Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
Contributor I
Posts: 36
Registered: ‎10-27-2007
Surface 2 RT/Pro + Pre-N AP + 802.1x + WMM = Fail

 

We've been getting reports from Surface 2 RT and Pro users on campus reporting that our SSID with EAP-PEAP authentication hasn't been working for them.  They successfully complete EAP authentication, get assigned to the correct VLAN, and the Surface 2 seems to stop sending packets.  This often results in the device self assigning itself an autogenerated IP.  The users report the captive portal network on the same AP hardware works perfectly fine.

 

I bought a Surface 2 RT tablet and spent the day confirming the following:

 

Pre-N AP (61 and 65) if SSID is captive portal/open system and WMM is ENABLED: Surface 2 is fine

Pre-N AP (61 and 65) if SSID is WPA2/EAP and WMM is disabled: Surface 2 is fine

Pre-N AP (61 and 65) if SSID is WPA2/EAP and WMM is ENABLED: Surface 2 is BORKED

N AP (105) if SSID is WPA2/EAP and WMM is ENABLED: Surface 2 is fine

 

The Surface 2 line falls flat on it's face if ALL of the following is true:

 

- Client is connected to an AP 61 or 65 (either a or b/g)

- SSID is WPA2 authenicated

- WMM is enabled

 

Disabling WMM for the WPA2 SSID restores connectivity to the Surface 2 tablet.  No other toggle I've found in the SSID profile has made a difference so far.  The Surface 1 Pro I have on hand doesn't exhibit this issue and the complaints seem to all be Surface 2 Pro and RT devices.

 

We're running 6.3.1.2 on our controllers and the Surface 2 RT device I'm testing with exhibits the behavior out of the box and also after every possible update offered in PC Settings is installed.

 

From my understanding disabling WMM causes problems for Apple devices which far far outnumber Surface devices so that's a non-option even as a temporary workaround.

 

Has anyone else seen this?

 

 

Guru Elite
Posts: 21,576
Registered: ‎03-29-2007
Re: Surface 2 RT/Pro + Pre-N AP + 802.1x + WMM = Fail

blocke,

 

WMM is a part of the 802.11n spec and is enabled in the background even if the box is not checked in the SSID profile for access points that have an HT (802.11n) phy.  The Surface Pro could have problems with WMM enabled on non-802.11n SSIDs probably because Microsoft has not tested it much with non-802.11n access points.  The only devices that would expect to have WMM enabled on a non-802.11n SSID would be voice handsets.

 

If you have a mix of 802.11n and non-802.11n access points, DON'T enable WMM, and you can sidestep your issue.  Your Apple devices should be fine with this arrangement.

 

That is my best guess about what is happening here.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 21,576
Registered: ‎03-29-2007
Re: Surface 2 RT/Pro + Pre-N AP + 802.1x + WMM = Fail

Blocke,

 

We are interested in your issue.  Can you please open an automated case at support.arubanetworks.com and upload your logs.tar?  Message me the case# when you do so that we can examine your logs.tar

 

In addition:

 

What type of controller are you using with the 6.3.1.2 code?

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 36
Registered: ‎10-27-2007
Re: Surface 2 RT/Pro + Pre-N AP + 802.1x + WMM = Fail
[ Edited ]

Case created and private message sent.

 

We're using a pair of 3600 as dedicated masters and a pair of 7220s to handle the APs.

 

I'm going to take your advise and disable explicit WMM for pre-N stuff and hope nothing else breaks.

 

Thanks.

 

Guru Elite
Posts: 21,576
Registered: ‎03-29-2007
Re: Surface 2 RT/Pro + Pre-N AP + 802.1x + WMM = Fail

blocke,

 

Thank you.  Let us know if the workaround works.  If not, Engineering believes you are running into Bug#93874 and if you upgrade to 6.3.1.3 (or 4) it is patched in those versions:

 

Bug 93874 Symptom: With Multiple TID Traffic to Temptrak device with AES Encryption, the device drops packets from AP.
Scenario: This issue was observed on ArubaOS 6.3.1.1 and is specific to 7200 Series controllers. This issue occurred, because the 7200 Series controller was using multiple replay counters, which the device did not support. 

 

Please let us know if the workaround works.  If not, please let us know if and when you would consider an upgrade.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 36
Registered: ‎10-27-2007
Re: Surface 2 RT/Pro + Pre-N AP + 802.1x + WMM = Fail

 

Turning off WMM seems to fix the issue for my test device.

 

We're going to move to 6.3.1.4 early tomorrow morning, turn WMM back on, and see if the issue still occurs.

 

Thanks.

 

Contributor I
Posts: 36
Registered: ‎10-27-2007
Re: Surface 2 RT/Pro + Pre-N AP + 802.1x + WMM = Fail
[ Edited ]

 

Upgraded to 6.1.3.4 early this morning and turned pre-N WMM back on for all SSIDs.

 

My test Surface 2 RT device appears to be functioning fine on our EAP SSID and a faculty member chimmed in that his Surface 2 RT was also working this morning.

 

So hopefully this fixes it.

 

Thanks!

 

Guru Elite
Posts: 21,576
Registered: ‎03-29-2007
Re: Surface 2 RT/Pro + Pre-N AP + 802.1x + WMM = Fail

blocke,

 

Thank you.

 

Please let us know if you see anything different.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 502
Registered: ‎04-03-2007
Re: Surface 2 RT/Pro + Pre-N AP + 802.1x + WMM = Fail
I haven't heard of the apple and wmm disabled issues. Can you elaborate?



Ryan Holland
Senior Network Engineer
The Ohio State University
Office of the Chief Information Officer
KRC - Building E, 1121 Kinnear Rd., Columbus, OH 43212
614-292-9906 Office
holland.112@osu.edu ocio.osu.edu

(sent while mobile)
==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Guru Elite
Posts: 21,576
Registered: ‎03-29-2007
Re: Surface 2 RT/Pro + Pre-N AP + 802.1x + WMM = Fail

Ryan,

 

There was only a problem with Surface Tablets with WMM enabled in the SSID profile on non-802.11n access points.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: