Wireless Access

Reply
Occasional Contributor I
Posts: 9
Registered: ‎10-07-2013

Dropped clients on 802.1x with Opportunistic Key Caching

We have 802.1x authentication enabled with Oppurtunistic Key Caching turned on.  We are experiencing issues with devices being dropped from the secure network.  All APs are on the same controller and in the same AP group.  The client vlan and client IPs are not changing.  Does anyone have any suggestions?

Aruba
Posts: 760
Registered: ‎05-31-2007

Re: Dropped clients on 802.1x with Opportunistic Key Caching

Any commonalities/trends in terms of devices that you can see?

 

e.g.  same make, same model, same OS, same supplicant etc..  or is it appearing 'randomly'

 

JF

Regular Contributor I
Posts: 173
Registered: ‎10-22-2010

Re: Dropped clients on 802.1x with Opportunistic Key Caching

debug a client mac-address and check where it fails. 

(config)#logging level debugging user

(config)#logging level debugging user-debug <device mac-address>

 

Check the output of 

show log user |  include <mac-addr of client>

show log user-debug | include <mac-addr of client>

show auth-tracebuf mac <mac-address of client being debugged>

 

what are the type of clients? 

Do the client move, while getting dropped?

Code version on the controller?

Does the client able to get back its connectivity after getting dropped? 

 

 

MVP
Posts: 1,418
Registered: ‎10-25-2011

Re: Dropped clients on 802.1x with Opportunistic Key Caching

Without knowing anything about your setup.

If most are Apple IOS users, OKC will be a nightmare for you. I had a similar problem which was resolved by 

Disabling OKC and enabling Validate PMKID instead. (AAA profile - advanced)

Enabling station handoff assist as well as putting a local probe threshold to a value which made sense. 

 

Again, this all depends on the client environment 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Aruba
Posts: 760
Registered: ‎05-31-2007

Re: Dropped clients on 802.1x with Opportunistic Key Caching

Key is definately understanding the client population and proportion that have the issue vs. the 'herd'.  Then slicing into the details as to what is common with that segment of the populace.  Lather rinse repeat .


JF

Contributor I
Posts: 56
Registered: ‎08-28-2008

Re: Dropped clients on 802.1x with Opportunistic Key Caching

Hi, 

 

I have the same issue running code before 6.1.3.7. After update to this path, the issues has gone. Now I'm on 6.1.3.10 and has no issue anymore.

 

How version you are?

 

 

Regards,

Paulo Raponi

Search Airheads
Showing results for 
Search instead for 
Did you mean: