Wireless Access

Reply
Contributor I

Clients disconnecting - odd syslog messages

Hey everyone,


We're looking into an issue we've seen recently with clients attempting to connect to an SSID and either failing or succeeding but not being able to get out anywhere.  I've seen it on apple iPods and iTouchs and a nexus tablet.

 

We're running 6.3.  Over a span of 2 seconds I saw a client auth successfully to 5 different acess points but the moment i see the auth request, auth success, assoc request syslog message i then see this: 

 


Aug 13 07:56:01 <controller hostname> stm[744]: <501153> <NOTI> |AP <ap-name>@<ap-ip> stm|  STA ac:22:0b:46:8c:0a: required MFP but SSID d8:c7:c8:94:b8:41 not capable; ignoring

 

A few min later of the client experiencing this I also notice a lot of these messages:

 

Aug 13 07:57:04 <controller hostname> stm[2266]: <501044> <NOTI> <<controller-name> <controller-IP>>  Station ac:22:0b:46:8c:0a: No authentication found trying to de-authenticate to BSSID d8:c7:c8:94:b8:49 on AP <ap-name>

 

Any of these two have anything to do with what we're seeing?

 

The one major change we made in the past week or so has been the "enforce DHCP" feature in the AAA profile.

 

Thanks!

Guru Elite

Re: Clients disconnecting - odd syslog messages

Turn off Enforce DHCP and see if things work.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: Clients disconnecting - odd syslog messages

My problem is because I can't replicate the issue on demand I wouldn't be able to tell if disabling 'enforce dhcp' actually did anything.  If I disabled that feature and complaints stopped it could simply be a coincidence.... not sure if I'm explaining correctly.

 

 

Occasional Contributor II

Re: Clients disconnecting - odd syslog messages

We’re also seeing that first syslog (but not the second) with a Nexus 7.  We are running 6.3, but do not have Enforce DHCP enabled.

 

Nov 12 11:10:34  stm[731]: <501153> <NOTI> |AP PS2-AP02@10.211.203.165 stm|  STA ac:22:0b:46:e3:44: required MFP but SSID d8:c7:c8:99:c9:a5 not capable; ignoring.

 

I did some research and MFP (Management Frame Protection) is part of 802.11w which I don't believe Aruba currently supports.  This is a common issue with Win8, which is fixed by downgrading the wireless driver.  I have yet to find a workaround for mobile devices.

 

DSP
Contributor II

Re: Clients disconnecting - odd syslog messages

 

I am having a simmilar problem :

 

Deauth Reason

-------------

Reason                             Timestamp

------                             ---------

Denied; Ageout / MFP-Try Later     Oct 29 15:32:40

Denied; Ageout / MFP-Try Later     Oct 29 15:32:30

STA has roamed to another AP       Oct 29 15:32:21

STA has roamed to another AP       Oct 29 14:27:02

STA has roamed to another AP       Oct 29 14:22:18

Prior authentication is not valid  Oct 29 14:15:20

 

What does Denied; Ageout / MFP-Try Later  alert mean ? 

 

Running  AOS  6.3.1.15. 

 

 

Guru Elite

Re: Clients disconnecting - odd syslog messages

It looks like you have Management Frame Protection enabled - http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/wlan_ssid_profile.htm

 

Please disable any MFP knobs in the SSID profile and try again.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: