Wireless Access

Reply
New Contributor

Intermittent connectivity, interferring neighboring APs, plus weird IP addresses

I am fairly new to adminstrating an Aruba network.

 

We have an 'Aruba Mobility Controller' and 8 AP-105s serving a small school. At random times throughout the day, teachers will look like their connecting (Windows laptops), but they either get a 169.254.x.x IP address with a 255.255.0.0 Gateway and it doesn't work, or the whole thing gets hung up at the "authenticating" part of the user's wifi conencting process.

 

Here is a section of our log:

May 29 08:52:24  sapd[186]: <404003> <WARN> |AP Room 11@168.212.110.160 sapd|  AM d8:c7:c8:9c:b9:b0: Interfering AP detected with SSID linksys_SES_55051 and BSSID 00:14:bf:0f:96:0e
May 29 08:52:25  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10
May 29 08:52:31  sapd[186]: <404003> <WARN> |AP Room 5@168.212.110.166 sapd|  AM d8:c7:c8:9c:b9:40: Interfering AP detected with SSID myqwest3814 and BSSID 20:76:00:0a:78:38
May 29 08:52:31  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10
May 29 08:52:36  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:b9:b0 Room 11
May 29 08:52:40  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10
May 29 08:52:50  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:b9:b0 Room 11
May 29 08:52:54  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10
May 29 08:52:57  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:b9:b0 Room 11
May 29 08:52:58  sapd[186]: <404003> <WARN> |AP Room 5@168.212.110.166 sapd|  AM d8:c7:c8:9c:b9:40: Interfering AP detected with SSID myqwest3814 and BSSID 20:76:00:0a:78:38
May 29 08:52:59  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:b9:b0 Room 11
May 29 08:53:01  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10
May 29 08:53:04  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:b9:b0 Room 11
May 29 08:53:08  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10
May 29 08:53:10  sapd[186]: <404003> <WARN> |AP Room 11@168.212.110.160 sapd|  AM d8:c7:c8:9c:b9:b0: Interfering AP detected with SSID  and BSSID 20:76:00:0a:78:38
May 29 08:53:11  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10
May 29 08:53:11  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:b9:b0 Room 11
May 29 08:53:18  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10
May 29 08:53:22  sapd[186]: <404003> <WARN> |AP Room 5@168.212.110.166 sapd|  AM d8:c7:c8:9c:b9:40: Interfering AP detected with SSID myqwest3814 and BSSID 20:76:00:0a:78:38
May 29 08:53:23  authmgr[1468]: <132094> <WARN> |authmgr|  MIC failed in WPA Key Message 2 from Station 00:24:2b:c0:d2:0b d8:c7:c8:9c:ba:20 Room 10

 

There are about 4 neighboring WIFI points, as you can see the 'myquest3814' on that list for example. When I Disabled these APs, all of the errors stop except for the 'MIC failed' errors. However, I understand that disabling APs does some kind of DDoS attack--and I do not want to kill these people's internet access.

 

I guess my question is: would disabling these APs fix our intermittent connectivity issues? And if I do so, am I killing these people's internet access? Is marking them as 'Rogue' or 'Known Conflicting' good enough?

 

I know there's probably more info that you guys will need to help me, and I'll do my best to provide it. I am still learning this system, and trying to figure out where the last guy left off with everything.

 

Also, if it helps, this issue randomly started happening a couple weeks ago. It was all working fine for almost a year straight.

 

I appreciate the help.

 

Thanks,

Cody

Frequent Contributor I

Re: Intermittent connectivity, interferring neighboring APs, plus weird IP addresses

Off the top of my head...

 

The 169.254 addresses basically mean that DHCP is failing. This could be because of interference, but could be an issue with the DHCP server/service itself. Where are the clients getting addresses from? 

 

Do all cients fail at one time, or can you have a situation where some have valid addresses whist some don't ? Do you have enough addresses available? (can you check capacity?)  Don't forget, if the SSID is open, then devices will connect willy-nilly, so loads of people may be sucking up address space.

 

IF you have at least some clients working you could try doing some speed tests, or even ping tests to see how bad packet loss you were getting. (Even better, use a protocol analyser to look at what's going over the air... but this is quite hardcore!)

 

Finally, check out a progam calld inSSIDer from Metageek. This should be able to give you an idea how strong competing Wi-Fi signals are.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: