Wireless Access

Reply
MVP
Posts: 978
Registered: ‎04-13-2009

Intermittent iPad EAP-TLS Failure

Hi All,

 

I've got a customer with an intermittent issue where iPds cannot connect to their EAP-TLS SSID. It's a aruba controller / amigopod MDAC setup. The controller and amigopod are on the latest version of code.

The ipads that I was testing on were approximately 5 metres away from an AP125 which was transmitting at an acceptible level.

 

Here's what the auth-tracebuf shows when it fails.

 

Jul  4 09:54:07  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:6d:c0                   1     -     
Jul  4 09:54:08  eap-term-start        ->  64:20:0c:30:85:ac  00:1a:1e:76:6d:c0/dot1x_prof-ora28  -     -     
Jul  4 09:54:08  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:6d:c0                   1     -     
Jul  4 09:54:12  eap-term-start        ->  64:20:0c:30:85:ac  00:1a:1e:76:6d:c0/dot1x_prof-ora28  -     -     
Jul  4 09:54:12  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:6d:c0                   1     -     
Jul  4 09:54:19  station-down           *  64:20:0c:30:85:ac  00:1a:1e:76:6d:c0                   -     -     
Jul  4 09:54:19  station-up             *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     wpa2 aes
Jul  4 09:54:19  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   1     -     
Jul  4 09:54:19  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  1400  2062  
Jul  4 09:54:19  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  2062  2062  
Jul  4 09:54:25  station-term-end       *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  7616  -     failure
Jul  4 09:54:25  station-down           *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     
Jul  4 10:04:27  station-up             *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     wpa2 aes
Jul  4 10:04:27  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   1     -     
Jul  4 10:04:27  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  1400  2062  
Jul  4 10:04:27  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  2062  2062  
Jul  4 10:04:32  station-term-end       *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  7616  -     failure
Jul  4 10:04:32  station-down           *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     
Jul  4 10:04:37  station-up             *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     wpa2 aes
Jul  4 10:04:37  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   1     -     
Jul  4 10:04:37  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  1400  2062  
Jul  4 10:04:37  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  2062  2062  
Jul  4 10:04:42  station-term-end       *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  7616  -     failure
Jul  4 10:04:42  station-down           *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     
Jul  4 10:04:47  station-up             *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     wpa2 aes
Jul  4 10:04:47  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   1     -     
Jul  4 10:04:47  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  1400  2062  
Jul  4 10:04:47  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  2062  2062  
Jul  4 10:04:52  station-term-end       *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  7616  -     failure
Jul  4 10:04:52  station-down           *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     

 and here it is 15 minutes later when it's sucessful (no changes we made to client/controller/AP/amigopod other that looking at it and I'm positive quantum mechanics isn't playing a part!)

 

Jul  4 10:20:48  station-down           *  64:20:0c:30:85:ac  00:1a:1e:76:60:00                   -     -     
Jul  4 10:21:39  station-up             *  64:20:0c:30:85:ac  00:1a:1e:76:60:00                   -     -     wpa2 aes
Jul  4 10:21:39  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:60:00                   1     -     
Jul  4 10:21:39  eap-term-start        ->  64:20:0c:30:85:ac  00:1a:1e:76:60:00/dot1x_prof-ora28  -     -     
Jul  4 10:21:39  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:60:00                   1     -     
Jul  4 10:21:44  eap-term-start        ->  64:20:0c:30:85:ac  00:1a:1e:76:60:00/dot1x_prof-ora28  -     -     
Jul  4 10:21:44  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:60:00                   1     -     
Jul  4 10:21:49  eap-term-start        ->  64:20:0c:30:85:ac  00:1a:1e:76:60:00/dot1x_prof-ora28  -     -     
Jul  4 10:21:49  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:60:00                   1     -     
Jul  4 10:21:54  station-down           *  64:20:0c:30:85:ac  00:1a:1e:76:60:00                   -     -     
Jul  4 10:21:54  station-up             *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     -     wpa2 aes
Jul  4 10:21:54  station-term-start     *  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   1     -     
Jul  4 10:21:54  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  1400  2062  
Jul  4 10:21:54  client-cert           ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  2062  2062  
Jul  4 10:21:54  client-finish         ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  -     -     
Jul  4 10:21:54  server-finish         <-  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  -     -     
Jul  4 10:21:54  server-finish-ack     ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  -     -     
Jul  4 10:21:54  user-validate-req     ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  -     -     user.name
Jul  4 10:21:54  user-validate-success <-  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/Amigopod          -     -     user.name
Jul  4 10:21:54  eap-success           <-  64:20:0c:30:85:ac  00:1a:1e:76:70:b0/dot1x_prof-ora28  -     -     
Jul  4 10:21:54  station-data-ready     *  64:20:0c:30:85:ac  00:00:00:00:00:00                   1     -     
Jul  4 10:21:54  wpa2-key1             <-  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     117   
Jul  4 10:21:54  wpa2-key2             ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     117   
Jul  4 10:21:54  wpa2-key3             <-  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     151   
Jul  4 10:21:54  wpa2-key4             ->  64:20:0c:30:85:ac  00:1a:1e:76:70:b0                   -     95    

 There are no issues with the time one the controller or amigopod. The OCSP URL is correct and accessible from the controller.

 

The SNR sometimes drops below 30 on the iPads I was testing on, would this affect things in this way?

 

Cheers

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Aruba Employee
Posts: 20
Registered: ‎01-23-2012

Re: Intermittent iPad EAP-TLS Failure

Hi,

 

Maybe one of the device in the chain and/or the client device is out of sync with NTP.

It might also be related with the timezone settings.

This is just a suggestion...

 

Paul Gallant. Eng.
CWNA, CWSP
MVP
Posts: 978
Registered: ‎04-13-2009

Re: Intermittent iPad EAP-TLS Failure

I mentioned that the controller and amigopod time are in sync. I'll check the client though.

 

Thanks.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Search Airheads
Showing results for 
Search instead for 
Did you mean: