NWA90AX connection issues with second and third SSID

IdWaxDat
IdWaxDat Posts: 5
First Comment
edited November 2023 in Nebula
I'm having a problem with my NWA90AX that is driving me nuts.  I've created three SSIDs for my retail store.  SSID-1 works just fine.  SSID-2 & SSID-3 have several connection problems.  

1 - They frequently won't allow login with shared key, but will allow login if no shared key required.  SSID-1 is unaffected and I can log in with these no problem.

2 - When connection does happen they will drop the connection without warning and then problem 1 usually happens.  SSID-1 never drops the connection.

3 - Occasionally when they do connect, there will be no internet.  SSID-1 remains connected to the internet with speeds consistent with my internet connection.

All three SSIDs are configured exactly the same other than a unique name for each SSID and a unique shared key for each SSID.  

My internet connection is stable.  My wired devices are unaffected.  I have no other WAPs on my network.  

For those who will ask why I need three SSIDs, I ultimately want to have 3 VLANs (1 for business devices, 1 for guests, and 1 for smart infrastructure devices) with metered or scheduled connections.   

Any help/direction to resources would be greatly appreciated.  
«1

All Replies

  • Zyxel_Judy
    Zyxel_Judy Posts: 875  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @IdWaxDat,

     

    Have you checked whether there is space or special character in the password of SSID2 and SSID3? Because stations can connect if no shared key required, so we’d like to clarify whether stations could not connect to SSID because of password typo.

     

    Regards to there is no Internet when station connect to SSID2 and SSID3, please:

      1. Check if the SSID2 and SSID3 are using the correct VLAN ID. Go to Access point > Configure > SSID advanced settings > select the SSID2 and SSID3 > edit VLAN ID

      2. Check if the switch port that AP and gateway are connected to has configured the corresponding VLAN settings.

      3. Check if the gateway has configured the corresponding VLAN interface.

     

    Please let us know the result here after your checking. In case the issue still happens, please: 

    1.    Enable customer’s Zyxel support by going to the left sidebar > Help > Support request > Invite Zyxel support as administrator, save the changes for us to check. 

    2.    Please share your network topology, so we can understand how you connect your network devices and clients.

    3.    Provide the station MAC, connected time, the SSID and the diagnostic file after the issue happens via private message. We’ll send message for you, so please pay attention at your forum inbox.

    The path to collect diagnostic file: WEB GUI > Maintenance > Diagnostics > Diagnostics

    Judy

  • Hi Judy,

    Thanks for the reply.  

    As yet I have not set up additional VLANs.  Each SSID is using VLAN1 at this time.  And the VLAN is a 'down the road' deployment for me.  I have been able to connect to SSID 2 & 3.  When they have connected they are stable for a short period (5-10 minutes) before crashing.  For reference though:

    SSID1 on VLAN1 = Waxing-The-City 
    SSID2 on VLAN2 = Waxing-The-City-Guest
    SSID3 on VLAN3 = WTC-Smart

    I have removed the shared key requirement for SSID 2 and have been able to connect a client is SSID2 and it had internet connectivity.  After about 10 minutes I disconnected from SSID2.  I applied a test shared key to SSID2 and attempted to reconnect.

    The shared key is very simple at this time and is a short string of sequential numbers and letters with a special character in-between.  I used ABC@1234 I've confirmed this key is correct on several clients with the same results.  

    My immediate concerns are:
    1 - Not being able to connect or stay connected with SSID2 & SSID3
    2 - When a device is connected to SSID2 & SSID3 being able to connect to the internet.  

    However, your response got me to dig in an do a deep look at my settings.  There was one big difference between SSID1 and SSID2&3.  SSID1 had 5GHz and 6GHz enabled.  SSID2&3 I had configured for 2.4GHz only.  

    I did some speed tests and when I was on a 5GHz all SSIDs connected and connected to the internet with download speeds within 90% of my 100/10 rated up/down speeds.  I was also able to maintain multiple connections on SSID2 using 5GHz for several hours.  

    When I disabled 5 & 6 GHz on all SSIDs I experienced very slow speeds with only 1-5% of my rated down speed and about 49% of my rated up speed.  I also began experiencing drops with the 2.4GHz network after a few minutes.

    I'm starting to think I might have a faulty 2.4GHz antenna.  I can leave 5GHz on for SSID2 and just limit bandwidth, but the devices I plan to connect to SSID3 are 2.4GHz only smart devices.  

    1 - I've enabled suport

    2 - Network topography is pretty simple.  Gateway => Switch => WAP

    Complete list of devices/connections are:

    Internet gateway is a CenturyLink provided C4000BZ modem made by Axon.  WiFi is disabled.

    Modem is connected to a 16 port Trendnet TPE-TG182 16 port PoE+ switch.

