Hi All,
I've got a customer with an intermittent issue where iPds cannot connect to their EAP-TLS SSID. It's a aruba controller / amigopod MDAC setup. The controller and amigopod are on the latest version of code.
The ipads that I was testing on were approximately 5 metres away from an AP125 which was transmitting at an acceptible level.
Here's what the auth-tracebuf shows when it fails.
Jul 4 09:54:07 station-term-start * 64:20:0c:30:85:ac 00:1a:1e:76:6d:c0 1 -
Jul 4 09:54:08 eap-term-start -> 64:20:0c:30:85:ac 00:1a:1e:76:6d:c0/dot1x_prof-ora28 - -
Jul 4 09:54:08 station-term-start * 64:20:0c:30:85:ac 00:1a:1e:76:6d:c0 1 -
Jul 4 09:54:12 eap-term-start -> 64:20:0c:30:85:ac 00:1a:1e:76:6d:c0/dot1x_prof-ora28 - -
Jul 4 09:54:12 station-term-start * 64:20:0c:30:85:ac 00:1a:1e:76:6d:c0 1 -
Jul 4 09:54:19 station-down * 64:20:0c:30:85:ac 00:1a:1e:76:6d:c0 - -
Jul 4 09:54:19 station-up * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 - - wpa2 aes
Jul 4 09:54:19 station-term-start * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 1 -
Jul 4 09:54:19 client-cert -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 1400 2062
Jul 4 09:54:19 client-cert -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 2062 2062
Jul 4 09:54:25 station-term-end * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 7616 - failure
Jul 4 09:54:25 station-down * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 - -
Jul 4 10:04:27 station-up * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 - - wpa2 aes
Jul 4 10:04:27 station-term-start * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 1 -
Jul 4 10:04:27 client-cert -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 1400 2062
Jul 4 10:04:27 client-cert -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 2062 2062
Jul 4 10:04:32 station-term-end * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 7616 - failure
Jul 4 10:04:32 station-down * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 - -
Jul 4 10:04:37 station-up * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 - - wpa2 aes
Jul 4 10:04:37 station-term-start * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 1 -
Jul 4 10:04:37 client-cert -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 1400 2062
Jul 4 10:04:37 client-cert -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 2062 2062
Jul 4 10:04:42 station-term-end * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 7616 - failure
Jul 4 10:04:42 station-down * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 - -
Jul 4 10:04:47 station-up * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 - - wpa2 aes
Jul 4 10:04:47 station-term-start * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 1 -
Jul 4 10:04:47 client-cert -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 1400 2062
Jul 4 10:04:47 client-cert -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 2062 2062
Jul 4 10:04:52 station-term-end * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 7616 - failure
Jul 4 10:04:52 station-down * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 - -
and here it is 15 minutes later when it's sucessful (no changes we made to client/controller/AP/amigopod other that looking at it and I'm positive quantum mechanics isn't playing a part!)
Jul 4 10:20:48 station-down * 64:20:0c:30:85:ac 00:1a:1e:76:60:00 - -
Jul 4 10:21:39 station-up * 64:20:0c:30:85:ac 00:1a:1e:76:60:00 - - wpa2 aes
Jul 4 10:21:39 station-term-start * 64:20:0c:30:85:ac 00:1a:1e:76:60:00 1 -
Jul 4 10:21:39 eap-term-start -> 64:20:0c:30:85:ac 00:1a:1e:76:60:00/dot1x_prof-ora28 - -
Jul 4 10:21:39 station-term-start * 64:20:0c:30:85:ac 00:1a:1e:76:60:00 1 -
Jul 4 10:21:44 eap-term-start -> 64:20:0c:30:85:ac 00:1a:1e:76:60:00/dot1x_prof-ora28 - -
Jul 4 10:21:44 station-term-start * 64:20:0c:30:85:ac 00:1a:1e:76:60:00 1 -
Jul 4 10:21:49 eap-term-start -> 64:20:0c:30:85:ac 00:1a:1e:76:60:00/dot1x_prof-ora28 - -
Jul 4 10:21:49 station-term-start * 64:20:0c:30:85:ac 00:1a:1e:76:60:00 1 -
Jul 4 10:21:54 station-down * 64:20:0c:30:85:ac 00:1a:1e:76:60:00 - -
Jul 4 10:21:54 station-up * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 - - wpa2 aes
Jul 4 10:21:54 station-term-start * 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 1 -
Jul 4 10:21:54 client-cert -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 1400 2062
Jul 4 10:21:54 client-cert -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 2062 2062
Jul 4 10:21:54 client-finish -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 - -
Jul 4 10:21:54 server-finish <- 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 - -
Jul 4 10:21:54 server-finish-ack -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 - -
Jul 4 10:21:54 user-validate-req -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 - - user.name
Jul 4 10:21:54 user-validate-success <- 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/Amigopod - - user.name
Jul 4 10:21:54 eap-success <- 64:20:0c:30:85:ac 00:1a:1e:76:70:b0/dot1x_prof-ora28 - -
Jul 4 10:21:54 station-data-ready * 64:20:0c:30:85:ac 00:00:00:00:00:00 1 -
Jul 4 10:21:54 wpa2-key1 <- 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 - 117
Jul 4 10:21:54 wpa2-key2 -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 - 117
Jul 4 10:21:54 wpa2-key3 <- 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 - 151
Jul 4 10:21:54 wpa2-key4 -> 64:20:0c:30:85:ac 00:1a:1e:76:70:b0 - 95
There are no issues with the time one the controller or amigopod. The OCSP URL is correct and accessible from the controller.
The SNR sometimes drops below 30 on the iPads I was testing on, would this affect things in this way?
Cheers
James