[NWA50AX] iOS clients password rejected

robf196
robf196 Posts: 4
Friend Collector
edited August 2022 in WirelessLAN
Been having issues with NWA50AX wireless AP. iOS clients are deauthenticating on a daily basis. When they try to reconnect, they are reprompted for the password, and then get an "incorrect password" error. Resetting iOS network settings allow reconnection until the problem comes again later.

Relevant log information from the NWA50AX AP for a single iOS client experiencing this problem and trying to reconnect:

[2022-05-25 20:44:27] Station: (MAC address) has associated on Channel: 153, SSID: (Network SSID), 5GHz, Signal: -65dBm. Interface: wlan-2-2.
[2022-05-25 20:44:27] Station: (MAC address) has deauth by Unknown! on Channel: 153, SSID: (Network SSID), 5GHz, Signal: -65dBm. Tx/Rx 0/0 Bytes. reason 13, Interface: wlan-2-2.
[2022-05-25 20:44:27] Station: (MAC address) has deauth by Auth Timeout on Channel: 153, SSID: (Network SSID), 5GHz, Signal: -65dBm. Tx/Rx 0/0 Bytes. reason 2, Interface: wlan-2-2.
[2022-05-25 20:44:41] Station: (MAC address) has associated on Channel: 11, SSID: (Network SSID), 2.5GHz, Signal: -59dBm. Interface: wlan-1-2.
[2022-05-25 20:44:41] Station: (MAC address) has deauth by Unknown! on Channel: 11, SSID: (Network SSID), 2.5GHz, Signal: -59dBm. Tx/Rx 0/0 Bytes. reason 13, Interface: wlan-1-2.
[2022-05-25 20:44:41] Station: (MAC address) has deauth by Auth Timeout on Channel: 11, SSID: (Network SSID), 2.5GHz, Signal: -59dBm. Tx/Rx 0/0 Bytes. reason 2, Interface: wlan-1-2.

As you can see this affects both the 2.4GHz and 5GHz bands.

iOS clients are on the lastest version, and the Zyxel AP is on the latest firmware (V6.25(ABYW.8)).

  • Channel selection: DCS
  • DCS Client Aware: enabled (auto, Three-Channel Deployment)
  • SSIDs are using WPA3 Transition (which has worked with the same iOS clients with a different AP in the past)

All Replies

  • Zyxel_HsinBo
    Zyxel_HsinBo Posts: 220  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi, @robf196

     

    Welcome to the Zyxel community!

    We have received your request,

    We have built up the environment with the same AP models, settings, and security mode, run with 3 different IOS devices, everything works fine after one night (reconnection), we would keep observing it.

     

    Could you kindly help us to provide your network topology in your scenario, and the mac address, version info of your IOS clients? (PM me is fine)

     

    And please help us to collect the diagnostic file from the below steps:

    1.  Login to your AP management page
    2.  Find MAINTENANCE from the left sidebar
    3.  Diagnostics
    4.  Collect Now
    5.  Wait 10-15minites till the progress done
    6.  Download and provide with us

     

    We would look into the detailed information of the AP,

    Thanks for helping, Have a nice day,

    Thank you!

     

    Best Regards,

     

    HsinBo

  • robf196
    robf196 Posts: 4
    Friend Collector
    Hello @Zyxel_HsinBo , I just sent you a PM with the information requested as well as a diagnostic file from the AP. Please let me know next steps.

  • Zyxel_HsinBo
    Zyxel_HsinBo Posts: 220  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi, @robf196

    We have received your diagnostic,
    Is there an android device in your family?
    Could you help us to test if the symptom happens on the android devices in your scenario too?

    We would check the diagnostic, 
    and we'll update you by updating the post if there is any new progress.
    Sorry for bringing you inconvenience,
    Thank you.

    Best Regards,

    HsinBo
  • robf196
    robf196 Posts: 4
    Friend Collector
    Hi @Zyxel_HsinBo There are no Android devices to test with on my network.
  • Zyxel_HsinBo
    Zyxel_HsinBo Posts: 220  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2022

    Sorry for the late reply,
    We have checked the diagnostics of your NWA50AX.
    We found some information that may be related to this symptom,
    Logs indicate that in your environment, the utilization of 5Ghz is very high which may affect your device usage.
    (refer to the picture below)

         
      

    But the result of the DCS scan, there is only a 5Ghz SSID neighbor shown in the list, and the same issue which you run into happens on 2.4Ghz SSID, too.
    So we are still working on analyzing this.


    Since the symptom only happens on IOS clients of your description, we are afraid that the issue happens on the device itself which is not worked normally in WPA3 security to authenticate

    Usually, we would need to collect some wireless packets between AP and station, 
    Since it is difficult to capture wireless packets to verify the result for standalone mode AP,
    we may need your help to do a test:

    Create an OPEN security mode SSID, and help us to connect it with your IOS devices and observe the status of stations for a period.
    If the symptom still exists with OPEN security mode, please leave us a message.
    If it is fine with OPEN mode, please try WPA2, and tell us the result, too.

    I have created a ticket in our internal team to track this symptom,
    And I will update this post if there is anything in new progress.
    Sorry for bringing you inconvenience,
    Thank you.

    Best Regards,

    HsinBo

  • Zyxel_HsinBo
    Zyxel_HsinBo Posts: 220  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Good day.
    We have some updates that need to report to you.
    May I know the MAC address of other IOS devices that happens with the same issue and could you kindly tell us that when the symptom happens, do other IOS devices have the same issue at the same time?
    Or it just happens with a single one, and others de-authenticate at different times on their own?

    We have checked the diagnostics you provided, the DCS setting of yours which execute with the interval of 6 hours for 2.4G and 12 hours for 5G, and the DCS Client Aware option is turned on in your DCS setting.
    If there is a station connected with the AP then the AP won’t trigger the AP change channel when DCS Client Aware is turned on.

    In summary, the time interval you set up may trigger DCS in the morning when clients are using, the channel selected by DCS would not update the best choice in your scenario, but the DCS scan process in the background may cause high utilization and perform badly.

    Thus, we suggest you change the DCS setting for your both 2.4G and 5G radio by setting up the time schedule with the time no client using(ex. 03:00a.m.), and turn off the DCS client aware option.

    Then please help us to collect new diagnostics after you have done the settings.
    Sorry for bringing you inconvenience.
    Thanks for your help.

    Best Regards,

    HsinBo
  • robf196
    robf196 Posts: 4
    Friend Collector
    @Zyxel_HsinBo They all happen at different times. Usually specific to a certain device. I have had the problem when turning off DCS Client Aware as well as turning it on.
  • Zyxel_HsinBo
    Zyxel_HsinBo Posts: 220  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi, @robf196

     

    We have received your message,

    General in our troubleshooting progress, we may need to capture wireless packets from the device, but it would be difficult to execute in your scenario.

    (Issue happens on mobile IOS devices, and AP runs under standalone mode).

    Thus, we really need your help to do some tests for us to process the progress.

     

    There are steps that need your assistance,

    Please help us set up with DCS Client aware turned off and DCS time schedule of 3:00 a.m for your DCS settings.

    And manually trigger DCS in the morning, after the DCS progress is finished (about 15 - 20minutes), let your IOS devices access the SSID, and please collect the new diagnostics file of the AP for us.

     

    If the symptom still exists, please try to reboot your AP, and observe for a short period whether the symptom exists or not.

    Sorry for bringing you the inconvenience,

    we would find out the root cause as soon as possible.

    Thank you.

     

    Best Regards,

     

    HsinBo