Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Clients disconnecting - odd syslog messages

This thread has been viewed 6 times

  • 1.  Clients disconnecting - odd syslog messages

    Posted Aug 14, 2013 10:56 AM

    Hey everyone,


    We're looking into an issue we've seen recently with clients attempting to connect to an SSID and either failing or succeeding but not being able to get out anywhere.  I've seen it on apple iPods and iTouchs and a nexus tablet.

     

    We're running 6.3.  Over a span of 2 seconds I saw a client auth successfully to 5 different acess points but the moment i see the auth request, auth success, assoc request syslog message i then see this: 

     


    Aug 13 07:56:01 <controller hostname> stm[744]: <501153> <NOTI> |AP <ap-name>@<ap-ip> stm|  STA ac:22:0b:46:8c:0a: required MFP but SSID d8:c7:c8:94:b8:41 not capable; ignoring

     

    A few min later of the client experiencing this I also notice a lot of these messages:

     

    Aug 13 07:57:04 <controller hostname> stm[2266]: <501044> <NOTI> <<controller-name> <controller-IP>>  Station ac:22:0b:46:8c:0a: No authentication found trying to de-authenticate to BSSID d8:c7:c8:94:b8:49 on AP <ap-name>

     

    Any of these two have anything to do with what we're seeing?

     

    The one major change we made in the past week or so has been the "enforce DHCP" feature in the AAA profile.

     

    Thanks!



  • 2.  RE: Clients disconnecting - odd syslog messages

    EMPLOYEE
    Posted Aug 14, 2013 11:03 AM

    Turn off Enforce DHCP and see if things work.



  • 3.  RE: Clients disconnecting - odd syslog messages

    Posted Aug 15, 2013 05:05 PM

    My problem is because I can't replicate the issue on demand I wouldn't be able to tell if disabling 'enforce dhcp' actually did anything.  If I disabled that feature and complaints stopped it could simply be a coincidence.... not sure if I'm explaining correctly.

     

     



  • 4.  RE: Clients disconnecting - odd syslog messages

    Posted Nov 12, 2013 02:42 PM

    We’re also seeing that first syslog (but not the second) with a Nexus 7.  We are running 6.3, but do not have Enforce DHCP enabled.

     

    Nov 12 11:10:34  stm[731]: <501153> <NOTI> |AP PS2-AP02@10.211.203.165 stm|  STA ac:22:0b:46:e3:44: required MFP but SSID d8:c7:c8:99:c9:a5 not capable; ignoring.

     

    I did some research and MFP (Management Frame Protection) is part of 802.11w which I don't believe Aruba currently supports.  This is a common issue with Win8, which is fixed by downgrading the wireless driver.  I have yet to find a workaround for mobile devices.

     



  • 5.  RE: Clients disconnecting - odd syslog messages

    Posted Oct 29, 2015 05:38 PM

     

    I am having a simmilar problem :

     

    Deauth Reason

    -------------

    Reason                             Timestamp

    ------                             ---------

    Denied; Ageout / MFP-Try Later     Oct 29 15:32:40

    Denied; Ageout / MFP-Try Later     Oct 29 15:32:30

    STA has roamed to another AP       Oct 29 15:32:21

    STA has roamed to another AP       Oct 29 14:27:02

    STA has roamed to another AP       Oct 29 14:22:18

    Prior authentication is not valid  Oct 29 14:15:20

     

    What does Denied; Ageout / MFP-Try Later  alert mean ? 

     

    Running  AOS  6.3.1.15. 

     

     



  • 6.  RE: Clients disconnecting - odd syslog messages

    EMPLOYEE
    Posted Oct 29, 2015 08:54 PM

    It looks like you have Management Frame Protection enabled - http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/wlan_ssid_profile.htm

     

    Please disable any MFP knobs in the SSID profile and try again.