I am seeing a strange problem with wireless encryprion on a 751G-2HnD. The configuration is straightforward:
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk group-ciphers=tkip,aes-ccm
management-protection=allowed mode=dynamic-keys name=WPA unicast-ciphers=
tkip,aes-ccm wpa-pre-shared-key=12characters wpa2-pre-shared-key=
12characters
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above country=
“united kingdom” disabled=no distance=indoors frequency=2427
frequency-mode=regulatory-domain ht-rxchains=0,1 ht-supported-mcs=“mcs-0,m
cs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,
mcs-13,mcs-14,mcs-15” ht-txchains=0,1 l2mtu=2290 mode=ap-bridge
security-profile=WPA ssid=xxxxxxxxxxx wireless-protocol=any
The 751 is supporting a variety of wireless clients, all configured to use WPA2/AES. Everything was working fine until I decided to disable TKIP on the 751, on the grounds that none of the clients were using it. As soon as I did this, one of the clients disconnected with a ‘deauth’ message and would not reconnect. I re-enabled TKIP and the client reconnected normally. The 751 was consistently reporting the client as using aes-ccm while connected. However with TKIP disabled on the 751, the client would never connect and no attempt at doing so would produce any messages on the 751’s log (even with debug enabled) as if the 751 were unaware of the problem client’s presence. The behaviour is consistent and repeatable. The client concerned is an older Windows machine with PCI G wireless card based on the ‘Marvel’ chipset. Temporarily disabling this card and using a USB wireless dongle allowed the client to connected with the 751 set to AES only, so the problem is specific to the 751 and the PCI wireless card.
I tried using TPLink and D-Link APs (both configured for AES only) in place of the 751 and the problem client with its usual PCI wireless card connected to both of these with no problem at all.
Any idea what could be going on here ?
Thanks, Adam.