USG60W Applying wlan-security-profile with wpa-psk-encrypted to SSID breaks SSID

danyedinakdanyedinak Member Posts: 25  Freshman Member
On a USG60W, applying a wlan-security-profile that uses wpa-psk-encrypted to a wlan-ssid-profile causes the SSID to stop broadcasting and generates errors in the log.

Steps to reproduce
  1. USG60W running 4.35(AAKZ.0C0) or 4.38(AAKZ.0) and factory default configuration
  2. From Management box, login to USG60W and Enable SSH
  3. Connect to USG60W by SSH
  4. Configure security profile and apply using following commands 
  5. enable
  6. configure terminal
  7. wlan-security-profile secProStandard
  8. wpa-encrypt auto
  9. wpa-psk SomePassword!
  10. mode wpa2
  11. exit
  12. wlan-security-profile secProEncrypted
  13. wpa-encrypt auto
  14. wpa-psk-encrypted SomePassword!
  15. mode wpa2
  16. exit
  17. write
  18. wlan-ssid-profile default
  19. security secProStandard
  20. exit
  21. write
  22. Connect client device to the ZyXEL ssid using the SomePassword!
  23. Success
  24. Disconnect Client Device and return to SSH session on management device
  25. wlan-ssid-profile default
  26. security secProEncrypted
  27. exit
  28. write
  29. Scan for wireless networks on client device. ZyXEL ssid (or other ssid as appropriate) find it is no longer visible
  30. show logging entries (filter as desired)
  31. WARNING: #configure terminal wlan-security-profile secProEncrypted_slot2 exit, Security Profile's WPAPSK setting check failed.
  32. ERROR: #configure terminal wlan-security-profile secProEncrypted_slot2 wpa-psk U�������oS_mode><Downlink_rate_limit>0 mbps</Downlink_rate_limit><Uplink_rate_limit>0 mbps</Uplink_rate_limit><Forward_mode>localbridge</Forward_mode><SSID_VLAN_id>1</SSID_VLAN_id><Tunnel_VLANIF></Tunnel_VLANIF><Band_Select_mode>disable</Band_Select_mode><Band_Select_balance_ratio>0</Band_Select_balance_ratio><Band_Select_stop_threshold>0</Band_Select_stop_tC2ƻ\x1e, Parse error/command not found!
  33. show wlan-security-profile secProEncrypted
security profile: secProEncrypted
  reference: 1
  Description: Documenting wpa-psk-enc issue
  Security: wpa2
  Open_Share: open
  WEP_Enc: 64
  Def_Key: 1
  Key1: 
  Key2: 
  Key3: 
  Key4: 
  ReAuth_timer: 0
  Idle_timeout: 300
  Group_key_update_timer: 30000
  WPA_enc: aes
  Preshared_key: ����@[~l
  WPA2_PreAuth: yes
  EAP_auth: no
  EAP_internal_external: internal
  EAP_internal_method: default
  Inner_Radius_IP_addr: 127.0.0.1
  Inner_Radius_port: 1812
  Inner_Radius_secret: 12345678
  Radius_acct_activate: no
  Radius_acct_interim_interval: 10
  Internal_eap_proxy: no
  MAC_auth: no
  MAC_auth_account_delimiter: dash
  MAC_auth_account_case: upper
  MAC_auth_calling_station_id_delimiter: dash
  MAC_auth_calling_station_id_case: upper
  MAC_auth_method: default
  Dot11w: no
  Dot11w_op: 1
  Dot11r: no
  Dot11r_over_the_ds: no
  Dot11r_mobility_domain_id: 
  Dot11r_KEK: 
  Radius_switch_1: no
  Radius_IP_addr_1: 
  Radius_port_1: 
  Radius_secret_1: 
  Account_switch_1: no
  Account_IP_addr_1: 
  Account_port_1: 
  Account_secret_1: 
  Radius_switch_2: no
  Radius_IP_addr_2: 
  Radius_port_2: 
  Radius_secret_2: 
  Account_switch_2: no
  Account_IP_addr_2: 
  Account_port_2: 
  Account_secret_2: 

All Replies

  • Zyxel_CharlieZyxel_Charlie Zyxel Official Agent Posts: 853  mod
    @ danyedinak
    Regarding to this case,
    Thanks for your information.
    It seems its shows gibberish characters on pre-shared key field cause additional issue occur.

    We have confirmed this issue internally, so you could configure the Pre-Shared Key from the GUI to avoid this issue currently. Also, any modification will keep you post.
Sign In to comment.