Printers/Copier Won't Authenticate on MR46E

Troy360
Here to help

Printers/Copier Won't Authenticate on MR46E

I have implemented a Meraki wireless LAN at our location.

 

SSID is set to PSK and WPA2

 

I'm in NAT mode with no splash page.

 

Everything is in DHCP.

 

Everything connects seamlessly except for the Sharp MX-C304W and the two HP LaserJet Pro MFPs.

 

auth_mode='wpa2-psk' reason='eapol_timeout' radio='0' vap='0' channel='6' rssi='60'

 

No matter what I try I cannot get these printers to authenticate.  What am I missing?

28 REPLIES 28
UCcert
Kind of a big deal

Are you using both 2.5 and 5.0 GHz frequencies?  You often find that in some 5.0ghz only deployments some legacy devices won’t join the network 

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
BrandonS
Kind of a big deal

@UCcert beat me to the question I would ask 🙂 I have come across devices needing a 2.4 only SSID and I think you still need to ask Meraki support to allow that if you want to try 2.4 only.

Troy360
Here to help

I'm running both 2.4 and 5.0 so I don't think that should be the issue.

ww
Kind of a big deal
Kind of a big deal

Try disable band steering in the wireless profile. Some 2.4ghz clients have problems with this

BrandonS
Kind of a big deal

Check the spec sheets or settings for those printers.  If they only support 2.4GHz they may not join a dual band SSID.  The log snip you shared indicates something is trying a 2.4GHz channel so it seems plausible so far to me.

BrandonS
Kind of a big deal

Here is a screenshot of what I am suggesting and it was the only way I could get some home automation/iot gear to work on my home network:

 

skitch.png

 

 

If I do that, it will restrict all clients to the 2.4 GH band correct?

BrandonS
Kind of a big deal

For that SSID, yes. If your devices require it, you don't really have a choice except to have a separate SSID for legacy devices/printers/whatever requires a 2.4 only SSID.  

 

I attempted that just to see if I could get it to authenticate, but it's still giving me the same issue.

cmr
Kind of a big deal
Kind of a big deal

@Troy360 I'd try bridged mode as opposed to NAT mode, NAT mode is really only for devices that need isolating from the rest of the network, i.e. in an internet café or similar.

I tried it in Bridge mode also, but then it failed at DHCP.

cmr
Kind of a big deal
Kind of a big deal

@Troy360 does a laptop get an address via DHCP in bridged mode?

Yes, it does.  I was able to connect both laptop and phone in Bridged mode.

cmr
Kind of a big deal
Kind of a big deal

Have you tried disabling WiFi6 features?  What HP models are they?

I haven't tried turning off WiFi6.  Would really like to keep those features on, but I'll at least test it.

 

I've mostly been banging my head against a Sharp Copier MX-C304W

 

I've also got two HP LaserJet Pro MFP M428fdw printers.

cmr
Kind of a big deal
Kind of a big deal

I see the onboard WiFi is very old so I'd definitely try disabling WiFi6, it also seems to support two modes, is it in infrastructure mode?

 

Screenshot_20220113-222440_Chrome.jpg

Yes, it's in Infrastructure mode (although I messed around with trying the other even though it didn't make sense).

 

I'll try disabling WiFi6 next just to see if it works.

cmr
Kind of a big deal
Kind of a big deal

The HPs also seem to have an old wireless chip as they too are N at best:

Screenshot_20220113-223546_Chrome.jpg

I'd definitely try disabling WiFi6.

 

I disabled Wi-Fi 6, turned off 5 gh band and the Sharp is still just stuck in a status of "connecting".  I haven't tried the HPs yet.

cmr
Kind of a big deal
Kind of a big deal

@Troy360 apologies, I think I sent you down a dead-end, I have checked my home HP printer and it only supports 802.11n, yet is working perfectly with an MR55/56 setup running 28.5.  The SSID it is connected to is in bridged mode with other settings as below:

cmr_0-1642116078045.png

 

The APs are set to a minimum bitrate of 12Mbps on both bands and they are on dual band without band steering.

 

I have my HP printer working now.  Still no dice on the Sharp Copier but progress!

cmr
Kind of a big deal
Kind of a big deal

Which changes got the HPs working, or have they just sprung into life...!

Putting things into Bridge Mode is what made the HPs happy.

I'm waiting on a Sharp technician to do a site visit to see if they can get the copier working.

Same issue with the HPs.  On the printer itself it shows it's connected to the SSID and has an IP address, but I can't even ping it.

cmr
Kind of a big deal
Kind of a big deal

Are you on the same VLAN and is your IP in the same subnet?

UCcert
Kind of a big deal

12C810EA-504D-4A8A-855F-E7A4BA764FD4.png

Are you falling foul to the Deny  rule under Firewall and Traffic Shaping?

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Looks like everything is good on my Firewall and Traffic Shaping.  No deny rule that would prevent the copier from connecting.

GIdenJoe
Kind of a big deal

@Troy360have you made a wireless capture from the AP you're connecting to or an over the air capture through another AP on the same channel.

You have to first determine at what phase your sharp device is stuck.
A full WPA2 PSK auth would like like this:
Client to AP: Auth
AP to client: Auth success
Client to AP associate (if this is missing client probably does not like association params)
AP to client: assoc success or fail (if fail check!, could be some reason code)
AP to client: 1st message of 4 way handshake (shows as dot1x even for pre-shared key)
Client to AP: 2nd message (this one gets stuck if you have wrong PSK)
AP to cleint: 3rd message
Client to AP: 4th message
Client does the DHCP DORA dance.

Do mind that if you capture from the AP you are connecting to you'll only have half of the messages (Meraki issue)
It's better to have another AP on the same channel and capture there.  Then you'll have the entire conversation.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.