WPA Authentication Timeout or Failure
I'm having issues with this EAP650 AP and IoT clients (2.4Ghz). After about a day or so these 2.4Ghz-only clients disconnect and the Omada logs are filled with "WPA Authentication Timeout or Failure". Any configuration change I make to the EAP650 results in all devices connecting again for about a day, then the cycle begins again. I have reset the device and added back to the controller but the issue keeps coming back. I also have an EAP610-Outdoor on the same controller and devices connected to it are always fine. Any ideas about this?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi All,
Upon summary, the issue that everyone encountered basically occurs only in the 2.4G clients, but someone can be solved by disable the PMF, and some cannot be solved, and it is now considered that the probability of the problem is still related to the PMF setting.
The PMF feature was supported since Omada Controller v5.7, which requires to upgrade the EAP device firmware to take effect. The previous firmware you used is not adapted to controller 5.7, that is, the previous firmware doesn't support the PMF feature, thus the PMF configuration with "Mandatory" won't affect the connection of non-PMF-capable clients.
It seems that your IoT client is non-PMF-capable, so disable PMF for the IoT network may fix it.
Please disable the PMF settings on all SSIDs you set on the controller, we suspect the PMF settings will affect all SSIDs, so please try it for testing.
You can go to Settings > Wireless Networks > WLAN, choose the SSID and go to Advanced Settings, here you can change the PMF option. The 6GHz band mandates WPA Mode as WPA2-PSK/WPA3-SAE/AES, and WPA2-PSK/WPA3-SAE/AES enables PMF by default. So you can uncheck the 6GHz band and change the WPA Mode to WPA/WPA2-PSK/Auto. After doing that, you can disable PMF.
Thanks all for your cooperation and understanding.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Virgo No, does not help. That document seems to focus on signal strength and the correct password. My IoT devices always have the same password and many are close to the EAP650. As previously stated any config change I make to the EAP650 and everything connects ok for about a day. This seems like an issue where the EAP650 gets stuck authenticating 2.4G clients then any changes and it's back for a day.
- Copy Link
- Report Inappropriate Content
@Bromo have you tried to turn off 5Ghz on the ssid of IoT device and try again? Only enable 2.4Ghz band
- Copy Link
- Report Inappropriate Content
@Giang97 No I have not done this... and I would not accept this as a valid solution. I have run my setup for years with Asus access points where both 2.4Ghz and 5Ghz broadcast the same SSID and no issues. Only after switching to TP-Link am I having these issues... Also the EAP610-Outdoor is fine... only the EAP650 unit seems to hang on 2.4Ghz about once a day and the logs start filling up with the WPA Authentication Timeout or Failure for all 2.4Ghz devices. A simple configuration change fixes it for the next ~20 hours.
- Copy Link
- Report Inappropriate Content
I have the same issue with three EAP-670 access points.
I am running firmware EAP670_v1_1.0.0_20221219 (beta) because I need IPv6 working and I have an OC200 controller with firmware OC200(UN)_v2_2.9.3_20230328.
I have three SSID's, one dual band LAN, one dual band GUEST-LAN and one 2.4GHz TECH-LAN.
Only my TECH-LAN does have trouble every few days (between 3 and 7 days max).
At this moment I have one 2.4GHz TECH SSID for the three access points, but I have also tried separate 2.4GHz TECH SSID's per access point.
When the problem occurs it is always on one random access point, not on all three at the same time.
To get things working again I need to reboot that access point, or re-apply the configuration to that access point, then the clients are able to connect again.
The clients are all nearby an access point and the signal is very good, so distance is not an issue.
Things I have tried without success to pinpoint this connectivity issue:
- Changed TECH SSID WPA2-PSK/WPA3-SAE/AES to WPA2-PSK/AES
- Disabled per access point 2.4GHz RSSI threshold of -70 dBm
- Disabled TECH SSID 2.4GHz Data Rate Control (12Mbps and disabled CCK rates)
- Created a new TECH SSID with all default settings (dual band)
- Created separate TECH SSID's per access point with all default settings (dual band)
- Manually changed 2.4GHz channels per access point
- Disabled Force-Disassociation
- Disabled AI Roaming
I don't know what else I can try, but all of the above settings did not change anything for this connectivity issue.
This Omada network is new since 6 weeks, it replaced my HPE Aruba access points where I did not have this problem.
- Copy Link
- Report Inappropriate Content
@-RB- I used to have the same issue before, my IoT devices could not connect to dual band ssid. When I disabled the 5Ghz band, they are able to connect again without any disruption until now. And the security method I switched to Wpa/Wpa2 personal. You can consider it is a temporarily solution and see if it can work for your case or not and waiting for TPLink team to find out the permanent way to fix this issue.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi, have you tried disabling the Band steering feature?
Actually, how many 2.4G clients are in your network in total?
Are these clients a little far from the APs? Have you tried to move them close to the APs?
- Copy Link
- Report Inappropriate Content
I have 13 clients connected to my IoT TECH 2.4GHz wireless lan. These are distributed over three access points.
Band steering is not relevant because this SSID is 2.4GHz only. Airtime fairness is disabled. The clients are all a few meters away from the nearest access point, Distance is not a problem.
- Copy Link
- Report Inappropriate Content
So I had been having these kinds of issues since I installed my Omada setup. I went back and forth with ecobee support for weeks until they finally gave up on me. It wouldn't stay connected, and they thought it was because of my two APs having similar signal strengths despite the device literally being right next to the AP. I had an irrigation controller that had some similar behavior. They would lose connection AND an IP address and rarely reconnect on their own, it typically required rebooting the device which would only last for 20 minutes or so.
In 2.9.3, there is a way to bind a device to an AP. I bound both devices to an AP and haven't had any dropouts since. One device is on a mixed 5/2.4ghz network (need to change that) and one is on a 2.4ghz only network. From the Client, select Config, then Lock to AP.
I also disabled Mesh. I don't know if that helped since my APs are wired, but was worth a shot.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 7804
Replies: 49
Voters 0
No one has voted for it yet.