Controllerless Networks

Reply
Occasional Contributor I

802.1x failed after device wake up from sleep

Hi Everyone,

 

We are observing an issue on Aruba Instant deployment with a WPA2-Enterprise SSID (using EAP-SIM). The device is iPhone with configuration profile pre-installed.

 

When the device first associate with the network, the authentication process went through smoothly.

However, after the iPhone went to sleep mode (iOS normally will disconnect from Wi-Fi), user wakes the phone up to use, due to Auto-Join is on from the profile, the phone will attempt to connect back to the SSID, and never succeed.

 

Managed to capture "show ap debug auth-trace-buf" log pertaining to the device:

 

Sep 27 12:28:56  station-up             *  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -    wpa2 aes

Sep 27 12:28:56  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:29:58  station-up             *  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -    wpa2 aes

Sep 27 12:29:58  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:29:58  eap-id-resp           ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    56   <imsi>@wlan.mnc003.mcc

Sep 27 12:29:58  rad-req               ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         87   299

Sep 27 12:29:58  rad-resp              <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  87   -

Sep 27 12:29:58  eap-req               <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         76   20

Sep 27 12:29:58  eap-resp              ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         76   88

Sep 27 12:29:58  rad-req               ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  66   351

Sep 27 12:29:59  rad-resp              <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  66   -

Sep 27 12:29:59  eap-req               <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         188  200

Sep 27 12:29:59  eap-resp              ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         188  28

Sep 27 12:29:59  rad-req               ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  85   291

Sep 27 12:30:00  rad-accept            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  85   -

Sep 27 12:30:00  eap-success           <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         248  4

Sep 27 12:30:00  wpa2-key1             <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    117

Sep 27 12:30:00  wpa2-key2             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    117

Sep 27 12:30:00  wpa2-key3             <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    175

Sep 27 12:30:00  wpa2-key4             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    95

Sep 27 12:30:00  rad-acct-start        ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

Sep 27 12:30:50  rad-acct-stop         ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

 

At the last entry, the iPhone has already gone to sleep mode and disconnect from Wi-Fi.

 

Below is log after iPhone awake from sleep and attempting to reconnect back to the SSID. The device stuck at sending eap-start, and does not respond with eap-id-resp after AP send eap-id-req.

 

Sep 27 12:31:55  station-up             *  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -    wpa2 aes

Sep 27 12:31:55  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:32:01  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

Sep 27 12:32:01  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:32:06  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

Sep 27 12:32:06  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:32:11  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         2    5

Sep 27 12:32:11  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

Sep 27 12:32:11  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         2    5

Sep 27 12:32:25  station-up             *  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -    wpa2 aes

Sep 27 12:32:25  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:32:29  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

Sep 27 12:32:29  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:32:34  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

Sep 27 12:32:34  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:32:40  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

Sep 27 12:32:40  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         2    5

 

The iAP is running on 6.5.2.0 with OKC, 802.11r/k/v all disabled.

 

Appreciate if someone could help advise on this.

 

Many thanks!

Occasional Contributor I

Re: 802.1x failed after device wake up from sleep

Just to update on this, in case it might help someone facing the same issue. Apparently IAP firmware supports username string length up to 63 characters.Newer Instant firmware could extend the username length support for more than 63 characters.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: