Wireless Access

Hospital environment, 7200 controllers w/ AP-225's running 6.4.2.15. We're experiencing a problem with 802.1x client devices (mostly iPads and iPhones but have seen the issue on Android devices also...laptops don't seem to experience the problem) where the Citrix session drops / re-connects each time the device roams. Issue does not occur on the WPA2-PSK network, all other configs being equal.  Enabling 11r seemed to help, but problem is still substantial. Radius platfom is NPS but we see the same issue against the Cisco ACS platform that we're sundowning. Client debug and auth-tracebuf are attached.  Any thoughts or ideas before I engage TAC?

Attachment(s)

cmd_result_2017_07_05_10_38_48.txt   33 KB 1 version

cmd_result_2017_07_05_10_40_11.txt   1 KB 1 version

You should engage TAC period, because this could be a complicated issue.

You should  start by pinging devices constantly during a roam to see if any pings are dropped during a roam.  It is quite normal for a client to drop a ping or two during a roam, but how long until Citrix Receiver drops out?

I engaged TAC and we discovered that thought it was enabled, 11r wasn't functioning at this particular location. In the process of troubleshooting, the WLC rebooted itself.  The crash log showed that the "cryptoPOST" , "arci-cli-helper " , "fpcli" and "nanny" modules crashed.  TAC is still investigating root cause but here's the strange part:  11r is now working and the apple clients are roaming without issue.

So we inadvertantly solved one issue and discovered another.  It may be due to the fact that the WLC uptime was approaching 2 years.