PDA connection problem

Discussion in 'Wireless' started by SimonV, Mar 16, 2007.

  1. SimonV

    SimonV Petabyte Poster Administrator

    6,587
    139
    228
    Hi all,

    We have a wireless network using WPA-Enterprise with EAP-MSCHAPv2 802.1x authentication and TKIP encryption.

    Now all laptops work fine and everything is smooth as anything, but I'm trying to get a PDA to connect to the same network but I'm having a bit of trouble.

    After some trial and error with certificates and my remote access policy I've managed to get the PDA to authenticate as I can see in the event log for the RADIUS server that the PDA has been granted access but the PDA disconnects and connects in a matter of seconds and then repeats the whole process over and over again.

    The PDA is a HP iPAQ hx2490b and the wireless AP's are D-Link DWL-8200AP.

    I also checked in the AP's log and this is the data when the PDA is trying to connect:
    Code:
    FRI MAR 16 09:29:09 2007 Wireless --Association:11B STA 00:02:78:54:6d:a2 associated with WLAN1 
     
    FRI MAR 16 09:29:14 2007 Wireless --Deauth: WLAN1 11B STA 00:02:78:54:6d:a2 reason code=1
     
    FRI MAR 16 09:29:17 2007 Wireless --Received Disassoc: WLAN 1 11B STA 00:02:78:54:6d:a2 
    Any help would be great. :)
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Does the PDA support WPA? I know that its normally the AP that does / doesn't suport it, but its an option.

    Other than that can you try stripping away the security and seeing at what stage it fails to authenticate anymore?

    Additionaly my rambling gives this thread a bit of a BUMP! :biggrin
     
  3. SimonV

    SimonV Petabyte Poster Administrator

    6,587
    139
    228
    Yeah the PDA supports WPA and as an open AP or using WEP its fine, like I said the PDA is authenticated by the Radius server but it doesn't stay connected. I've open a support ticket with D-Link about it but just wanted to see if anyone had any idea while I wait for a reply. :(
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  4. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    SimonV,

    According to the "D-Link DWL-8200AP User Manual", it states that the following wireless security methods are available:
    1. WPA-Personal
      • The method of authentication is similar to WEP because you define a "Pre-Shared Key" on the wireless router/AP. Once the pre-shared key is confirmed and satisfied on both the client and access point, then access is granted. The encryption method used is referred to as the Temporal Key Integrity Protocol (TKIP), which offers per-packet dynamic hashing. It also includes an integrity checking feature which ensures that the packets were not tampered with during wireless transmission
    2. WPA2-Personal
      • WPA2-Personal is far superior to WPA-Personal, because the encryption of data is upgraded with the Advanced Encryption STandard (AES).
    3. WPA-Enterprise
      • WPA-Enterprise and WPA2-Enterprise is ideal for businesses that have existing security infrastructures in place. Management and security implementation can now be centralized on a server participating on the network. Utilizing 802.1x with a RADIUS (Remote Authentication Dial-in User Service) server, a network administrator can define a list of authorized users who can access the wireless LAN. When attempting to access a wireless LAN with either WPA_Enterprise or WPA2-Enterprise configured, the new client will be challenged with a username and password. If the new client is authorized by the administration, and enters the correct username and password, then access is granted.
    4. WPA2-Enterprise
      • WPA2-Enterprise is far superior to WPA_Enterpirse, because the encryption of data is upgraded with the Advanced Encryption Standard (AES).

    However, according to the "User's Guide - HP iPAQ hx2000 Series Pocket PC", page 8-3, under "Automatically Connecting to a Network", step 2 states "If you are prompted for a Network Key (WEP), enter it and tap Connect. If you are not sure, contact your network administrator." Even under the section "Manually Entering New Network Settings", step 11 states "To configure the type of network authentication to use, select: a. To use Shared Key authentication, tap the Authentication (Shared mode) listbox. Type the network key in the Network Key: box. b. To use data encryption, tap the Data encryption (WEP enabled) listbox. c. If a network key is provited by your network automatically, tape the The Key is provited for me automatically. 12. For increased security, tap the 802.1x tab and select the UseIEEE8021x network access control chekbox. You should only check this option if it is supported by your netowrk environment. Ask your network adminstrator if you are unsure."

    In summary, it seems like the AP supports WPA and the iPAQ supports WEP. The D-Link DWL-8200AP supports "Shared Key" mode, however by solving that problem would result in creating at least two problems: 1) weakening of the D-Link DWL-8200AP wireless security and 2) Using WEP/Shared Key mode would render the RADIUS server useless.

    I would like to recommend that you get another AP that is compatible with WEP and place it around where the PDA is most likely to be used. If the PDA is likely to be used anywhere on campus grounds, then you might need to implement a second network of WAPs for WEP capable units to use. To help maintain the security integrity of the D-Link DWL-8200AP in WPA-Enterprise mode, you might need to place the WEP WAPS on a VLAN of their own.

    I hope this helps.

    Source:
    1. D-Link DWL-8200AP User Manual - ftp://ftp.dlink.com/Wireless/dwl8200AP/Manual/dwl8200AP_Manual_110.zip
    2. HP invent - User's Guide - HP iPAQ hx2000 Series Pocket PC - August 2004 -http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00267893/c00267893.pdf
     
    Last edited by a moderator: Jan 2, 2015
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  5. SimonV

    SimonV Petabyte Poster Administrator

    6,587
    139
    228
    Well I managed to get hold of a US robotics AP today and guess what it worked. So I know now that its not the iPAQ or anything to do with the RADIUS server its something in the config of the DLink AP. I didn't get the time to investigate but I will hopefully later in the week. Bloody computers, I'm sure gardening would be much easier career.... :)
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  6. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    SimonV,

    What model number is the US Robotics AP?
     
    Last edited by a moderator: Jan 2, 2015
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  7. wizard

    wizard Petabyte Poster

    5,763
    35
    174
    You could always set up a gardening forum as a sideline :D
     
    Last edited by a moderator: Jan 2, 2015
    Certifications: SIA DS Licence
    WIP: A+ 2009
  8. JonnyMX

    JonnyMX Petabyte Poster

    5,239
    211
    236
    I'm having a similar problem, to the extent that I'm trying to work out if my PDA has got a wireless card built in.

    It should be obvious, but even the system information is a bit vague on the subject.

    None of the settings show up, and it has been suggested that I flash the BIOS to see if that helps.

    Stroll on, happy days...

    :blink
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD

Share This Page

Loading...