MR33 AP connectivity issues for Apple Devices

DB
Here to help

MR33 AP connectivity issues for Apple Devices

Hello,

We have installed in our office MR33. Our Guest SSID works well with PC's connectivity. However it does not work well with Apple devices. 

After selecting the Guest SSID and entering the correct password, the Apple device keeps rejecting the connection due to incorrect password even though we know we are entering the right password.

The Apple device also indicated issues with WPA2 settings.

After following recommendations from the Apple support site, the devices still fail to connect.

We have followed the recommendations steps:

1. resetting settings

2. resetting the device

3. re-try the connection by manually entering the SSID and selecting WAP2 as the authenticatin protocol.

 

Still no success after completing those steps.

 

Note that the Apple device used for testing connects well to other WIFI networks.

 

Our MR33 are running firmware version: MR 25.12

The Apple device used in connectivity testing is running IOS 12.0.1.

 

I am interested to know if anyone has come across this issue before? if so, I appreciate suggestions on how to resolve it.

Thanks in advance!

 

 

 

21 Replies 21
BrandonS
Kind of a big deal

What settings do you have on the Meraki side?  It sounds like you chose something Apple doesn't like.

- Ex community all-star (⌐⊙_⊙)
DB
Here to help

Hi BrandonS,

Thanks for your reply.

These are the current settings, which I kept basic as an initial set up testing.

Association requirements: Pre-shared key with WPA2 and a key(password)
WPA encryption mode: WPA2 only
802.11w: disabled
Splash page: None (direct access)
no group policies enabled
Client IP assignment: NAT mode (Use Meraki DHCP)
No VLAN tagging
For now, Band selection: Dual band operation.

AnuragJain
Conversationalist

I have the exact same problem. Please let me know if you were able to get it resolved.

BW2021
New here

What are the hostnames of the iphones in question?  Apple devices frequently have the same hostnames.  I'm curious how a meraki AP like the MR55 handles lets say five devices from Apple all trying to connect with generic hostnames like "IPhone" for all five devices...Typically this wouldn't work on any network because it couldn't resolve the name to duplicate hostnames?  If you had five PCs on a network named DellPC, only one would connect at any given time. 

PhilipDAth
Kind of a big deal
Kind of a big deal

Some clients can not handle complex passwords.   For a test,  try making the password simple. 

DB
Here to help

I'll give that a try. At present it is only one word with two capital letter. I will change to just a plain word and see how it goes. 

THank you.

pstewart
Getting noticed

I have a lot of Apple devices in my home lab - happy to compare settings if you are still having problems ...
DB
Here to help

Thanks pstewart. 

I included my current settings in one of my previous posts.

Appreciate your input.

randhall
Getting noticed

Try opening a support case. We have a similar case involving MR18s (Case# 03209629) and are testing a patch with some luck.

BrandonS
Kind of a big deal

I would try a new SSID with default settings for testing.  Then change one thing at a time to see if it breaks again.  Did you enable 802.11r or change the RF profile at all?

- Ex community all-star (⌐⊙_⊙)
DB
Here to help

BrandonS, I have not enabled 802.11r  nor changed the RF profile. 

Taking every one's suggestions here is the plan.

1. change password to a simple word.

if that doesnt make any difference,

2. I will create a new SSID as per the suggestion and change one setting at a time.

if that doesnt make any difference,

3. Log a TAC case to get them to investigate if a firmware upgrade is required.

 

I will report back results.

Dan_Nicolet
Here to help

I have an MR33 and run several Apple devices on it. The SSID is configured with a Pre-shared key. I am currently running 25.11. I will upgrade and get back with an update. 

My devices are running iOS 12.1 and iOS 12.1 Public beta 4.

DB
Here to help

Thanks

Dan_Nicolet
Here to help

Performed the firmware upgrade and tried several different configurations. I also matched the configuration above. Could not get the Apple devices to fail association.
What is the AP connected to? Seems basic but did you try to reboot the AP?
DB
Here to help

Dan_Nicolet,

Thanks for your input and testing time. I have changed the shared key to a very simple word, rebooted the AP's. User testing, no change unable to authenticate with mobile devices, specifically Apple Iphone.

THe AP is connected to a cisco 3750 via PoE power packs. THe switch port was initially configured as a trunk because I want a vlan for guest and another for corporate. but for the purpose of testing I configured the guest ssid with very simple settings. after encountering all these connectivity issues I changed the switch port config to access mode.

I cannot see how that would impact the authentication, however I gave it a try. Rebooted AP's after switch config change and still no change.

HEre is the error shown in dashboard:

type='WPA-PSK auth fail' associated='false' radio='1' vap='1'

 

I feel like I need to wipe out the AP configs and start again.. if after doing that no change, the next step is a tac case.

 

DB
Here to help

Hi all,

User test this morning for guest ssid:

Apple devices authenticated and connected OK

PC's uthenticated and connected OK

 

This was the last course of actions I did before I would decide to wipe out configs.

1.Reboot AP's, shut down the switch ports immediately to isolate.

2.Re-configure switch ports from Trunk to Access.

3.Re-enabled switch ports. AP's reconnected.

4.Reboot AP's again.

5. I also configured a very simple 8 digit password. ( previous was longer than 8 using mix of capital and numbers)

 

Got users to test this morning and everyone was able to authenticate their devices, Apple's and PC's and navigate the www.

 

Thanks everyone for your input and suggestions.

It was a great welcoming as a newbie on this community.

 

 

 

NolanHerring
Kind of a big deal

@DB  Not to necro this thread, but just curious if by any chance you had disabled 'meshing' under General settings.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Philip1
Conversationalist

@NolanHerring 

Not OP, but that's the behavior I've found in my environment.  After enabling mesh the "wrong PSK" bevavior on my MR33 went away.

 

PSK on MR32 worked, on MR33 didn't work while mesh was disabled.

NolanHerring
Kind of a big deal


@Philip1 wrote:

@NolanHerring 

Not OP, but that's the behavior I've found in my environment.  After enabling mesh the "wrong PSK" bevavior on my MR33 went away.

 

PSK on MR32 worked, on MR33 didn't work while mesh was disabled.


Thanks for the feedback @Philip1 

 

That's not good lol.  Did you open a support case for that?

 

I've disabled MESHING (for testing) with MR33 and did not run into any issue with being able to connect with the same WPA2-PSK network I had before disabling.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
dalmiroy2k
Getting noticed

_ Checkout Air Marshall settings. Allow rogue AP for the test. Make sure your iphone client is actually connecting to your MR33 and not other vendor AP with the same SSID down your network.

_ Disable 802.11R and 802.11W.

_ Switch from Dual band operation with Band Steering to Dual band operation (2.4 GHz and 5 GHz).

_ Consider creating a dedicated SSID for iphone and other problematic clients.

 

After this changes:

 

Erase the stored WIFI session in your test iphone and scan the SSID again. Store the credentials.

mercan
New here

Hello all,

I have the same problem and on acces control page when i select Meraki AP assigned (NAT mode) mode and gave the correct dns the macbook connected and used the internet clearly.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels