Previous authentication no longer valid on WiFi – Cisco Aironet 1240AG


To totally unlock this section you need to Log-in


Login

During the usage of a Cisco Aironet 1240AG there could happen that in Event Log of the access point we should see the following message (followed usually by a disconnected client device from the AP):

Interface Dot11Radio0, Deauthenticating Station 0006.2510.bbe3 Reason: Previous authentication no longer valid

Previous authentication no longer valid on WiFi - Cisco Aironet 1240AG

This issue is caused by Aironet Extensions that are, by default, enabled on Cisco Aironet devices. These extensions are explained below and they are exclusively used only by Cisco-enabled client devices, so if you a simple Linux or Windows system, these extensions will not apply:

  • Load Balancing: The access point uses Aironet extensions to direct client devices to an access point that provides the best connection to the network based on factors such as the number of users, bit error rates, load and signal strength. Load balancing is proprietary between devices that understand the Aironet extensions.
  • Repeater mode: Aironet extensions must be enabled on repeater access points and on the root access points to which they associate.
  • Limiting the power level on associated client devices: When a client device associates to the wireless device, the wireless device sends the maximum allowed power level setting to the client.

Load balancing is implemented by extensions in AP beacons and/or probe-responses, which provide information on these:

  • Base-station signal strength.
  • Base station loading (% transmitter busy).
  • Number of hops to the backbone.
  • Number of client associations.

The client evaluates these and associates to the "best" one. Non-Cisco clients do not understand these extensions.

  • MIC: Cisco Proprietary Message Integrity Check (MIC) — MIC is an additional WEP security feature that prevents attacks on encrypted packets called bit-flip attacks. The MIC is implemented on both the access point and all associated client devices.
  • Cisco Proprietary Temporal Key Integrity Protocol (CKIP), also known as WEP key hashing, is an additional WEP security feature that defends against an attack on WEP, in which the intruder uses an unencrypted segment called the initialization vector (IV) in encrypted packets to calculate the WEP key.
  • In addition to these, Aironet Extensions carry more information that include these:

    • Load that the AP currently handles.
    • Number of hops from the Wired network.
    • Device type, which helps identify the product under the Cisco system for management.
    • Device name.
    • Number of associated clients.
    • Radio type, a feature used to determine certain characteristics about the radio, such as datarate, radio type (1310, 1200, 352 or 342), security type (WEP/802.1x), etc.

    Disabling Aironet Extensions disables the features listed above, but it sometimes improves the ability of non-Cisco client devices to associate to the wireless device.

    Disable Aironet Extensions

    Aironet Extensions are enabled by default. Beginning in privileged EXEC mode, follow these steps to disable Aironet Extensions:

     

    Command

    Purpose

    Step 1 

    configure terminal

    Enter global configuration mode.

    Step 2 

    interface dot11radio { 0 | 1 }

    Enter interface configuration mode for the radio interface. The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.

    Step 3 

    no dot11 extension aironet

    Disable Aironet extensions.

    Step 4 

    end

    Return to privileged EXEC mode.

    Step 5 

    copy running-config startup-config

    (Optional) Save your entries in the configuration file.

    1 thought on “Previous authentication no longer valid on WiFi – Cisco Aironet 1240AG”

    Comments are closed.