I'm struggling with an issue with our Acer Chromebooks. I have a TAC case opened but I thought it couldn't hurt to through it out here as well.
Basically, if you put them in sleep mode and bring them out of sleep mode, they will not connect to the wireless properly. If I delete them from the user table, the client will connect. Dropping into sleep mode and trying to reconnect shows the same issue. This problem only seems to happen on one of the VAPs. If I put the client on a second VAP, it works fine each time. The problem VAP(named "chromebook") has some ACLs set up to wall the clients off from the internal network besides some explicitely allowed servers. It also has allow ACLs for DHCP and DNS.
What I'm thinking is happening is that when the user doesn't have a table entry, it will use the default role of "logon" until it's authenticated. That's why I seem to be able to connect at first. Subsequent connections already have a user table entry and use the authenticated role(chromebook) and is therefore then using the ACLs for that role. That role seems to be missing the SVC-ICMP.
So my question is, do I need ICMP to properly broadcast or otherwise connect to a DHCP server or is allowing SVC-DHCP sufficient? The default logon role seems to allow SVC-DHCP, SVC-DNS, SVC-ICMP, and SVC-NATT. The chromebook role only allows the first two in that list and not ICMP or NATT.