• State TI Thinks Resolved
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 1126 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM4378: Mesh Peering Issue : SAE failure, Authentication is not happening.

Mohammed Zakariya
Intellectual 300 points
Part Number: AM4378

I am currently trying to peer a mesh points AM4378 board running with WL18xx WiFi with a different vendor board running a mesh profile. Taking reference from the WiLink™ 8 WLAN Software - 802.11s Mesh document. The wl18xx_scripts mesh_start.sh is being run on both the boards the peering doesn't occur.

The following mesh_supplicant.conf were used on both the boards,

ctrl_interface=/var/run/wpa_supplicant
country=US
dtim_period=2
beacon_int=100
user_mpm=1
sae_groups=19 26 21 25 20
network={
ssid="meshidzak"
mode=5
frequency=2412
key_mgmt=SAE
pairwise=CCMP
group=CCMP
psk="admin12345"
}5226.wpa_supplicant.log

The MPM is initiated and fails during authentication. I have attached the wpa_supplicant logs.

When configuring with key_mgmt=NONE the mesh peering is successful. Need help on how to make the peering possible with SAE enabled? 

Platform info:

Linux Version - "4.19.59+gitAUTOINC+5f8c1c6121"

SDK - Yocto

Note: When configuring with key_mgmt=NONE the mesh peering is successful. This issue is also related and mentioned with this query where the beacon frames are not processed in AM4378 board. 

https://e2e.ti.com/support/wireless-connectivity/wifi/f/968/p/891612/3298492

 

  • 0
    TI__Mastermind 35795 points

    Hi ,

    We had shared 2 patches with you on thread : https://e2e.ti.com/support/wireless-connectivity/wifi/f/968/p/891612/3298492

    These should resolve secure mesh issue. We tested these on AM335x EVM .  In our configuration we don't use

    pairwise=CCMP
    group=CCMP

    Thanks

    Saurabh

  • 0 in reply to S
    Intellectual 300 points

    Hi Saurabh,

    Thank you for the patch. I have applied your patch for security and verified TI to TI mesh connection and ping and it is working.

    I observed two issues when I tried Inter-op with TI and other vendor mesh peer,
    1. Ping between them is not working.
    2. TI is not receiving few AMPE action frames from other vendor mesh peer.

    1 >> In secured mesh connection (SAE+AMPE) between TI mesh peer and other vendor mesh peer, SAE+AMPE is succeeding but ping between them is not working. TI mesh peer could decrypt the ARP request from other vendor mesh peer and it could send ARP reply. In the other hand, the ARP request from TI could not be decrypted by other vendor mesh (even the ARP reply from TI).

    To make sure unicast keys are proper, I added ARP entry, updated mesh path table and mesh proxy table manually and verified ping between TI mesh peer and other vendor mesh peer and it is pinging.
    Looks like there could be issue in TI Tx broadcast key(Own MGTK).

    2 >> TI is not receiving all the AMPE action frames sent by other vendor mesh peer. It is receiving only few action frames, which is leading to multiple AMPE frame re-transmission.

  • 0 in reply to Mohammed Zakariya
    TI__Mastermind 35795 points

    Hi ,

    WiLink8 mesh solution is not tested with 3rd party devices. We cannot support you much here.  We will provide you with latest wl8 firmware so that you are able to perform tests with latest device s/w . 

    Thanks

    Saurabh