    Multiple devices are directly connected to the switch.  2 computers, QNAP NAS, VIvoTek NVR, Sonos amp, 3 VOIP telephones, and a ZyXel NWA90AX WAP (cat 7 cabling).  

    Connected to the WAP we have about 14 smartphones/iPads, 3 computers, 2 printers.

    3 - I might need a little more direction pulling the requested information. 

    Thanks again,
    Jeff
  • Update to above.  After being stable for several hours the internet connection on SSID2 and SSID3 went dead.  I disconnected and tried to reconnect but got 'unable to connect' errors for SSID2 and SSID3.  I was still able to connect to SSID1 and the internet worked.  I'm at a complete loss.
  • Zyxel_Judy
    Zyxel_Judy Posts: 875  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited January 2023

    Hi Jeff,

     

    From the Access point > Monitor > Client list > Wif Aid, we found that some clients have wireless connection

    Base on the MAC to check the event log show client blocked by key handshake fail.


    The diagnostic file show the reason as the incorrect password AP-STA-POSSIBLE-PSK-MISMATCH.


    The change log show passwords were changed some times, we recommend forget or delete the SSID profile on the client then reconnect again with the correct password.


    Judy

  • IdWaxDat
    IdWaxDat Posts: 5
    First Comment
    edited January 2023
    I'll do as you recommend over the weekend.  I'll change the shared keys to 2222@2222 for SSID2 and 3333@3333 for SSID3 to reduce risk of error.

    I don't understand though how that would explain multiple clients being stable for hours with 95% rated internet up/down speeds on SSID2&3.  Then disconnecting and not being able to reconnect with no changes being made to the shared key.  While devices on SSID1 being unaffected.  

    Also doesn't explain why the 2.4GHz signal has very slow speeds.  Or why smart devices, which only need to be connected once drop and don't reconnect.   
  • Zyxel_Judy
    Zyxel_Judy Posts: 875  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi Jeff, 

     

    As the message, you have not had any dropped connections or failure to connect errors.  

     

    Related to the speeds when clients connect to 2.4GHz SSID, high channel utilization when transferring data might be the reason.


    Suggest you choosing “All available channels” for 2.4GHz channel development to let AP have more choices when doing DCS. 

    Judy

  • ep4it
    ep4it Posts: 3
    First Comment

    I have a similar problem with the NWA90AX. The strange thing is that I only have this issue with a Ring Doorbell that seems to drop off the second ssid with the same messages in the logs regarsding being 'blocked by key handshake fail'. The device will reconnect at some stage usually once a day but then drop off again. I have not tried connecting it to ssid1 which is not using a separate vlan. There are two other Ring devices and amazon alexa that never seem to drop off the dedicated smart device vlan. The password on the Ring Doorbell has to be correct for it to connect in the first place. I suspect that there is something in the specificiation of wlan chipset of the WAP and the ring doorbell that precipitates this issue.

    My next plan is move the Ring doorbell to ssid1 on the WAP. If thatstill fails then I will try a completely different WAP.

    @IdWazDat - did you have any luck putting your smart devices on SSID1?

  • IdWaxDat
    IdWaxDat Posts: 5
    First Comment

    I just returned the WAP and tried a new one. ZYXEL said that wouldn't work, but it did.

  • Zyxel_Judy
    Zyxel_Judy Posts: 875  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @ep4it ,

    a Ring Doorbell that seems to drop off the second ssid with the same messages in the logs regarsding being 'blocked by key handshake fail'. 

    How is signal strength of Ring Doorbell? The bad signal is one of reason led to the authentication process is uncompleted and have 'blocked by key handshake fail' logs.

    Which band you configure for the SSID2? For IoT device using, we recommend trying the following SSID settings adjustments to improve the connection stability: 

    1. Set the security option as "WPA2". 
    2. Configure 2.4GHz band only. 
    3. Disable the 802.11k/v/r function.  

    There are two other Ring devices and amazon alexa that never seem to drop off the dedicated smart device vlan. 

    Which SSID do two other Ring devices and amazon alexa connect to?

    In case, the issue still recurs after adjustments, please provide the Org/ Site name and enable customer’s Zyxel support by going to the left sidebar > Help > Support request > Invite Zyxel support as administrator, save the changes for us to check.

    Judy

  • ep4it
    ep4it Posts: 3
    First Comment
    edited April 2023

    The last recorded signal strength of the Ring Doorbell was RSSI-63

    The other Ring Devices and and the Alexa and a few other mobile devices all connect to the same ssid as the Ring Doorbell. The other devices do not drop off the ssid.

    If I power cycle the Ring Doorbell it works for a few hours. Then sometimes after up to a day or so later, it reconnects on it's own!

    I had already set these parameters.

    1. Set the security option as "WPA2". 
    2. Configure 2.4GHz band only. 
    3. Disable the 802.11k/v/r function

    My devices are not connected to Nebula and therefore I don't think I can perform the invitation for remote support.

Nebula Tips & Tricks