NWA50AX - Clients get "wrong password"

I'm running 3 APs in a Mesh Setup, two of them are wired. After a while mobile clients (iOS + Android) get a "wrong password" at the WPA authentication - although the password is definitely correct. Often a switch off/on heals, but not always.

Firmware is up to date.

Do you have any ideas or instructions?

«1

All Replies

  • Zyxel_Kay
    Zyxel_Kay Posts: 522  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @TheMichaelOne

     

    The "wrong password" error msg may be a result of the "key handshake failed" log you mentioned in another forum post about problems with the NWA50AX. To assist you further, we would like to offer some potential causes and recommended deployment adjustments.  

    Please refer to our response on the forum for more information: 
    Problems in Logfile of NWA50AX — Zyxel Community 

     

    Kay 

    Kay

  • additional question: is it recommended to activate Wifi 6? Will it have a positive effect on the observed issues?

  • Problem seems to remain even after recommended config changes:

    Station: xxx blocked by key handshake fail on Channel: 36, SSID: , 5GHz, Signal: -37dBm, Download/Upload: 452/0 Bytes, reason 2, Interface: wlan-2-1 [count=2]2023-05-09 10:24:48WiFi Praxis LANStation: xxx deauthenticated by key handshake fail [count=2]

  • Zyxel_Kay
    Zyxel_Kay Posts: 522  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2023

    Hi  @TheMichaelOne

    We noticed that some clients on your site have low WiFi capabilities, it seems like there are IoT devices in your network. To improve their connectivity, we recommend creating a separate SSID for these devices and have the following setting at Configure >> Access points >> SSID advanced settings: 

    1. Set the security option for the new SSID as "WPA2".  
    2. Configure the SSID to 2.4GHz band only.  
    3. Disable the 802.11k/v/r function. 

    Furthermore, if any device only supports 802.11 b/g/n, you can modify the radio mode for the 2.4GHz band from its current "auto" setting to "b/g/n" at Configure >> Access points >> Radio settings. 

       

    We hope that these adjustments will help to improve your devices' connectivity. If you have any further questions or concerns, please let us know.    

     

    Kay 

    Kay

  • TheMichaelOne
    TheMichaelOne Posts: 9
    First Anniversary First Comment
    edited May 2023

    I applied all recommended changes, but still see handshake errors in the event log.

    Station: xxx blocked by key handshake fail on Channel: 6, SSID:yyy 2.4GHz, Signal: -39dBm, Download/Upload: 452/0 Bytes, reason 2, Interface: wlan-1-1 [count=2]2023-05-12 13:48:01WiFi Praxis SoziWireless LANStation: xx:xx:xx:99:95:be deauthenticated by key handshake fail [count=2]

  • Zyxel_Kay
    Zyxel_Kay Posts: 522  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @TheMichaelOne

     

    We have noticed a high frequency of "key handshake fail" logs on your AP - WiFi Praxis Sozi. We have collected the internal log from your AP for further investigation, and we will keep you updated on any developments. 

    To assist us in better understanding your issue, could you please share with us the following information: 

    1. What is your network topology? 
    2. Does this problem occur on every client? If not, could you please provide us with the client device models, operating systems, and OS versions of the affected devices? 

     

    Kay 

    Kay

  • Thanks for your message. I'll try to give answers.

    1.) It's an employees Wifi, Internet only via a Zyxel PoE Switch provided by an AVM Router. 2 wired AP, 1 Mesh, all in different rooms. Whole area is 150 square meter. Idea is to have Wifi with the same SSID in all rooms.

    2.) I need to ask, as I'm not onsite. But I assume it affects multiple clients (also according to the logs.

    It looks to me, as if the takeover to the next AP causes problems if the people move between the AP.

    Thanks in advance, Michael

  • Zyxel_Kay
    Zyxel_Kay Posts: 522  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @TheMichaelOne

     

    Upon reviewing the internal log, we noticed some EAPOL key timeout records. As a result, we kindly request your assistance in debuging. Could you please leave the environment for us? Currently, since the client is not being used, clients with connection issues are not attempting to connect. Therefore, we need you to select one of the abnormal connection clients and keep it continuously trying to connect to this AP(Sozi). Please provide us with the client's MAC address via private message. 

    (*Please note that do not reboot the AP if there is no service impact)

    Additionally, to aid in our investigation and observe the driver counter, could you please provide us with your available time during which you could keep the client connected to the AP(Sozi)? If possible, please provide us with a time slot between 9:00-18:00 (UTC+8). 

     

    Kay 

    Kay

  • Hi there, thanks for your efforts. In the next days I will not be able to be onsite.

    What do you mean by "leave the environment for us"? To log out from the Nebula Portal? I did that.

    I understand, that you have a (or several) particular client under suspect?! Maybe we can try to narrow it down by the time (certain employees are working at certain times) or other connectivity information.

    Thanks in advance and best regard, Michael

  • Zyxel_Kay
    Zyxel_Kay Posts: 522  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @TheMichaelOne

     

    The “leave the environment for us” that I mentioned previously, simply means that we would appreciate it if you could refrain from rebooting your AP and leave it in its current state. This will allow us to investigate the behavior of your AP more effectively. 

    Regarding the problem of key handshake failed problem, we would like to have a further discussion with your situation through the private message. 

      

    Kay 

    Kay