Wireless Access

Reply
Occasional Contributor I
Posts: 8
Registered: ‎09-12-2011

Problems with 6.2.0.2

Our production enviroment consists of 3600 controllers and mainly AP-105s. After the installation of 6.2.0.2 from 6.1.3.3 and  the problem starded:

 

1) Controllers started to randomly blacklist clients. All blacklist options are disabled and we haven't use client blacklisting in any situtation before. The reason is "IP Spoofing" although I disabled both " Prohibit IP Spoofing" and "Prohibit ARP Spoofing".

 

I remember that somebody else mentioned this same issue.

 

2) Problems with Apple Macs. Many users have complained that their macbooks or airs are dropping connections, when using 802.1x/eap with wpa2. Also there has been issues when roaming ap to ap with these devices.

 

When debugging one of these devices I found:

Deauth to sta:  <macbookpro>  Ageout AP <ap> Ptk Challenge Failed

Deauth from sta: <macbookpro> AP <ap> Reason Ptk Challenge Failed

 

Any comments on that? This problem also came out after the 6.2. update. 

 

It would be nice to know if others are facing these same issues.  Eagerly waiting for 6.2.0.3... :smileyindifferent:

 

Contributor II
Posts: 54
Registered: ‎04-03-2011

Re: Problems with 6.2.0.2

Hi!

 

I know they had a bug i 6.1.3.6 that blacklisted clients inaccurately. This happened when they used a VLAN pool with the spread option "even". If you choose to use "hash" instead it might solve your problem.

 

//Chris

MVP
Posts: 1,409
Registered: ‎05-28-2008

Re: Problems with 6.2.0.2

[ Edited ]

Hi

 

Just disable the ipspoofing  protection of IPV6..in 6.2.0.2 until this bug will be fixed. (inside Stateful firewall tab)

 

Let's us know if it's solved your IP spoofing issue.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Problems with 6.2.0.2

 

Do the following on each controller (this is a local setup to the controller) :

 

Firewall:
- no firewall prohibit-arp-spoofing
- no firewall prohibit-ip-spoofing
 
IDS:
- ids dos-profile "default"
   no detect-power-save-dos-attack
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor II
Posts: 106
Registered: ‎10-20-2011

Re: Problems with 6.2.0.2

Hi,

 

I may have just experienced your issue with 6.2.0.2 with the Macbook Pros.  Can you tell me how you debugged that?  What log did you find those errors in?

 

Thanks,

 

Chad

 

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Problems with 6.2.0.2

 

 

logging level debugging user-debug <mac>

 

and then do a show log user-debug all | in DoS or include Reason

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 8
Registered: ‎09-12-2011

Re: Problems with 6.2.0.2

I appreciate your fast answers. I didn't know that the IP spoofing was local configuration -> now it's disabled in every controller plus  Detect Power Save DoS Attack disabled from IDS.

 

I'll report later what was the outcome!

 

Ps. I wonder why they didn't say this straight away from the Aruba support? 

Search Airheads
Showing results for 
Search instead for 
Did you mean: