Cannot connect to hidden SSID, wpa_supplicant and Zydas driver - Networking

This is a discussion on Cannot connect to hidden SSID, wpa_supplicant and Zydas driver - Networking ; Hi, I have been unable to connect to a Cisco Aironet 1200 that has guest_mode set to NONE using wpa_supplicant 0.5.4 and zydas driver r83. I've tried many different configs, but the one that I thought had the best chances ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Cannot connect to hidden SSID, wpa_supplicant and Zydas driver

  1. Cannot connect to hidden SSID, wpa_supplicant and Zydas driver

    Hi,
    I have been unable to connect to a Cisco Aironet 1200 that has
    guest_mode set to NONE using wpa_supplicant 0.5.4 and zydas driver
    r83. I've tried many different configs, but the one that I thought
    had the best chances was this one:

    ctrl_interface=/tmp/wpa
    ap_scan=2
    network={
    ssid="ecgap1"
    key_mgmt=IEEE8021X
    eap=LEAP
    identity="xxxxxxx"
    password="xxxxxxx"
    }

    The man page for wpa_supplicant says to set proto, group, and pairwise
    if I use ap_scan=2, but my security is LEAP with dynamic WEP. With
    this security it seems that these fields would not need to be set. Am
    I wrong about this?

    Here are my results from this config:
    1178738338.405000: Initializing interface 'wlan0' conf '/atlas/DATA/
    pdofiles/wpa_supplicant_config/config' driver 'wext' ctrl_interface
    'N/
    A' bridge 'N/A'
    1178738338.406000: Configuration file '/atlas/DATA/pdofiles/
    wpa_supplicant_config/config' -> '/atlas/DATA/pdofiles/
    wpa_supplicant_config/config'
    1178738338.406000: Reading configuration file '/atlas/DATA/pdofiles/
    wpa_supplicant_config/config'
    1178738338.407000: ctrl_interface='/tmp/wpa'
    1178738338.407000: ap_scan=2
    1178738338.408000: Priority group 0
    1178738338.408000: id=0 ssid='ecgap1'
    1178738338.408000: Initializing interface (2) 'wlan0'
    1178738338.437000: EAPOL: SUPP_PAE entering state DISCONNECTED
    1178738338.437000: EAPOL: KEY_RX entering state NO_KEY_RECEIVE
    1178738338.437000: EAPOL: SUPP_BE entering state INITIALIZE
    1178738338.437000: EAP: EAP entering state DISABLED
    1178738338.438000: EAPOL: External notification - portEnabled=0
    1178738338.438000: EAPOL: External notification - portValid=0
    1178738338.570000: SIOCGIWRANGE: WE(compiled)=18 WE(source)=13
    enc_capa=0x8014c114
    1178738338.570000: capabilities: key_mgmt 0x0 enc 0x7
    1178738338.570000: WEXT: Operstate: linkmode=1, operstate=5
    1178738338.575000: Own MAC address: 00:12:0e:20:dc:4f
    1178738338.575000: wpa_driver_wext_set_wpa
    1178738338.577000: wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0
    seq_len=0 key_len=0
    1178738338.629000: wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0
    seq_len=0 key_len=0
    1178738338.681000: wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0
    seq_len=0 key_len=0
    1178738338.759000: wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0
    seq_len=0 key_len=0
    1178738338.763000: wpa_driver_wext_set_countermeasures
    1178738338.763000: wpa_driver_wext_set_drop_unencrypted
    1178738338.766000: Setting scan request: 0 sec 100000 usec
    1178738338.766000: Added interface wlan0
    1178738338.866000: State: DISCONNECTED -> SCANNING
    1178738338.866000: Trying to associate with SSID 'ecgap1'
    1178738338.866000: Cancelling scan request
    1178738338.866000: WPA: clearing own WPA/RSN IE
    1178738338.866000: Automatic auth_alg selection: 0x4
    1178738338.871000: WPA: clearing AP WPA IE
    1178738338.871000: WPA: clearing AP RSN IE
    1178738338.871000: WPA: clearing own WPA/RSN IE
    1178738338.871000: No keys have been configured - skip key clearing
    1178738338.871000: wpa_driver_wext_set_drop_unencrypted
    1178738338.874000: State: SCANNING -> ASSOCIATING
    1178738338.874000: WEXT: Operstate: linkmode=-1, operstate=5
    1178738338.874000: wpa_driver_wext_associate
