Wireless Access

last person joined: 18 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Problems with 6.2.0.2

This thread has been viewed 0 times

  • 1.  Problems with 6.2.0.2

    Posted Feb 19, 2013 04:20 AM

    Our production enviroment consists of 3600 controllers and mainly AP-105s. After the installation of 6.2.0.2 from 6.1.3.3 and  the problem starded:

     

    1) Controllers started to randomly blacklist clients. All blacklist options are disabled and we haven't use client blacklisting in any situtation before. The reason is "IP Spoofing" although I disabled both " Prohibit IP Spoofing" and "Prohibit ARP Spoofing".

     

    I remember that somebody else mentioned this same issue.

     

    2) Problems with Apple Macs. Many users have complained that their macbooks or airs are dropping connections, when using 802.1x/eap with wpa2. Also there has been issues when roaming ap to ap with these devices.

     

    When debugging one of these devices I found:

    Deauth to sta:  <macbookpro>  Ageout AP <ap> Ptk Challenge Failed

    Deauth from sta: <macbookpro> AP <ap> Reason Ptk Challenge Failed

     

    Any comments on that? This problem also came out after the 6.2. update. 

     

    It would be nice to know if others are facing these same issues.  Eagerly waiting for 6.2.0.3... :smileyindifferent:

     


    #3600


  • 2.  RE: Problems with 6.2.0.2

    Posted Feb 19, 2013 07:01 AM

    Hi!

     

    I know they had a bug i 6.1.3.6 that blacklisted clients inaccurately. This happened when they used a VLAN pool with the spread option "even". If you choose to use "hash" instead it might solve your problem.

     

    //Chris



  • 3.  RE: Problems with 6.2.0.2

    Posted Feb 19, 2013 07:25 AM

    Hi

     

    Just disable the ipspoofing  protection of IPV6..in 6.2.0.2 until this bug will be fixed. (inside Stateful firewall tab)

     

    Let's us know if it's solved your IP spoofing issue.



  • 4.  RE: Problems with 6.2.0.2

    Posted Feb 19, 2013 08:11 AM

     

    Do the following on each controller (this is a local setup to the controller) :

     

    Firewall:
    - no firewall prohibit-arp-spoofing
    - no firewall prohibit-ip-spoofing
     
    IDS:
    - ids dos-profile "default"
       no detect-power-save-dos-attack


  • 5.  RE: Problems with 6.2.0.2

    Posted Feb 19, 2013 12:57 PM

    Hi,

     

    I may have just experienced your issue with 6.2.0.2 with the Macbook Pros.  Can you tell me how you debugged that?  What log did you find those errors in?

     

    Thanks,

     

    Chad

     



  • 6.  RE: Problems with 6.2.0.2

    Posted Feb 19, 2013 01:01 PM

     

     

    logging level debugging user-debug <mac>

     

    and then do a show log user-debug all | in DoS or include Reason



  • 7.  RE: Problems with 6.2.0.2

    Posted Feb 19, 2013 01:07 PM

    I appreciate your fast answers. I didn't know that the IP spoofing was local configuration -> now it's disabled in every controller plus  Detect Power Save DoS Attack disabled from IDS.

     

    I'll report later what was the outcome!

     

    Ps. I wonder why they didn't say this straight away from the Aruba support?