Wireless Access

last person joined: 19 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Intermittent iPad EAP-TLS Failure

This thread has been viewed 0 times

  • 1.  Intermittent iPad EAP-TLS Failure

    Posted Jul 04, 2012 06:53 AM

    Hi All,

     

    I've got a customer with an intermittent issue where iPds cannot connect to their EAP-TLS SSID. It's a aruba controller / amigopod MDAC setup. The controller and amigopod are on the latest version of code.

    The ipads that I was testing on were approximately 5 metres away from an AP125 which was transmitting at an acceptible level.

     

    Here's what the auth-tracebuf shows when it fails.

     

    Jul  4 09:54:07  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:6d:c0                   1     -     
Jul  4 09:54:08  eap-term-start        ->  64:20:0c:30:85:ac  00:1a:1e:76:6d:c0/dot1x_prof-ora28  -     -     
Jul  4 09:54:08  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:6d:c0                   1     -     
Jul  4 09:54:12  eap-term-start        ->  64:20:0c:30:85:ac  00:1a:1e:76:6d:c0/dot1x_prof-ora28  -     -     
Jul  4 09:54:12  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:6d:c0                   1     -     
Jul  4 09:54:19  station-down           *  64:20:0c:30:85:ac  00:1a:1e:76:6d:c0                   -     -     
Jul  4 09:54:19  station-up             *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     wpa2 aes
Jul  4 09:54:19  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   1     -     
Jul  4 09:54:19  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  1400  2062  
Jul  4 09:54:19  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  2062  2062  
Jul  4 09:54:25  station-term-end       *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  7616  -     failure
Jul  4 09:54:25  station-down           *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     
Jul  4 10:04:27  station-up             *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     wpa2 aes
Jul  4 10:04:27  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   1     -     
Jul  4 10:04:27  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  1400  2062  
Jul  4 10:04:27  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  2062  2062  
Jul  4 10:04:32  station-term-end       *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  7616  -     failure
Jul  4 10:04:32  station-down           *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     
Jul  4 10:04:37  station-up             *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     wpa2 aes
Jul  4 10:04:37  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   1     -     
Jul  4 10:04:37  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  1400  2062  
Jul  4 10:04:37  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  2062  2062  
Jul  4 10:04:42  station-term-end       *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  7616  -     failure
Jul  4 10:04:42  station-down           *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     
Jul  4 10:04:47  station-up             *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     wpa2 aes
Jul  4 10:04:47  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   1     -     
Jul  4 10:04:47  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  1400  2062  
Jul  4 10:04:47  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  2062  2062  
Jul  4 10:04:52  station-term-end       *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  7616  -     failure
Jul  4 10:04:52  station-down           *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -

     and here it is 15 minutes later when it's sucessful (no changes we made to client/controller/AP/amigopod other that looking at it and I'm positive quantum mechanics isn't playing a part!)

     

    Jul  4 10:20:48  station-down           *  64:20:0c:30:85:ac  00:1a:1e:76:60:00                   -     -     
Jul  4 10:21:39  station-up             *  64:20:0c:30:85:ac  00:1a:1e:76:60:00                   -     -     wpa2 aes
Jul  4 10:21:39  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:60:00                   1     -     
Jul  4 10:21:39  eap-term-start        ->  64:20:0c:30:85:ac  00:1a:1e:76:60:00/dot1x_prof-ora28  -     -     
Jul  4 10:21:39  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:60:00                   1     -     
Jul  4 10:21:44  eap-term-start        ->  64:20:0c:30:85:ac  00:1a:1e:76:60:00/dot1x_prof-ora28  -     -     
Jul  4 10:21:44  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:60:00                   1     -     
Jul  4 10:21:49  eap-term-start        ->  64:20:0c:30:85:ac  00:1a:1e:76:60:00/dot1x_prof-ora28  -     -     
Jul  4 10:21:49  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:60:00                   1     -     
Jul  4 10:21:54  station-down           *  64:20:0c:30:85:ac  00:1a:1e:76:60:00                   -     -     
Jul  4 10:21:54  station-up             *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     wpa2 aes
Jul  4 10:21:54  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   1     -     
Jul  4 10:21:54  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  1400  2062  
Jul  4 10:21:54  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  2062  2062  
Jul  4 10:21:54  client-finish         ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  -     -     
Jul  4 10:21:54  server-finish         <-  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  -     -     
Jul  4 10:21:54  server-finish-ack     ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  -     -     
Jul  4 10:21:54  user-validate-req     ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  -     -     user.name
Jul  4 10:21:54  user-validate-success <-  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/Amigopod          -     -     user.name
Jul  4 10:21:54  eap-success           <-  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  -     -     
Jul  4 10:21:54  station-data-ready     *  64:20:0c:30:85:ac  00:00:00:00:00:00                   1     -     
Jul  4 10:21:54  wpa2-key1             <-  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     117   
Jul  4 10:21:54  wpa2-key2             ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     117   
Jul  4 10:21:54  wpa2-key3             <-  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     151   
Jul  4 10:21:54  wpa2-key4             ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     95

     There are no issues with the time one the controller or amigopod. The OCSP URL is correct and accessible from the controller.

     

    The SNR sometimes drops below 30 on the iPads I was testing on, would this affect things in this way?

     

    Cheers

    James



  • 2.  RE: Intermittent iPad EAP-TLS Failure

    Posted Jul 04, 2012 02:29 PM

    Hi,

     

    Maybe one of the device in the chain and/or the client device is out of sync with NTP.

    It might also be related with the timezone settings.

    This is just a suggestion...

     



  • 3.  RE: Intermittent iPad EAP-TLS Failure

    Posted Jul 06, 2012 06:12 AM

    I mentioned that the controller and amigopod time are in sync. I'll check the client though.

     

    Thanks.