42E36E awelogger[5134]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="Ffy-Guest" ssid_id="WLAN2.0" bssid="00:1a:8c:99:9c:5c" sta="68:db:ca:7a:21:37" status_code="0"
2016:11:02-10:52:06 A4003116B42E36E hostapd: wlan1: STA 68:db:ca:7a:21:37 IEEE 802.11: authenticated
2016:11:02-10:52:06 A4003116B42E36E hostapd: wlan1: STA 68:db:ca:7a:21:37 IEEE 802.11: associated (aid 1)
2016:11:02-10:52:06 A4003116B42E36E hostapd: wlan1: STA 68:db:ca:7a:21:37 WPA: pairwise key handshake completed (RSN)
2016:11:02-10:52:06 A4003116B42E36E awelogger[5134]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="Ffy-Guest" ssid_id="WLAN2.0" bssid="00:1a:8c:99:9c:5c" sta="68:db:ca:7a:21:37" status_code="0"
2016:11:02-10:52:06 A4003116B42E36E awelogger[5134]: id="4101" severity="info" sys="System" sub="WiFi" name="STA connected" ssid="Ffy-Guest" ssid_id="WLAN2.0" bssid="00:1a:8c:99:9c:5c" sta="68:db:ca:7a:21:37"
2016:11:02-10:52:36 A4003116B42E36E hostapd: wlan0: STA 68:db:ca:7a:21:37 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
2016:11:02-11:01:10 A4003116B42E36E hostapd: wlan1: STA 68:db:ca:7a:21:37 WPA: group key handshake completed (RSN)
2016:11:02-11:01:57 A40031051D8BDCD hostapd: wlan0: STA 34:4d:f7:59:7d:43 IEEE 802.11: authenticated
2016:11:02-11:01:57 A40031051D8BDCD hostapd: wlan0: STA 34:4d:f7:59:7d:43 IEEE 802.11: associated (aid 1)
2016:11:02-11:01:57 A40031051D8BDCD awelogger[16107]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="Ffynone-Staff" ssid_id="WLAN1.0" bssid="00:1a:8c:98:73:bf" sta="34:4d:f7:59:7d:43" status_code="0"
2016:11:02-11:01:57 A40031051D8BDCD awelogger[16107]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="Ffynone-Staff" ssid_id="WLAN1.0" bssid="00:1a:8c:98:73:bf" sta="34:4d:f7:59:7d:43" status_code="0"
2016:11:02-11:02:01 A40031051D8BDCD hostapd: wlan0: STA 34:4d:f7:59:7d:43 IEEE 802.11: disassociated
2016:11:02-11:02:01 A40031051D8BDCD awelogger[16107]: id="4105" severity="info" sys="System" sub="WiFi" name="STA WPA failure" ssid="Ffynone-Staff" ssid_id="WLAN1.0" bssid="00:1a:8c:98:73:bf" sta="34:4d:f7:59:7d:43" reason_code="2"
2016:11:02-11:02:06 A40031051D8BDCD hostapd: wlan0: STA 34:4d:f7:59:7d:43 IEEE 802.11: deauthenticated due to local deauth request
2016:11:02-11:02:10 A40031051D8BDCD hostapd: wlan0: STA 34:4d:f7:59:7d:43 IEEE 802.11: authenticated
2016:11:02-11:02:10 A40031051D8BDCD hostapd: wlan0: STA 34:4d:f7:59:7d:43 IEEE 802.11: associated (aid 1)
2016:11:02-11:02:10 A40031051D8BDCD awelogger[16107]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="Ffynone-Staff" ssid_id="WLAN1.0" bssid="00:1a:8c:98:73:bf" sta="34:4d:f7:59:7d:43" status_code="0"
2016:11:02-11:02:10 A40031051D8BDCD awelogger[16107]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="Ffynone-Staff" ssid_id="WLAN1.0" bssid="00:1a:8c:98:73:bf" sta="34:4d:f7:59:7d:43" status_code="0"
2016:11:02-11:02:14 A40031051D8BDCD hostapd: wlan0: STA 34:4d:f7:59:7d:43 IEEE 802.11: disassociated
2016:11:02-11:02:14 A40031051D8BDCD awelogger[16107]: id="4105" severity="info" sys="System" sub="WiFi" name="STA WPA failure" ssid="Ffynone-Staff" ssid_id="WLAN1.0" bssid="00:1a:8c:98:73:bf" sta="34:4d:f7:59:7d:43" reason_code="2"
2016:11:02-11:02:19 A40031051D8BDCD hostapd: wlan0: STA 34:4d:f7:59:7d:43 IEEE 802.11: deauthenticated due to local deauth request
 


This thread was automatically locked due to age.
Parents
  • 0

    Please insert a picture of the Edit of the wireless network definition with 'Advanced' open and encryption enabled.

    Does this problem occur with one or both APs?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Please insert a picture of the Edit of the wireless network definition with 'Advanced' open and encryption enabled.

    Does this problem occur with one or both APs?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML