Wireless Access

We have 802.1x authentication enabled with Oppurtunistic Key Caching turned on.  We are experiencing issues with devices being dropped from the secure network.  All APs are on the same controller and in the same AP group.  The client vlan and client IPs are not changing.  Does anyone have any suggestions?

Any commonalities/trends in terms of devices that you can see?

e.g.  same make, same model, same OS, same supplicant etc..  or is it appearing 'randomly'

JF

debug a client mac-address and check where it fails. 

(config)#logging level debugging user

(config)#logging level debugging user-debug <device mac-address>

Check the output of 

show log user |  include <mac-addr of client>

show log user-debug | include <mac-addr of client>

show auth-tracebuf mac <mac-address of client being debugged>

what are the type of clients? 

Do the client move, while getting dropped?

Code version on the controller?

Does the client able to get back its connectivity after getting dropped? 

Without knowing anything about your setup.

If most are Apple IOS users, OKC will be a nightmare for you. I had a similar problem which was resolved by 

Disabling OKC and enabling Validate PMKID instead. (AAA profile - advanced)

Enabling station handoff assist as well as putting a local probe threshold to a value which made sense. 

Again, this all depends on the client environment 

Key is definately understanding the client population and proportion that have the issue vs. the 'herd'.  Then slicing into the details as to what is common with that segment of the populace.  Lather rinse repeat .

JF

Hi, 

I have the same issue running code before 6.1.3.7. After update to this path, the issues has gone. Now I'm on 6.1.3.10 and has no issue anymore.

How version you are?

Regards,

Paulo Raponi