Software Retries (sw-retry) of HT-SSID Profile - Is it Gone?

clembo · ‎04-13-2009

Supposedly 6.1.2.6 added a feature called Software Retries (sw-retry). I am troubleshooting 802.1x authentication timeout issues with Mac (and some iOS) devices. I want to turn this feature on, but my 6.1.3.3 installation doesn't seem to have it. Was this removed somewhere along the line?

From the 6.1.2.6 release notes:

Changes in Retries (AP to Client)
When the client is not responding to 802.11 packets, the AP will launch two hardware retries; if the hardware retries are notsucessful then software retries. Default value of this knob is disabled (see also 58358).
A knob has been added under HT-SSID profile - sw-retry (type: boolean)
To enable: wlan ht-ssid-profile <profile name> sw-retry
To disable: wlan ht-ssid-profile <profile name> no sw-retry

Thanks

----------------------------------------------------
ACDX, ACMX, ACCP
Zensar Technologies

cjoseph · ‎03-29-2007

It is temporal diversity, now, but it should not really affect timeouts.

Do you have OKC unchecked already?

clembo · ‎04-13-2009

At first I tried validate PMKID with OKC on; but then also tried OKC off. Neither had any noticeable affect. Research brought me to what was the sw-retry setting; no Temporal Diversity. You don't think it won't have any benefit to 802.1x authentications timing out?

I've had very inconsistent experience, mostly from MacBooks and to some degree to iPads. I originally thought it to be ClearPass Policy Manager issue, but seemed to have ruled that out with TAC, they wanted to involve the controller team, but I have not gotten to that yet (next step). I've gone thorugh all the recommendations for Macs that I know of and from this community, but still having the problems. I am trying to determine if indeed it is Aruba or Apple related. It's a K-12 with very little Windows; which don't seem to have any issues.

Thanks

----------------------------------------------------
ACDX, ACMX, ACCP
Zensar Technologies

cjoseph · ‎03-29-2007

Are the timeouts in the Clear Pass Policy Manager or somewhere else?

clembo · ‎04-13-2009

Yes, CPPM shows Request Timed out waiting for client reply. The Mac Book clients usually report: Could not join "NETWORK". A connection timeout occurred.

TAC went through all the logs and didnt' see any issues with CPPM and/or AD as back-end. I started to do some show auth-trace bu commands, but didn't see anything definitive in my eyes; but will share. Feel free to respond, but I'll probably open a new thread and clomark this sw-retry one as resolved.

----------------------------------------------------
ACDX, ACMX, ACCP
Zensar Technologies

clembo · ‎04-13-2009

Colin, one more thing. If you had to sum up that setting (temporal diversity); what would you say its benefit is? What scenario might you see it implemented.

----------------------------------------------------
ACDX, ACMX, ACCP
Zensar Technologies

ariyap · ‎10-12-2010

what are your dot1x profile settings for

Authentication Server Retry Interval
Authentication Server Retry Count

clembo · ‎04-13-2009

@ariyap

Using the default settings; they have not been changed:

Authentication Server Retry Interval = 30
Authentication Server Retry Count = 2

----------------------------------------------------
ACDX, ACMX, ACCP
Zensar Technologies

ariyap · ‎10-12-2010

try it with and see if it makes a diff

Authentication Server Retry Interval = 5

Authentication Server Retry Count = 3

clembo · ‎04-13-2009

Not a great group of test users on the weekend, but after changing those retry settings, we still get the timeouts; and this is with about 20 people on an 80 AP network. I'll work on getting some more debugging on this; but thanks for the suggestion.

----------------------------------------------------
ACDX, ACMX, ACCP
Zensar Technologies

Aruba Networks | People Move. Networks Must Follow.

Software Retries (sw-retry) of HT-SSID Profile - Is it Gone?

Re: Software Retries (sw-retry) of HT-SSID Profile - Is it Gone?

Re: Software Retries (sw-retry) of HT-SSID Profile - Is it Gone?

Re: Software Retries (sw-retry) of HT-SSID Profile - Is it Gone?

Re: Software Retries (sw-retry) of HT-SSID Profile - Is it Gone?

Re: Software Retries (sw-retry) of HT-SSID Profile - Is it Gone?

Re: Software Retries (sw-retry) of HT-SSID Profile - Is it Gone?

Re: Software Retries (sw-retry) of HT-SSID Profile - Is it Gone?

Re: Software Retries (sw-retry) of HT-SSID Profile - Is it Gone?

Re: Software Retries (sw-retry) of HT-SSID Profile - Is it Gone?