In my new controller 7205 with 220.127.116.11 version we are experiencing some connection problems. It's a wifi with dot1x auth and internal DHCP for ip assignment. As you can see in the debug log of one of affeted user, The authentication aginst Radius is correct (I can confirm this with Radius logs), and after, when smartphone client ask for IP, it never gets... But if you see the logs or DHCP binding, the controller is offering correctly the IP to client.
The only error you see in the log, is this Deauthentication --->
Mar 29 10:07:12 :522245: <DBUG> |authmgr| user_age() called for MAC bc:f5:ac:f7:5b:0f IP 192.168.56.9.Mar 29 10:07:17 :501102: <NOTI> |AP AP-SISTEMAS@172.18.8.30 stm| Disassoc from sta: bc:f5:ac:f7:5b:0f: AP 172.18.8.30-84:d4:7e:ae:3c:13-AP-SISTEMAS Reason STA has left and is disassociatedMar 29 10:07:17 :501000: <DBUG> |AP AP-SISTEMAS@172.18.8.30 stm| Station bc:f5:ac:f7:5b:0f: Clearing stateMar 29 10:07:17 :522296: <DBUG> |authmgr| Auth GSM : USER_STA delete event for user bc:f5:ac:f7:5b:0f age 0 deauth_reason 8Mar 29 10:07:17 :522036: <INFO> |authmgr| MAC=bc:f5:ac:f7:5b:0f Station DN: BSSID=84:d4:7e:ae:3c:13 ESSID=gsmart VLAN=56 AP-name=AP-SISTEMASMar 29 10:07:17 :522234: <DBUG> |authmgr| Setting idle timer for user bc:f5:ac:f7:5b:0f to 300 seconds (idle timeout: 300 ageout: 0).Mar 29 10:07:17 :501000: <DBUG> |stm| Station bc:f5:ac:f7:5b:0f: Clearing state
If you wait several minutes.... finally the client can connect correctly, but if the client moves from an AP to another AP (roaming), the problem returns...
Can you help me please?
With my old controller (3200XM) with 18.104.22.168 version I have not this problem... and the only difference in settings between old and new controller is in the old I had forced ARM to max Tx EIRP... in the RF Management options... but I don't think this is the problem.
Thanks in advance,
What APs are you using ?
Do you have 802.11k enabled ?
What type of smarphones are you having issues with ?
Can you share the user-role ACLs, show rights
How's ARM EIRP levels configured ?
105, 93 and some 205's models
Android... with IOS I think no problem right now...
"ip access-list session ses_pol_PTM-gsmart-Auth_role user alias "Private Networks" any deny user any any permit"
As you can see... for this service we have a very simple config... so only permit access to internet for the smartphones
802.11a Max Tx EIRP18 and Min Tx EIRP 12
802.11g Max Tx EIRP9 and Min Tx EIRP 6
before... with old controller I had configured 127 value for min and max...
I can sure that VHT is disable.... but, where I can see the 80 MHz config?
Ok I see... thanks... I had it Enable... so right now I will disable 80MHz support
I can confirm... the problem occurs when I move from an Access Point to another Access Point... Then the client (smartphone) can't connect until a few minutes... Looks like the connection had freezed a few minutes... The client remains in "getting IP" continuosly... but in the logs, the controller offers an IP address to client without problem, so I think that the DHCP isn't the problem...
I'm not using DFS channels... Respect to 802.11ac APs, actually I have only two 205 Aps and 45 APs 105's or 93. Anyway I have already disable 80 Mhz.
I'm going to try to increase the EIRP in order to check if this solve my problem... although I don't think...
Yesterday I increased de EIRP but didn't solve my problem... as I expected. I have realized more test for today... and I can confirm that...
1.- First connection to my WiFi without problems...
2.- If I move around the building within the wireless coverage area... I continue connected to the wifi with my smartphone.
3.- If I leave the coverage area, when I come back no longer reconnect. I have to turn off the wifi on the smartphone five minutes ... then I turn and connects me
In the debug log only I see the as I attached yesterady in my first post...
Have you some idea about this...?
Thanks and regards
You would only increase the EIRP on the 802.11a radio...
Thanks.... I have done right now... But the problem continue... I don't think that modificating the EIRP values I can solve theses "disconnections"...
CJMORENO, were you ever able to solve this issue? We're running into a very similar issue after changing the vlan assignment within a user-role. Our clients sit and spin when attempting to connect to the SSID even though they are showing up in the controller's user-table in the correct user-role. I've found that when I issue a "aaa user delete mac x.x.x.x.x.x" the client is able to reconnect but the issue eventually reappears. I do have a case open but am waiting to hear back from TAC. Thanks in advance!
It is not recommended to change the VLAN within a user role. Is this a Captive Portal SSID or 802.1x SSID? If you are using a radius server, you should use a radius attribute to change the VLAN, instead.
Also, the case above is two years old, so there is a 50/50 chance of whether it was hardware, software, configuration or environment that caused that issue.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.