    1178738338.899000: Setting authentication timeout: 60 sec 0 usec
    1178738338.899000: EAPOL: External notification - portControl=Auto
    1178738339.547000: RX ctrl_iface - hexdump_ascii(len=14):
    53 54 41 54 55 53 2d 56 45 52 42 4f 53 45 STATUS-
    VERBOSE
    1178738340.580000: RX ctrl_iface - hexdump_ascii(len=14):
    53 54 41 54 55 53 2d 56 45 52 42 4f 53 45 STATUS-
    VERBOSE
    1178738341.297000: RX EAPOL from 00:11:92:01:9e:f0
    1178738341.297000: Setting authentication timeout: 70 sec 0 usec
    1178738341.297000: EAPOL: Received EAP-Packet frame
    1178738341.317000: RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
    1178738341.613000: RX ctrl_iface - hexdump_ascii(len=14):
    53 54 41 54 55 53 2d 56 45 52 42 4f 53 45 STATUS-
    VERBOSE
    1178738342.645000: RX ctrl_iface - hexdump_ascii(len=14):
    53 54 41 54 55 53 2d 56 45 52 42 4f 53 45 STATUS-
    VERBOSE
    1178738343.677000: RX ctrl_iface - hexdump_ascii(len=14):
    53 54 41 54 55 53 2d 56 45 52 42 4f 53 45 STATUS-
    VERBOSE
    1178738344.779000: RX ctrl_iface - hexdump_ascii(len=14):
    53 54 41 54 55 53 2d 56 45 52 42 4f 53 45 STATUS-
    VERBOSE
    1178738345.813000: RX ctrl_iface - hexdump_ascii(len=14):
    53 54 41 54 55 53 2d 56 45 52 42 4f 53 45 STATUS-
    VERBOSE
    1178738346.845000: RX ctrl_iface - hexdump_ascii(len=14):
    53 54 41 54 55 53 2d 56 45 52 42 4f 53 45 STATUS-
    VERBOSE
    1178738347.877000: RX ctrl_iface - hexdump_ascii(len=14):
    53 54 41 54 55 53 2d 56 45 52 42 4f 53 45 STATUS-
    VERBOSE
    1178738348.909000: RX ctrl_iface - hexdump_ascii(len=14):
    53 54 41 54 55 53 2d 56 45 52 42 4f 53 45 STATUS-
    VERBOSE
    1178738350.017000: RX ctrl_iface - hexdump_ascii(len=14):
    53 54 41 54 55 53 2d 56 45 52 42 4f 53 45 STATUS-
    VERBOSE
    1178738351.049000: RX ctrl_iface - hexdump_ascii(len=14):
    53 54 41 54 55 53 2d 56 45 52 42 4f 53 45 STATUS-
    VERBOSE
    1178738352.081000: RX ctrl_iface - hexdump_ascii(len=14):
    53 54 41 54 55 53 2d 56 45 52 42 4f 53 45 STATUS-
    VERBOSE
    1178738352.686000: RX ctrl_iface - hexdump_ascii(len=9):
    54 45 52 4d 49 4e 41 54 45
    TERMINATE
    1178738352.686000: Removing interface wlan0
    1178738352.686000: State: ASSOCIATING -> DISCONNECTED
    1178738352.686000: WEXT: Operstate: linkmode=-1, operstate=5
    1178738352.686000: No keys have been configured - skip key clearing
    1178738352.686000: EAPOL: External notification - portEnabled=0
    1178738352.686000: EAPOL: External notification - portValid=0
    1178738352.686000: wpa_driver_wext_set_wpa
    1178738352.688000: wpa_driver_wext_set_drop_unencrypted
    1178738352.693000: wpa_driver_wext_set_countermeasures
    1178738352.693000: No keys have been configured - skip key clearing
    1178738352.693000: WEXT: Operstate: linkmode=0, operstate=6
    1178738352.701000: Cancelling scan request

    As soon as I turn guest_mode=ecgap1 and comment out ap_scan=2, I get a
    connection. Does this mean that I cannot have a hidden ssid with this
    version of wpa_supplicant and zydas driver?

    Thanks for your help,

    Nancy


  2. Re: Cannot connect to hidden SSID, wpa_supplicant and Zydas driver

    nancya42000@yahoo.com wrote:
    >
    > As soon as I turn guest_mode=ecgap1 and comment out ap_scan=2, I get a
    > connection. Does this mean that I cannot have a hidden ssid with this
    > version of wpa_supplicant and zydas driver?


    A lot of wireless MAC layers do not handle hidden SSID's very well. It appears that the zydas
    driver's MAC layer is one of them. If you have hidden the SSID as a security measure, forget about
    it. With a hidden SSID, you must use active scanning. If anyone is snooping your network, as soon as
    any interface successfully scans, they will know everything that was supposedly hidden. All that is
    accomplished is that it is tougher for you to connect. The use of LEAP with strong passwords does
    provide security.

    Larry

+ Reply to Thread