Lightning01
Newbie
- Registriert
- 1. August 2009
- Beiträge
- 1
- Reaktionspunkte
- 2
- Punkte
- 23
Hi,
First of all I do speak german as well but I prefer to write this in english (more people can read it!!)
I just want to share my findings after a few hours of debugging WPA / WPA2 WLAN encryption as many other people seem to have troubles as well!!
1.) WPA/WPA2 config method has changed in version 1.77, there is no separate config / menu entry for WAP and WPA2, this has not been updated in CAS studio (yet), also LANG files have not been changed (new files attached - English and German - copy to \MENU\LANG - its not possible to set key via CI Menu), best way to configure WPA is config.xml file directly, see below.
2.) If you want to pair Diablo Wifi with a Cisco AP (c1100 in my case) you will encounter problems as soon as you turn on WPA/WPA2. Reason is a timeout during WAP Key handshake.
Cisco Debug commands (needs level 15):
debug dot11 aaa manager all
debug dot11 aaa dispatcher
term mon
Now you will see the following during authentication:
//SNIP
dot11_mgr_sm_hs_callback: [1] Handshake msg to 0019.2896.2613, timer set: timeout 100 ms
dot11_mgr_sm_run_machine: Executing Action(WPAV2_PTK_MSG2_WAIT,TIMEOUT) for 0019.2896.2613
//SNIP
due to the time-out the authentication will finaly fail:
//SNIP
dot11_mgr_sm_handshake_fail: Handshake failure for 0019.2896.2613
dot11_aaa_send_response: wlccp_ap_auth_method_done 50, method_done 8
dot11_aaa_send_response: Sending response: 0 for: 0019.2896.2613
%DOT11-7-AUTH_FAILED: Station 0019.2896.2613 Authentication failed
//SNIP
To anyway make the WPA/WPA2 working time-out needs to be set to a higher value (in global config mode):
dot11 wpa handshake timeout 500
Then you should get something like that
//SNIP
Aug 2 21:19:51.306: dot11_mgr_sm_hs_callback: [3] Handshake msg to 0019.2896.2613, timer set: timeout 500 ms
Aug 2 21:19:51.335: dot11_mgr_sm_parse_client_pak: Received EAPOL packet from 0019.2896.2613
//SNIP
//SNIP
Aug 2 21:19:51.379: wpav2 Handshake passed
Aug 2 21:19:51.380: dot11_mgr_sm_handshake_pass: Handshake pass for 0019.2896.2613
Aug 2 21:19:51.380: dot11_aaa_send_response: wlccp_ap_auth_method_done 50, method_done 8
Aug 2 21:19:51.380: dot11_aaa_send_response: Sending response: 2 for: 0019.2896.2613
Aug 2 21:19:51.380: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0019.2896.2613 Associated KEY_MGMT[WPAv2 PSK]
Aug 2 21:19:51.380: dot11_aaa_client_associate: Associated 0019.2896.2613
//SNIP
Finally here is the explanation for the config file:
WIFI_ENABLED="Y"
Wifi ON/OFF
WIFI_DOMAIN="ETSI"
Regulatory Domain --> see
WIFI_AP="testssid"
ESSID
WIFI_DHCP="Y"
DHCP YES/NO
WIFI_IP="0.0.0.0"
NOT REQUIRED IF DHCP YES
WIFI_NETMASK="0.0.0.0"
NOT REQUIRED IF DHCP YES
WIFI_GATEWAY="0.0.0.0"
NOT REQUIRED IF DHCP YES
WIFI_DNS="0.0.0.0"
NOT REQUIRED IF DHCP YES
WIFI_ENCRYPT="WPA-PSK + WPA2-PSK"
encryption to be used
WIFI_WEP_KEYIDX="1"
only used for WEP64 and WEP128
WIFI_WEP64_Key1="0000000000"
only used for WEP64 and WEP128
WIFI_WEP64_Key2="0000000000"
only used for WEP64 and WEP128
WIFI_WEP64_Key3="0000000000"
only used for WEP64 and WEP128
WIFI_WEP64_Key4="0000000000"
only used for WEP64 and WEP128
WIFI_WEP128_Key1="00000000000000000000000000"
only used for WEP64 and WEP128
WIFI_WEP128_Key2="00000000000000000000000000"
only used for WEP64 and WEP128
WIFI_WEP128_Key3="00000000000000000000000000"
only used for WEP64 and WEP128
WIFI_WEP128_Key4="00000000000000000000000000"
only used for WEP64 and WEP128
WIFI_WPA_PSK="1234567890"
WPA/WPA2 PSK (ASCII 7 to 63 characters)
WIFI_WPA_PMKPSK="1234567890"
WPA/WPA2 PSK (ASCII 7 to 63 characters)
WIFI_WPA_PMKAP="testssid"
ESSID (max 30 ASCII characters- used as PBKDF2 salt)
WIFI_WPA_PMK="78CC308D65C76BB78AD422EDD2CB228A1281F4101B59B30636F478316C57CA88"
WPA/WPA2 cleartext encryption KEY --> calculated as explained here Link veralten (gelöscht)
WIFI_TXPOWER="17"
WIFI Transmit Power
I hope i could help a few people,
rgds Lightning
First of all I do speak german as well but I prefer to write this in english (more people can read it!!)
