Android 802.1x WPA enterprise connectivity

[oj43085]

Good Day,

I'm trying to add our office SSID on the android device, but it automatically detects it as WEP, although it is not WEP, it suppose to be 802.1x PEAP (WPA Enterprise).

I am unable to delete or modify the auto-detected SSID. What I did was, at the AP, I selected to not broadcast the SSID, and then I manually added the SSID in the phone, and I am able to select the appropriate security settings. But I can't connect it says not in range.

Then I went back to the AP, enabled broadcasting, then at the device, it still picks up the broadcasted SSID with WEP security and the one I created, it is still "out of range"

On the iPhone, I was able to hold down tap on the wifi ssid, and change the security settings and connect. But on android I am unable to do so. Particularly on Samsung phones, as a lot of users here are using samsung devices.

I checked my phone for any software updates, there are none. Is there a way to fix this?

 

[ocnbrze]

welcome to AF!!!!!!

what phone do you have?

 

[oj43085]

welcome to AF!!!!!!

what phone do you have?

hi! Thanks for the Welcome.

I have a LG E400, but the main devices are Samsung Galaxy S2/S3, Note 1/2, and HTC devices.

Basically any Android device here.

My android version is 2.3.6

Kernel 2.6.38.6-perf+

 

[artaxerxes]

It almost sounds like an AP issue, especially if there is more than one device with the issue. On my phone I can see and connect to that kind of network. I didn't have to add it manually either, Android recognized it properly. Android 4.1.2 stock.

 

[oj43085]

It almost sounds like an AP issue. On my phone I can see and connect to that kind of network. I didn't have to add it manually either, Android recognized it properly. Android 4.1.2 stock.

Maybe it's an android issue? Your version of android is 4.1.2 That is way higher. ..

The AP is a cisco AP and WEP (optional) encryption with Open, Shared and Network EAP authentication.

I have an option to select a cipher but I can't use that cause then the wifi connection will only assk for the cipher key. currently it prompts for username/password which is the way it shouldbe .

 

[artaxerxes]

Pulled out my stock 2.3.5 device and it recognizes the network as well.

 

[artaxerxes]

The AP is a cisco AP and WEP (optional) encryption with Open, Shared and Network EAP authentication.

So it is WEP. Correct?.

Would it help if I posted a screenshot of my 'attempt' to access the network (the login screen)?

Oh, did you configure your RADIUS server correctly?

 

[oj43085]

So it is WEP. Correct?.

Would it help if I posted a screenshot of my 'attempt' to access the network (the login screen)?

Oh, did you configure your RADIUS server correctly?

My radius server is configured correctly cause I can access via iPhone and Win 7, Win XP with wifi.

Anything would help.

 

[artaxerxes]

it suppose to be 802.1x PEAP (WPA Enterprise)

Perhaps this?

 

[oj43085]

Perhaps this?

Yeah man, how did you do that? If I have SSID that is auto detected, I hold down tap I just see Connect to network, I don't see forget or modify.

But if I create it manually I can set it up, however it says "not in range" and picks up one with the same name but different security.

 

[artaxerxes]

I set my AP to literally WPA Enterprise, I've never messed with the WEP side.

 

[oj43085]

Guys, thanks a lot for all the useful feedback.

Would like to update with the latest.

I changed the encryption settings on my AP to WPA (Optional) with no passphrase key.

I left the authentication settings as Open (with EAP) and Shared.

Now, in my device it auto-detects the SSID with the correct Settings and I am able to connect using PEAP and my ldap userid and password.

At the radius server, I can see the connection comes through and is accepted.

On my phone, i am able to browse. But, my Wifi is still "trying to connect" although the connection is already established.

I am sure it's something to do with the encryption settings, would it help if I posted my AP's encryption settings?

 

[oj43085]

Here is the current SSID setting.

TBH, I only set the encryption as cipher with all that info because otherwise the AP does not allow me to use WPA.

For WPA it must be a ciper with atleast tkip-wep40

 

[artaxerxes]

But, my Wifi is still "trying to connect" although the connection is already established.

Like a wifi dropout or a literal error message?

 

[oj43085]

Like a wifi dropout or a literal error message?

There is no error message, connection drops. When I hit connect, it authenticates in the log.. Then it keeps switching from Scanning, Connecting, Disconnected.

 

[artaxerxes]

How are your IP addresses assigned?

 

[oj43085]

How are your IP addresses assigned?

through a dhcp server.

 

[artaxerxes]

Try this:
http://androidforums.com/motorola-droid-x2/551511-doid-x2-2-3-5-a.html#post4749125
Or try assigning a static IP

 

[oj43085]

Try this:
http://androidforums.com/motorola-droid-x2/551511-doid-x2-2-3-5-a.html#post4749125
Or try assigning a static IP

Hi, I checked out that thread. Our dhcp lease time is 24 hours. If I try static IP it does not connect, it keeps jumping from Scanning, connecting, disconnected.

I think my server cleans up request too fast. Maybe..

[HIGH]
Sending Access-Accept of id 49 to 140.10.85.1 port 1645
MS-MPPE-Recv-Key = 0x9e72766b9ccc0050f287947ae1220f424f6ef916553cf21c714ee0d344236ee5
MS-MPPE-Send-Key = 0x6efb780a1b701c49308995a4daf4b546653b5d68d64f2b9d84c54206263da2dc
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "enssupport"
Finished request 130.
Going to the next request
Waking up in 4.5 seconds.
Cleaning up request 121 ID 40 with timestamp +2022
Cleaning up request 122 ID 41 with timestamp +2022
Cleaning up request 123 ID 42 with timestamp +2022
Cleaning up request 124 ID 43 with timestamp +2022
Waking up in 0.1 seconds.
Cleaning up request 125 ID 44 with timestamp +2023
Cleaning up request 126 ID 45 with timestamp +2023
Cleaning up request 127 ID 46 with timestamp +2023
Cleaning up request 128 ID 47 with timestamp +2023
Cleaning up request 129 ID 48 with timestamp +2023
Cleaning up request 130 ID 49 with timestamp +2023
Ready to process requests.
[/HIGH]

 

[oj43085]

Try this:
http://androidforums.com/motorola-droid-x2/551511-doid-x2-2-3-5-a.html#post4749125
Or try assigning a static IP

I really think this is due to the encryption method I selected at my AP. I have no idea what type of encryption I'm using, but all I know is I have to set it up as some type of cipher with TCKS + Wep40 bit atleast, in order for WPA to be in use, which leads to the Android device detecting the right type of encryption and allowing me to use PEAP.

But I believe, that in my AP, I need to change the encryption to something else. Anyone knows about this stuff?

 

[artaxerxes]

There are a few factors, just trying to narrow it down.
If it'll help, my AP encryption is set to CCMP only.

 

[oj43085]

There are a few factors, just trying to narrow it down.
If it'll help, my AP encryption is set to CCMP only.

If I set it to CCMP then the connection on android shows up as unsecured. Are you sure it's not CCMP + WEP ?

 

[artaxerxes]

If I set it to CCMP then the connection on android shows up as unsecured. Are you sure it's not CCMP + WEP ?

Your AP handles things a little differently. Set it to CCMP+WEP, and see if you get a solid secure connection.

 

[oj43085]

Your AP handles things a little differently. Set it to CCMP+WEP, and see if you get a solid secure connection.

Hey! I managed to resolve the issue. I changed the client authentication method to WPA Mandatory instead of Optional.

In order to do that, I had to change the encryption method to AES-CCM.