Hello,
We have installed in our office MR33. Our Guest SSID works well with PC's connectivity. However it does not work well with Apple devices.
After selecting the Guest SSID and entering the correct password, the Apple device keeps rejecting the connection due to incorrect password even though we know we are entering the right password.
The Apple device also indicated issues with WPA2 settings.
After following recommendations from the Apple support site, the devices still fail to connect.
We have followed the recommendations steps:
1. resetting settings
2. resetting the device
3. re-try the connection by manually entering the SSID and selecting WAP2 as the authenticatin protocol.
Still no success after completing those steps.
Note that the Apple device used for testing connects well to other WIFI networks.
Our MR33 are running firmware version: MR 25.12
The Apple device used in connectivity testing is running IOS 12.0.1.
I am interested to know if anyone has come across this issue before? if so, I appreciate suggestions on how to resolve it.
Thanks in advance!
What settings do you have on the Meraki side? It sounds like you chose something Apple doesn't like.
Hi BrandonS,
Thanks for your reply.
These are the current settings, which I kept basic as an initial set up testing.
Association requirements: Pre-shared key with WPA2 and a key(password)
WPA encryption mode: WPA2 only
802.11w: disabled
Splash page: None (direct access)
no group policies enabled
Client IP assignment: NAT mode (Use Meraki DHCP)
No VLAN tagging
For now, Band selection: Dual band operation.
I have the exact same problem. Please let me know if you were able to get it resolved.
What are the hostnames of the iphones in question? Apple devices frequently have the same hostnames. I'm curious how a meraki AP like the MR55 handles lets say five devices from Apple all trying to connect with generic hostnames like "IPhone" for all five devices...Typically this wouldn't work on any network because it couldn't resolve the name to duplicate hostnames? If you had five PCs on a network named DellPC, only one would connect at any given time.
Some clients can not handle complex passwords. For a test, try making the password simple.
I'll give that a try. At present it is only one word with two capital letter. I will change to just a plain word and see how it goes.
THank you.
Thanks pstewart.
I included my current settings in one of my previous posts.
Appreciate your input.
Try opening a support case. We have a similar case involving MR18s (Case# 03209629) and are testing a patch with some luck.
I would try a new SSID with default settings for testing. Then change one thing at a time to see if it breaks again. Did you enable 802.11r or change the RF profile at all?
BrandonS, I have not enabled 802.11r nor changed the RF profile.
Taking every one's suggestions here is the plan.
1. change password to a simple word.
if that doesnt make any difference,
2. I will create a new SSID as per the suggestion and change one setting at a time.
if that doesnt make any difference,
3. Log a TAC case to get them to investigate if a firmware upgrade is required.
I will report back results.
I have an MR33 and run several Apple devices on it. The SSID is configured with a Pre-shared key. I am currently running 25.11. I will upgrade and get back with an update.
My devices are running iOS 12.1 and iOS 12.1 Public beta 4.
Thanks
Dan_Nicolet,
Thanks for your input and testing time. I have changed the shared key to a very simple word, rebooted the AP's. User testing, no change unable to authenticate with mobile devices, specifically Apple Iphone.
THe AP is connected to a cisco 3750 via PoE power packs. THe switch port was initially configured as a trunk because I want a vlan for guest and another for corporate. but for the purpose of testing I configured the guest ssid with very simple settings. after encountering all these connectivity issues I changed the switch port config to access mode.
I cannot see how that would impact the authentication, however I gave it a try. Rebooted AP's after switch config change and still no change.
HEre is the error shown in dashboard:
type='WPA-PSK auth fail' associated='false' radio='1' vap='1'
I feel like I need to wipe out the AP configs and start again.. if after doing that no change, the next step is a tac case.
Hi all,
User test this morning for guest ssid:
Apple devices authenticated and connected OK
PC's uthenticated and connected OK
This was the last course of actions I did before I would decide to wipe out configs.
1.Reboot AP's, shut down the switch ports immediately to isolate.
2.Re-configure switch ports from Trunk to Access.
3.Re-enabled switch ports. AP's reconnected.
4.Reboot AP's again.
5. I also configured a very simple 8 digit password. ( previous was longer than 8 using mix of capital and numbers)
Got users to test this morning and everyone was able to authenticate their devices, Apple's and PC's and navigate the www.
Thanks everyone for your input and suggestions.
It was a great welcoming as a newbie on this community.
@DB Not to necro this thread, but just curious if by any chance you had disabled 'meshing' under General settings.
Not OP, but that's the behavior I've found in my environment. After enabling mesh the "wrong PSK" bevavior on my MR33 went away.
PSK on MR32 worked, on MR33 didn't work while mesh was disabled.
@Philip1 wrote:Not OP, but that's the behavior I've found in my environment. After enabling mesh the "wrong PSK" bevavior on my MR33 went away.
PSK on MR32 worked, on MR33 didn't work while mesh was disabled.
Thanks for the feedback @Philip1
That's not good lol. Did you open a support case for that?
I've disabled MESHING (for testing) with MR33 and did not run into any issue with being able to connect with the same WPA2-PSK network I had before disabling.
_ Checkout Air Marshall settings. Allow rogue AP for the test. Make sure your iphone client is actually connecting to your MR33 and not other vendor AP with the same SSID down your network.
_ Disable 802.11R and 802.11W.
_ Switch from Dual band operation with Band Steering to Dual band operation (2.4 GHz and 5 GHz).
_ Consider creating a dedicated SSID for iphone and other problematic clients.
After this changes:
Erase the stored WIFI session in your test iphone and scan the SSID again. Store the credentials.
Hello all,
I have the same problem and on acces control page when i select Meraki AP assigned (NAT mode) mode and gave the correct dns the macbook connected and used the internet clearly.