03-12-2013 10:18 AM
Not sure what could be going on - I have several people that are complaining that the network is slow, takes too long to connect to the wireless AP, weak signal strength and dropped connections (wow - that's a lot!)
I'm not seeing it on my PC - but we have a mixed network of Mac/PC/Linux systems.
I have 27 APs at 13 different locations world wide.
My PC essid is using machine/user authentication
My Mac/Linux essid is using Mac address (local db) and user authentication
The change made most recently was to add split tunneling to the Mac/Linux essid to better improve the experience from remote sites - that seems to be working well at the Austin site (call it all Macs)
The problem is occurring at the controller site so those APS are not included in the split tunneling change.
I have tested with a Mac and the connection does seem a bit longer than expected (15-45 seconds to get a good wireless connection) I have turned up debug on one of the clients that is complaining the most to see if I see anything in the logs.
Not sure if it's the settings in the dot1x-profile that is the issue so I thought I would throw it out to you folks and see if there is something I am missing.
I honestly don't know if the issue has been going on for longer than 2 weeks - the developers here pretty much don't say a word about issues unless you beat it out them. :)
Solved! Go to Solution.
03-12-2013 05:50 PM
So the issue is just witht the macs? or you do see this on linux and also on windows?
So if you take one Windows and one linux and one mac and put it in the same place, the only one that will not work properly is the mac?
Is that your situation?
Product Manager - Aruba Networks
03-12-2013 09:40 PM - edited 03-12-2013 09:54 PM
Thats weird and it should not happen i think but now i have never configured mac authentication, just for one client that specifically asked for it even if i told him that we dont recommend it and Aruba dont recommend it. And it was for windows clients.
It would be possible if you can configure EAP PEAP on one of the mac clients and use for example your user and password? to see how it works? to see if it improve?
I saw you using mac address authentication... i would not recommend that... and actually aruba recommends agains the use of it... Textually from an aruba documentation
"MAC addresses are easily observed during transmission and easily changed on the client, this form of authentication should be considered nothing more than a minor hurdle. Aruba recommends against the use of MAC-based authentication."
Try that please
If it work properly and dont give you issue i would move all to EAP PEAP and stop using mac address authentication. You will be able to put all the clients in one SSID, and have less managment traffic so more througput for your wireless network.
Product Manager - Aruba Networks
03-13-2013 08:42 AM
We are already connected to that essid as PEAP - We have to use the mac authentication as part one of the 2 part check - we also then use a Radius server to check the LDAP user name and pass thru to allow full network access.
04-08-2013 03:00 PM
As a follow up to this, I think I may have found the problem and it's not one that I would expect many to have. We have a Catalyst 4507 switch and one of the blades finally failed. My best guess is that it had been having issues for some time and was causing issues with the network but very difficult to determine that was the cause. Since replacing the blade, verifying and reconfiguring all the switches things have been more stable.
So thank you for the assistance.
04-16-2013 08:28 AM
Not sure if you are still experiencing this issue.
Do you only experience this when using an ssid on 802.1x and Macs , have noticed if the client is roaming between APs when this happens ?
Recently we experienced some issues Macs and Aruba suggested we enabled the validate pkmid under the 802.1x layer 2 authentication profile .
Hopes this helps
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA