I am fairly new to adminstrating an Aruba network.
We have an 'Aruba Mobility Controller' and 8 AP-105s serving a small school. At random times throughout the day, teachers will look like their connecting (Windows laptops), but they either get a 169.254.x.x IP address with a 255.255.0.0 Gateway and it doesn't work, or the whole thing gets hung up at the "authenticating" part of the user's wifi conencting process.
Here is a section of our log:
May 29 08:52:24 | sapd[186]: <404003> <WARN> |AP Room 11@168.212.110.160 sapd| AM d8:c7:c8:9c:b9:b0: Interfering AP detected with SSID linksys_SES_55051 and BSSID 00:14:bf:0f:96:0e |
May 29 08:52:25 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10 |
May 29 08:52:31 | sapd[186]: <404003> <WARN> |AP Room 5@168.212.110.166 sapd| AM d8:c7:c8:9c:b9:40: Interfering AP detected with SSID myqwest3814 and BSSID 20:76:00:0a:78:38 |
May 29 08:52:31 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10 |
May 29 08:52:36 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:b9:b0 Room 11 |
May 29 08:52:40 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10 |
May 29 08:52:50 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:b9:b0 Room 11 |
May 29 08:52:54 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10 |
May 29 08:52:57 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:b9:b0 Room 11 |
May 29 08:52:58 | sapd[186]: <404003> <WARN> |AP Room 5@168.212.110.166 sapd| AM d8:c7:c8:9c:b9:40: Interfering AP detected with SSID myqwest3814 and BSSID 20:76:00:0a:78:38 |
May 29 08:52:59 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:b9:b0 Room 11 |
May 29 08:53:01 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10 |
May 29 08:53:04 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:b9:b0 Room 11 |
May 29 08:53:08 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10 |
May 29 08:53:10 | sapd[186]: <404003> <WARN> |AP Room 11@168.212.110.160 sapd| AM d8:c7:c8:9c:b9:b0: Interfering AP detected with SSID and BSSID 20:76:00:0a:78:38 |
May 29 08:53:11 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10 |
May 29 08:53:11 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:b9:b0 Room 11 |
May 29 08:53:18 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10 |
May 29 08:53:22 | sapd[186]: <404003> <WARN> |AP Room 5@168.212.110.166 sapd| AM d8:c7:c8:9c:b9:40: Interfering AP detected with SSID myqwest3814 and BSSID 20:76:00:0a:78:38 |
May 29 08:53:23 | authmgr[1468]: <132094> <WARN> |authmgr| MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10 |
There are about 4 neighboring WIFI points, as you can see the 'myquest3814' on that list for example. When I Disabled these APs, all of the errors stop except for the 'MIC failed' errors. However, I understand that disabling APs does some kind of DDoS attack--and I do not want to kill these people's internet access.
I guess my question is: would disabling these APs fix our intermittent connectivity issues? And if I do so, am I killing these people's internet access? Is marking them as 'Rogue' or 'Known Conflicting' good enough?
I know there's probably more info that you guys will need to help me, and I'll do my best to provide it. I am still learning this system, and trying to figure out where the last guy left off with everything.
Also, if it helps, this issue randomly started happening a couple weeks ago. It was all working fine for almost a year straight.
I appreciate the help.
Thanks,
Cody