I just want to share my findings after a few hours of debugging WPA / WPA2 WLAN encryption as many other people seem to have troubles as well!!
1.) WPA/WPA2 config method has changed in version 1.77, there is no separate config / menu entry for WAP and WPA2, this has not been updated in CAS studio (yet), also LANG files have not been changed (new files attached - English and German - copy to \MENU\LANG - its not possible to set key via CI Menu), best way to configure WPA is config.xml file directly, see below.
2.) If you want to pair Diablo Wifi with a Cisco AP (c1100 in my case) you will encounter problems as soon as you turn on WPA/WPA2. Reason is a timeout during WAP Key handshake.
Cisco Debug commands (needs level 15):
debug dot11 aaa manager all
debug dot11 aaa dispatcher
term mon
Now you will see the following during authentication:
//SNIP
dot11_mgr_sm_hs_callback: [1] Handshake msg to 0019.2896.2613, timer set: timeout 100 ms
dot11_mgr_sm_run_machine: Executing Action(WPAV2_PTK_MSG2_WAIT,TIMEOUT) for 0019.2896.2613
//SNIP
due to the time-out the authentication will finaly fail:
//SNIP
dot11_mgr_sm_handshake_fail: Handshake failure for 0019.2896.2613
dot11_aaa_send_response: wlccp_ap_auth_method_done 50, method_done 8
dot11_aaa_send_response: Sending response: 0 for: 0019.2896.2613
%DOT11-7-AUTH_FAILED: Station 0019.2896.2613 Authentication failed
//SNIP
To anyway make the WPA/WPA2 working time-out needs to be set to a higher value (in global config mode):
dot11 wpa handshake timeout 500
Then you should get something like that
//SNIP
Aug 2 21:19:51.306: dot11_mgr_sm_hs_callback: [3] Handshake msg to 0019.2896.2613, timer set: timeout 500 ms
Aug 2 21:19:51.335: dot11_mgr_sm_parse_client_pak: Received EAPOL packet from 0019.2896.2613
//SNIP
//SNIP
Aug 2 21:19:51.379: wpav2 Handshake passed
Aug 2 21:19:51.380: dot11_mgr_sm_handshake_pass: Handshake pass for 0019.2896.2613
Aug 2 21:19:51.380: dot11_aaa_send_response: wlccp_ap_auth_method_done 50, method_done 8
Aug 2 21:19:51.380: dot11_aaa_send_response: Sending response: 2 for: 0019.2896.2613
Aug 2 21:19:51.380: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0019.2896.2613 Associated KEY_MGMT[WPAv2 PSK]
Aug 2 21:19:51.380: dot11_aaa_client_associate: Associated 0019.2896.2613
//SNIP
Finally here is the explanation for the config file:
WIFI_ENABLED="Y"
Wifi ON/OFF
WIFI_DOMAIN="ETSI"
Regulatory Domain --> see
Sie müssen registriert sein, um Links zu sehen.
for further infosWIFI_AP="testssid"
ESSID
WIFI_DHCP="Y"
DHCP YES/NO
WIFI_IP="0.0.0.0"
NOT REQUIRED IF DHCP YES
WIFI_NETMASK="0.0.0.0"
NOT REQUIRED IF DHCP YES
WIFI_GATEWAY="0.0.0.0"
NOT REQUIRED IF DHCP YES
WIFI_DNS="0.0.0.0"
NOT REQUIRED IF DHCP YES
WIFI_ENCRYPT="WPA-PSK + WPA2-PSK"
encryption to be used
WIFI_WEP_KEYIDX="1"
only used for WEP64 and WEP128
WIFI_WEP64_Key1="0000000000"
only used for WEP64 and WEP128
WIFI_WEP64_Key2="0000000000"
only used for WEP64 and WEP128
WIFI_WEP64_Key3="0000000000"
only used for WEP64 and WEP128
WIFI_WEP64_Key4="0000000000"
only used for WEP64 and WEP128
WIFI_WEP128_Key1="00000000000000000000000000"
only used for WEP64 and WEP128
WIFI_WEP128_Key2="00000000000000000000000000"
only used for WEP64 and WEP128
WIFI_WEP128_Key3="00000000000000000000000000"
only used for WEP64 and WEP128
WIFI_WEP128_Key4="00000000000000000000000000"
only used for WEP64 and WEP128
WIFI_WPA_PSK="1234567890"
WPA/WPA2 PSK (ASCII 7 to 63 characters)
WIFI_WPA_PMKPSK="1234567890"
WPA/WPA2 PSK (ASCII 7 to 63 characters)
WIFI_WPA_PMKAP="testssid"
ESSID (max 30 ASCII characters- used as PBKDF2 salt)
WIFI_WPA_PMK="78CC308D65C76BB78AD422EDD2CB228A1281F4101B59B30636F478316C57CA88"
WPA/WPA2 cleartext encryption KEY --> calculated as explained here Link veralten (gelöscht)
WIFI_TXPOWER="17"
WIFI Transmit Power
I hope i could help a few people,
rgds Lightning
