11-15-2012 03:25 AM
First, here's out setup:
650 controller, firmware 184.108.40.206
WPA2-PSK AES SSID with tunneling through controller to one LAN subnet
DHCP server is a Windows server
iOS version 6 (not sure if other versions are affected)
iPhones and iPads lose connectivity intermittently. Switching Wi-Fi on and off or renewing DHPC lease doesn't help. Rebooting the iOS device fixes the issue but it comes back at some point and another reboot is required. I can see that iOS keeps the IP address from DHCP server so there's some connectivity at least. Laptops are working fine.
I enabled debugging on the controller with this: logging level debug user-debug <mac address>
Here's the output I got when the problem was on and I switched Wi-Fi off and back on on an iPhone (SSID and AP name obfuscated):
Nov 15 12:31:23 :501095: <NOTI> |stm| Assoc request @ 12:31:23.550221: 98:03:d8:ea:6a:6a (SN 293): AP 192.168.134.118-d8:c7:c8:ec:b8:30-AP1 Nov 15 12:31:23 :501100: <NOTI> |stm| Assoc success @ 12:31:23.563219: 98:03:d8:ea:6a:6a: AP 192.168.134.118-d8:c7:c8:ec:b8:30-AP1 Nov 15 12:31:23 :501065: <DBUG> |stm| Sending STA 98:03:d8:ea:6a:6a message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x1, wmm:1, rsn_cap:c Nov 15 12:31:23 :500511: <DBUG> |mobileip| Station 98:03:d8:ea:6a:6a, 0.0.0.0: Received association on ESSID: WLAN Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP1 Group default BSSID d8:c7:c8:ec:b8:30, phy g, VLAN 1 Nov 15 12:31:23 :522035: <INFO> |authmgr| MAC=98:03:d8:ea:6a:6a Station UP: BSSID=d8:c7:c8:ec:b8:30 ESSID=WLAN VLAN=1 AP-name=AP1 Nov 15 12:31:23 :500010: <NOTI> |mobileip| Station 98:03:d8:ea:6a:6a, 0.0.0.0: Mobility trail, on switch 192.168.134.18, VLAN 1, AP AP1, WLAN/d8:c7:c8:ec:b8:30/g Nov 15 12:31:24 :522026: <INFO> |authmgr| MAC=98:03:d8:ea:6a:6a IP=192.168.134.112 User miss: ingress=0x10d0, VLAN=1 Nov 15 12:31:24 :522049: <INFO> |authmgr| MAC=98:03:d8:ea:6a:6a,IP=0.0.0.0 User role updated, existing Role=authenticated/none, new Role=authenticated/authenticated, reason=First IP user created Nov 15 12:31:24 :522006: <INFO> |authmgr| MAC=98:03:d8:ea:6a:6a IP=192.168.134.112 User entry added: reason=Sibtye Nov 15 12:31:24 :522049: <INFO> |authmgr| MAC=98:03:d8:ea:6a:6a,IP=192.168.134.112 User role updated, existing Role=authenticated/authenticated, new Role=authenticated/authenticated, reason=User not authenticated for inheriting attributes Nov 15 12:31:24 :522050: <INFO> |authmgr| MAC=98:03:d8:ea:6a:6a,IP=192.168.134.112 User data downloaded to datapath, new Role=authenticated/57, bw Contract=0/0,reason=New user IP processing Nov 15 12:31:24 :522026: <INFO> |authmgr| MAC=98:03:d8:ea:6a:6a IP=192.168.134.112 User miss: ingress=0x10d0, VLAN=1 Nov 15 12:31:24 :522050: <INFO> |authmgr| MAC=98:03:d8:ea:6a:6a,IP=192.168.134.112 User data downloaded to datapath, new Role=authenticated/57, bw Contract=0/0,reason=New user IP processing
I'm new to Aruba so I don't know what that implies, can someone help?
Solved! Go to Solution.
11-15-2012 08:03 PM - edited 11-15-2012 08:06 PM
Check out the DNS
Ipads and all mac devices if you have more than one DNS configured let say you have 220.127.116.11 and 18.104.22.168 he will pick randomly one of those... if for bad luck of you 22.214.171.124 is not working you will get the idea that the network is not working... but it is but he cannot resolve DNS...
Apple devices are not like windows which will always use the first DNS unless he cannot contact it and then he uses the secondary one.
To see the connectivity issue do an extanded ping to the internet, and to oneinternal server or swithch or something
But do it to an IP for example 126.96.36.199 if you see you have no ping drops or you get i don tknow not too many packet loss but you stilll CANT browse you might have a DNS issue... If you see the ping is okay then you start looking for something else.. like the DNS... you can try resolving many sites for example www.google.com then www.yahoo.com and so on and see if suddently you cannot resolve some of those and then you can resolve....
Give it a try, i mean if you have not done this... you need to start with the basics because most of the times is not something really complicated... sometimes its just silly stuff like this and people go on and start doing debugs and all that when its not necesary.
Also like an aside comment
if with apple devices(not sure if its all of them) they cannot communicate with www.apple.com you will see that they are connnected and with an ip address but you will be not able to browse....
Product Manager - Aruba Networks
11-15-2012 11:38 PM
Great suggestion, I'll test DNS and accessing by IP the next time I see this issue. We have only one DNS server for LAN clients but I should at least see if any traffic is going through.
12-04-2012 05:53 AM
Seems that the problem was with internal DNS server which intermittently didn't return query results. For some reason it mostly affected wireless clients which made me think Wi-Fi problems. We haven't seen the issue anymore after restarting DNS service on our Windows server.
Thanks for your help, I'm glad Aruba gear wasn't to blame as we got it to replace HP gear which had lots of problems with Mac clients.
12-04-2012 08:09 AM
Im glad you were able to resolve the issue...
Remember mark the solution of the topic with the accept as a solution button... so when someone is searching don thave to read all the topic to find the asnwer
Product Manager - Aruba Networks
01-22-2013 06:11 PM
I currently have a very similar issue that I am experiencing on iOS devices. The DNS has been checked
And found to be successfully resolving to apple.com.
Are there any other troubleshooting that can be done?