Wireless Access

Reply
Regular Contributor I
Posts: 195
Registered: ‎02-10-2014

How to have Macbooks play nice on 802.1x network?

We have a few users that are allowed to have Macs. I am not very familiar with Macs, but I am getting complaints that some days for Mac users they get disconnected multiple times a day, and have to reconnect to the network. (Using wireless)

 

Are there certain Mac specific settings I should set up? Are there any white papers or KB articles that would walk me through that? I didn't turn up much that seemed useful when searching. 

 

 

We have a 7210 Controller (Running 6.4.0.3, we had the issue before upgrading to 6.4) that uses our Clearpass (6.3.1) as Radius authentication and we use AP 105s. 

 

I do not see anything in the logs that indicate an issue on the Network side, but I assume it is a Mac issue playing nice with the network. 

Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: How to have Macbooks play nice on 802.1x network?

Do you have "Validate PMKID" enabled in your 802.1x profile?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 195
Registered: ‎02-10-2014

Re: How to have Macbooks play nice on 802.1x network?

No I do not have that enabled. Does this make a big impact on Mac's connecting to the network? 

 

This didn't scream Apple to me, does this have an impact on the rest of the network as well? We only have maybe 600 clients active on a busy day, so I assume we could handle the added load, but I would hate to see issues come up with other computers because of this. 

 

Here is the description of the setting for anyone who may also be looking to figure this out:

 

Validate PMKID: This parameter instructs the controller to check the pairwise master key (PMK) ID
sent by the client. When you enable this option, the client must send a PMKID in the
associate or reassociate frame to indicate that it supports OKC or PMK caching;
otherwise, full 802.1x authentication takes place.
NOTE: This feature is optional, since most clients that support OKC and PMK
caching do not send the PMKID in their association request.

Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: How to have Macbooks play nice on 802.1x network?

It has an impact on roaming.  Macs do not support OKC.  Validate PMKID allows Macs to work without having to turn off OKC for all other clients.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 195
Registered: ‎02-10-2014

Re: How to have Macbooks play nice on 802.1x network?

Thanks for the help! That did the trick. 

Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: How to have Macbooks play nice on 802.1x network?

ereader22,

 

Awesome.  I wish everything was this simple.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 195
Registered: ‎02-10-2014

Re: How to have Macbooks play nice on 802.1x network?

We would probably all be out of jobs if it was though. :smileywink:

Search Airheads
Showing results for 
Search instead for 
Did you mean: