802.11 Client Device Interoperability

Reply
Frequent Contributor II
Posts: 110
Registered: ‎12-07-2007

Intel client issues

We have a trouble ticket open on this but it's something we've seen before in our district. The error message below has been showing up for a long time. It is related to the client trying to do machine authentication while the users is logged off (at least we've confirmed this in more than one instance). David Balding and I got lucky enough to capture a client in the air which we think shows this event happening. In the capture, the client responds to the ID request with a null data packet. It is properly crafted but no data in the response portion.

2010-02-19 13:01:03 Local1.Error 10.x.x.2 Feb 19 13:55:29 2010 authmgr: <132197> |authmgr| Maximum number of retries was attempted for station 00:1b:77:16:xx:xx 00:0b:86:31:xx:xx, deauthenticating the station

The below message has exploded on our network since upgrading to 3.3.3.3. There were ~700 per radius server per day prior to the upgrade. The morning after the upgrade it shot up to 25,000 and stays between 15,000 & 25,000 per day. It appears the messages are for stations which are in the same state as above: machine authentication where the user is not logged on.

2010-02-19 13:01:03 Local1.Error 10.x.x.2 Feb 19 13:51:13 2010 authmgr: <132053> |authmgr| Dropping the radius packet for Station 00:1e:65:58:xx:xx 00:0b:86:31:xx:xx doing 802.1x



Anyone else ever see this?
Occasional Contributor II
Posts: 17
Registered: ‎05-08-2007

Re: Intel client issues

I just upgraded to 3.3.3.3, I'll keep a eye on it. Do you have a profile configure under the Persistent tab in the Intel utility?
Guru Elite
Posts: 20,810
Registered: ‎03-29-2007

802.11n?


We have a trouble ticket open on this but it's something we've seen before in our district. The error message below has been showing up for a long time. It is related to the client trying to do machine authentication while the users is logged off (at least we've confirmed this in more than one instance). David Balding and I got lucky enough to capture a client in the air which we think shows this event happening. In the capture, the client responds to the ID request with a null data packet. It is properly crafted but no data in the response portion.

2010-02-19 13:01:03 Local1.Error 10.x.x.2 Feb 19 13:55:29 2010 authmgr: <132197> |authmgr| Maximum number of retries was attempted for station 00:1b:77:16:xx:xx 00:0b:86:31:xx:xx, deauthenticating the station

The below message has exploded on our network since upgrading to 3.3.3.3. There were ~700 per radius server per day prior to the upgrade. The morning after the upgrade it shot up to 25,000 and stays between 15,000 & 25,000 per day. It appears the messages are for stations which are in the same state as above: machine authentication where the user is not logged on.

2010-02-19 13:01:03 Local1.Error 10.x.x.2 Feb 19 13:51:13 2010 authmgr: <132053> |authmgr| Dropping the radius packet for Station 00:1e:65:58:xx:xx 00:0b:86:31:xx:xx doing 802.1x



Anyone else ever see this?




Curious, are these 802.11n clients? If so, what type of encryption are they doing?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 110
Registered: ‎12-07-2007

Re: Intel client issues

All clients appear to be affected although we are presently testing at a campus with 11n. It happens with both Intel and Broadcom cards. Some running Intel Proset supplicant and some using WZC. We are using 802.11i/WPA2 encryption.

It is possible this has been an issue longer than we know (and the system wasn't reporting properly before). This is really strange: once all of the controllers were put on 3.3.3.3, Airwave no longer gets any radius error messages. They are still there but airwave doesn't know it (there's a bug ticket open by another school district looking into this).

We have verified the end users are being affected. Machine authentication failure leads to no drive mappings, missed GPOs and other issues. With our number of devices, it's reaching a critical point quickly. Unfortunately this issue can appear to be the same as Intel Proset problems to the untrained eye.
Occasional Contributor II
Posts: 17
Registered: ‎05-08-2007

Re: Intel client issues

Hello Pete,
Are you using IP MOBILITY? Are you using a specific USERID for Persistent connection? If you are using IP MOBILITY on the SSID and there is not HOME AGENT TABLE available for that IP range, the access point will deauthenticate the client over and over again.
Search Airheads
Showing results for 
Search instead for 
Did you mean: