Wireless Access

Reply

Client Drops on 802.1X - AP225 but not AP125

Clients are experiencing connectivity drops while using an 802.1X network on AP225's. If they switch to PSK network, they have no issues. They also had no issues when on AP125's, which are in other areas, but they were replaced in the problem area and the issues started. The 802.1X is setup for WPA2-PSK, and the PSK is WPA-TKIP, but that is the same across the board. The 225's and 125's are in different AP groups, but they are mirror copies, even down to the RF profiles (i know that's not good, but I can't change it for now). We had to disable client match for these devices because they were bouncing between APs while stationary, causing issues with latency sensitive applications.

 

I'm struggling to find the issue, as authentications themselves to clearpass are all successful, and the logs in the controller shows successful auths and assoc attempts. Getting correct VLAN, IP, and user-role, and they will be connected for a while then randomly dropped and sometimes have trouble reconnecting, but no failed auths in clearpass logs.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com

Re: Client Drops on 802.1X - AP225 but not AP125

Do you see issues when the devices roam or it also happens while the devices are stationary ?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: Client Drops on 802.1X - AP225 but not AP125

Both, stationary and while roaming, but in our last few tests they were stationary.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite

Re: Client Drops on 802.1X - AP225 but not AP125

TKIP does not allow for 802.11n or 802.11ac speeds. It could be that your 802.11n/ac network is not designed properly. Your power might be too high if devices are bouncing between access points.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Client Drops on 802.1X - AP225 but not AP125

Is there any way to disable the 802.11ac standard on 225? Basically to simulate as if it were a 125.

Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite

Re: Client Drops on 802.1X - AP225 but not AP125

You would have to uncheck VHT from the ARM profile.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Client Drops on 802.1X - AP225 but not AP125

I will give that a try. We are testing AES vs. TKIP encryption, it seems like the devices connect and stay connected better on TKIP, but maybe that still has to due with 802.11ac vs. 802.11a/b/g. Some of these devices are older, but not too old - 1 laptop had a driver from 2013. I"ll update once we do more testing.

Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite

Re: Client Drops on 802.1X - AP225 but not AP125

Uh, I would update the driver first.  If the driver has not been tested with 802.11ac, it probably won't work well with it.  You would then lose the benefit of even deploying 802.11n or 802.11ac access points.  4 years is an eternity in Wireless LAN...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Client Drops on 802.1X - AP225 but not AP125

Ok I will look into that as well, I will see if we can update the driver on a device and test.

Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com

Re: Client Drops on 802.1X - AP225 but not AP125

More details about the issue: The client device doesn't drop connection, but the network is no longer reachable. Cannot even ping the controller and SSID is set to tunnel.

 

So we updated the drivers on all laptops in the area, from 2011-2012 date to a driver from 2017 and unfortunately the network connection issues are still happening. We also enabled mixed mode (WPA2-AES and WPA2-TKIP) on the 802.1X SSID in a small area and reconfigured one of them to have TKIP on the wireless profile. Since that change, that device has not experienced any network issues. Still at a loss for what is causing this issue, but it seems to be something with newer standards, either wireless 802.11 or encryption. Anyone else ever experience this?


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: