So, first time posting here and from looking around a bit it looks like a great place to post some detailed information I have gathered about wireless problems with my iPAD.
Last Tuesday I brought my iPad to work. I connected it to our corporate network and had no issues connecting. What was interesting was that almost as quickly as I had connected, layer 3 communication ceased. I thought this was amazingly bizarre, so I started digging deeper. Our President also has an iPad and at the same time he made mention to the help desk that he too was having issues.
So here’s out setup; we’ve got a Cisco Wireless network comprised of about one hundred 1231 APs. Each AP supports 802.11a/b/g. We have six current wireless networks running on six different VLANs with hard coded bands. The corporate network only allows rates of 802.11G, which limits its range and requires a large amount of APs. Our AP infrastructure runs at 50% power at each AP to prevent saturation and allow for 15% overlap per Cisco Best practices.
I created five additional test wireless networks (and corresponding VLANs). I began connecting and testing with each. I tried WEP, WPA, WPA2 and WPA2 using TKIP and AES. The problem still persisted. It was almost as if the iPad was successfully associating with the AP’s but failing to pass traffic (which falls in line with my earlier statement of layer 3 traffic failing to be passed). To test that layer 2 traffic was successfully traversing the connection pipe, I went to the core router and flushed the CAM and FIB tables. I was unable to ping the IP address the iPAD said it had but the mac address was immediately learned back into the tables on the core. So the iPAD was successfully associated with the AP infrastructure but was unable to pass layer 3 traffic for some reason.
Then I remembered where I’ve seen this problem before, on cheap ass MSI usb wireless adapters. I immediately changed the length of the WPA/WPA2 key and BAM, no problems. To give you a little back story, we had a nightmare of a time getting MSI usb wireless adapters to work on a few roaming devices about 4 years ago when some genius bought them without consulting the IT department. The problem was that the hardware on the MSI usb wireless sticks couldn’t successfully finish a GTK handshake when the WPA-TKIP passphrase was longer than 26 characters (which ours is).
I tested the iPad on WPA/WPA2 with a passphrase of 8/10/12/16/18/20/22/24 and layer 3 traffic was passed flawlessly. I then re-joined the network who has a passphrase of 28 characters and layer 3 traffic worked for three seconds and then stopped working again. I could also ping the iPad when it was on a network of less than 26 characters indefinitely. If the iPad was on a network of 26 characters or longer, the ping would return for about 6-10 seconds and then stop. The fix that worked for me also worked for the presidents iPad.
I enabled detailed logging on the AP infrastructure and connected to the wireless network with a passphrase longer than 26 characters. The PTK four way handshake finished successfully however the GTK handshake failed on the second packet. Since the PTK handshake, from my reading, is responsible for association to an AP and the GTK two way handshake, is required for something similar, my guess is the failure to correctly process the second packet in the GTK two way handshake is causing this issue. What’s interesting is that the AP says that the second packet it receives from the iPad is “invalid key” and thus the GTK handshake failes. So it appears the iPad is sending the wrong key back (Same thing we saw on the MSI usb wireless sticks). Here’s the debug log from the AP:
2010-05-07 15:00:17,Local7.Debug,155.119.1.148,419: *Apr 4 17:28:44.395 CDT: dot11_dot1x_verify_gtk_handshake: verifying GTK msg 2 from 7c6d.62c3.2a10
2010-05-07 15:00:17,Local7.Debug,155.119.1.148,"420: *Apr 4 17:28:44.395 CDT: dot11_dot1x_verify_eapol_header: Warning: Invalid key info (exp=0x311, act=0x301"
So if someone knows more about wireless than me and says the “Warning: invalid key info” is not a big deal then cool beans, but from the research I’ve done, the iPad wireless has got a REAL issue that needs resolving and I sure hope software can do it.
Last Tuesday I brought my iPad to work. I connected it to our corporate network and had no issues connecting. What was interesting was that almost as quickly as I had connected, layer 3 communication ceased. I thought this was amazingly bizarre, so I started digging deeper. Our President also has an iPad and at the same time he made mention to the help desk that he too was having issues.
So here’s out setup; we’ve got a Cisco Wireless network comprised of about one hundred 1231 APs. Each AP supports 802.11a/b/g. We have six current wireless networks running on six different VLANs with hard coded bands. The corporate network only allows rates of 802.11G, which limits its range and requires a large amount of APs. Our AP infrastructure runs at 50% power at each AP to prevent saturation and allow for 15% overlap per Cisco Best practices.
I created five additional test wireless networks (and corresponding VLANs). I began connecting and testing with each. I tried WEP, WPA, WPA2 and WPA2 using TKIP and AES. The problem still persisted. It was almost as if the iPad was successfully associating with the AP’s but failing to pass traffic (which falls in line with my earlier statement of layer 3 traffic failing to be passed). To test that layer 2 traffic was successfully traversing the connection pipe, I went to the core router and flushed the CAM and FIB tables. I was unable to ping the IP address the iPAD said it had but the mac address was immediately learned back into the tables on the core. So the iPAD was successfully associated with the AP infrastructure but was unable to pass layer 3 traffic for some reason.
Then I remembered where I’ve seen this problem before, on cheap ass MSI usb wireless adapters. I immediately changed the length of the WPA/WPA2 key and BAM, no problems. To give you a little back story, we had a nightmare of a time getting MSI usb wireless adapters to work on a few roaming devices about 4 years ago when some genius bought them without consulting the IT department. The problem was that the hardware on the MSI usb wireless sticks couldn’t successfully finish a GTK handshake when the WPA-TKIP passphrase was longer than 26 characters (which ours is).
I tested the iPad on WPA/WPA2 with a passphrase of 8/10/12/16/18/20/22/24 and layer 3 traffic was passed flawlessly. I then re-joined the network who has a passphrase of 28 characters and layer 3 traffic worked for three seconds and then stopped working again. I could also ping the iPad when it was on a network of less than 26 characters indefinitely. If the iPad was on a network of 26 characters or longer, the ping would return for about 6-10 seconds and then stop. The fix that worked for me also worked for the presidents iPad.
I enabled detailed logging on the AP infrastructure and connected to the wireless network with a passphrase longer than 26 characters. The PTK four way handshake finished successfully however the GTK handshake failed on the second packet. Since the PTK handshake, from my reading, is responsible for association to an AP and the GTK two way handshake, is required for something similar, my guess is the failure to correctly process the second packet in the GTK two way handshake is causing this issue. What’s interesting is that the AP says that the second packet it receives from the iPad is “invalid key” and thus the GTK handshake failes. So it appears the iPad is sending the wrong key back (Same thing we saw on the MSI usb wireless sticks). Here’s the debug log from the AP:
2010-05-07 15:00:17,Local7.Debug,155.119.1.148,419: *Apr 4 17:28:44.395 CDT: dot11_dot1x_verify_gtk_handshake: verifying GTK msg 2 from 7c6d.62c3.2a10
2010-05-07 15:00:17,Local7.Debug,155.119.1.148,"420: *Apr 4 17:28:44.395 CDT: dot11_dot1x_verify_eapol_header: Warning: Invalid key info (exp=0x311, act=0x301"
So if someone knows more about wireless than me and says the “Warning: invalid key info” is not a big deal then cool beans, but from the research I’ve done, the iPad wireless has got a REAL issue that needs resolving and I sure hope software can do it.
