Wireless Access

Reply
Occasional Contributor I

Problems with 6.2.0.2

Our production enviroment consists of 3600 controllers and mainly AP-105s. After the installation of 6.2.0.2 from 6.1.3.3 and  the problem starded:

 

1) Controllers started to randomly blacklist clients. All blacklist options are disabled and we haven't use client blacklisting in any situtation before. The reason is "IP Spoofing" although I disabled both " Prohibit IP Spoofing" and "Prohibit ARP Spoofing".

 

I remember that somebody else mentioned this same issue.

 

2) Problems with Apple Macs. Many users have complained that their macbooks or airs are dropping connections, when using 802.1x/eap with wpa2. Also there has been issues when roaming ap to ap with these devices.

 

When debugging one of these devices I found:

Deauth to sta:  <macbookpro>  Ageout AP <ap> Ptk Challenge Failed

Deauth from sta: <macbookpro> AP <ap> Reason Ptk Challenge Failed

 

Any comments on that? This problem also came out after the 6.2. update. 

 

It would be nice to know if others are facing these same issues.  Eagerly waiting for 6.2.0.3... :smileyindifferent:

 

Contributor II

Re: Problems with 6.2.0.2

Hi!

 

I know they had a bug i 6.1.3.6 that blacklisted clients inaccurately. This happened when they used a VLAN pool with the spread option "even". If you choose to use "hash" instead it might solve your problem.

 

//Chris

Re: Problems with 6.2.0.2

Hi

 

Just disable the ipspoofing  protection of IPV6..in 6.2.0.2 until this bug will be fixed. (inside Stateful firewall tab)

 

Let's us know if it's solved your IP spoofing issue.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************

Re: Problems with 6.2.0.2

 

Do the following on each controller (this is a local setup to the controller) :

 

Firewall:
- no firewall prohibit-arp-spoofing
- no firewall prohibit-ip-spoofing
 
IDS:
- ids dos-profile "default"
   no detect-power-save-dos-attack
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor II

Re: Problems with 6.2.0.2

Hi,

 

I may have just experienced your issue with 6.2.0.2 with the Macbook Pros.  Can you tell me how you debugged that?  What log did you find those errors in?

 

Thanks,

 

Chad

 

Re: Problems with 6.2.0.2

 

 

logging level debugging user-debug <mac>

 

and then do a show log user-debug all | in DoS or include Reason

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I

Re: Problems with 6.2.0.2

I appreciate your fast answers. I didn't know that the IP spoofing was local configuration -> now it's disabled in every controller plus  Detect Power Save DoS Attack disabled from IDS.

 

I'll report later what was the outcome!

 

Ps. I wonder why they didn't say this straight away from the Aruba support? 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: