Controllerless Networks

Reply
New Contributor

802.1x failed after device wake up from sleep

Hi Everyone,

 

We are observing an issue on Aruba Instant deployment with a WPA2-Enterprise SSID (using EAP-SIM). The device is iPhone with configuration profile pre-installed.

 

When the device first associate with the network, the authentication process went through smoothly.

However, after the iPhone went to sleep mode (iOS normally will disconnect from Wi-Fi), user wakes the phone up to use, due to Auto-Join is on from the profile, the phone will attempt to connect back to the SSID, and never succeed.

 

Managed to capture "show ap debug auth-trace-buf" log pertaining to the device:

 

Sep 27 12:28:56  station-up             *  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -    wpa2 aes

Sep 27 12:28:56  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:29:58  station-up             *  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -    wpa2 aes

Sep 27 12:29:58  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:29:58  eap-id-resp           ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    56   <imsi>@wlan.mnc003.mcc

Sep 27 12:29:58  rad-req               ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         87   299

Sep 27 12:29:58  rad-resp              <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  87   -

Sep 27 12:29:58  eap-req               <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         76   20

Sep 27 12:29:58  eap-resp              ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         76   88

Sep 27 12:29:58  rad-req               ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  66   351

Sep 27 12:29:59  rad-resp              <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  66   -

Sep 27 12:29:59  eap-req               <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         188  200

Sep 27 12:29:59  eap-resp              ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         188  28

Sep 27 12:29:59  rad-req               ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  85   291

Sep 27 12:30:00  rad-accept            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx/Radius  85   -

Sep 27 12:30:00  eap-success           <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         248  4

Sep 27 12:30:00  wpa2-key1             <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    117

Sep 27 12:30:00  wpa2-key2             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    117

Sep 27 12:30:00  wpa2-key3             <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    175

Sep 27 12:30:00  wpa2-key4             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    95

Sep 27 12:30:00  rad-acct-start        ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

Sep 27 12:30:50  rad-acct-stop         ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

 

At the last entry, the iPhone has already gone to sleep mode and disconnect from Wi-Fi.

 

Below is log after iPhone awake from sleep and attempting to reconnect back to the SSID. The device stuck at sending eap-start, and does not respond with eap-id-resp after AP send eap-id-req.

 

Sep 27 12:31:55  station-up             *  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -    wpa2 aes

Sep 27 12:31:55  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:32:01  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

Sep 27 12:32:01  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:32:06  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

Sep 27 12:32:06  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:32:11  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         2    5

Sep 27 12:32:11  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

Sep 27 12:32:11  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         2    5

Sep 27 12:32:25  station-up             *  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -    wpa2 aes

Sep 27 12:32:25  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:32:29  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

Sep 27 12:32:29  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:32:34  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

Sep 27 12:32:34  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         1    5

Sep 27 12:32:40  eap-start             ->  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         -    -

Sep 27 12:32:40  eap-id-req            <-  b8:53:ac:xx:xx:xx  34:fc:b9:xx:xx:xx         2    5

 

The iAP is running on 6.5.2.0 with OKC, 802.11r/k/v all disabled.

 

Appreciate if someone could help advise on this.

 

Many thanks!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: