Wireless Access

 View Only
last person joined: 3 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

Key Propagation Failed / STA has roamed to another AP

This thread has been viewed 31 times
  • 1.  Key Propagation Failed / STA has roamed to another AP

    Posted Jun 05, 2023 06:02 AM

    Hi everyone,

    We have recently enabled 802.1ax on an APGroup and  we have noticed some errors in the AP logs. We have seen a Deauth Reason for "Key Propagation Failed" and an alert for "STA has roamed to another AP". Here are the outputs:

    (corpmc05) *#show ap client trail-info AA:AA:AA:AA:AA:AA
    
    Client Trail Info
    -----------------
    MAC                BSSID              ESSID     AP-name          VLAN  Deauth Reason        Alert
    ---                -----              -----     -------          ----  -------------        -----
    AA:AA:AA:AA:AA:AA  BB:BB:BB:BB:BB:BB  WIFICORP  W02_S  555   Unspecified Failure  STA has roamed to another AP
    
    Deauth Reason
    -------------
    Reason                  Timestamp
    ------                  ---------
    Unspecified Failure     Jun  2 13:39:37
    Unspecified Failure     Jun  2 13:37:13
    Key Propagation Failed  Jun  2 08:58:34
    Unspecified Failure     Jun  2 08:13:39
    Key Propagation Failed  Jun  2 08:13:13
    Key Propagation Failed  Jun  2 08:12:49
    Key Propagation Failed  Jun  2 08:11:37
    APAE Disconnect         Jun  2 08:11:04
    Unspecified Failure     Jun  2 08:10:36
    APAE Disconnect         Jun  2 08:10:32            
    Num Deauths:10
    
    Alerts
    ------
    Reason                        Timestamp
    ------                        ---------
    STA has roamed to another AP  May 19 14:11:32
    STA has roamed to another AP  May 16 12:58:05
    STA has roamed to another AP  May 12 12:26:07
    STA has roamed to another AP  May 12 12:25:12
    STA has roamed to another AP  May 12 12:24:56
    STA has roamed to another AP  May 12 12:24:45
    STA has roamed to another AP  May 12 09:39:51
    STA has roamed to another AP  May  8 08:57:31
    STA has roamed to another AP  Apr 25 12:55:36
    STA has roamed to another AP  Apr 24 10:40:24
    Num Alerts:10
    
    Mobility Trail
    --------------
    BSSID              ESSID     AP-name          VLAN  Timestamp
    -----              -----     -------          ----  ---------
    BB:BB:BB:BB:BB:BB  WIFICORP  W02_S  555   Jun  2 13:39:37
    BB:BB:BB:BB:BB:BB  WIFICORP  W02_S  555   Jun  2 13:37:13
    BB:BB:BB:BB:BB:BB  WIFICORP  W02_S  555   Jun  2 13:37:13
    BB:BB:BB:BB:BB:BB  WIFICORP  W01_S  555   Jun  2 13:37:13
    BB:BB:BB:BB:BB:BB  WIFICORP  W01_S  555   Jun  2 08:58:34
    BB:BB:BB:BB:BB:BB  WIFICORP  W01_S  555   Jun  2 08:58:34
    BB:BB:BB:BB:BB:BB  WIFICORP  E02_S  555   Jun  2 08:58:34
    BB:BB:BB:BB:BB:BB  WIFICORP  E02_S  555   Jun  2 08:57:38
    BB:BB:BB:BB:BB:BB  WIFICORP  E02_S  555   Jun  2 08:57:38
    BB:BB:BB:BB:BB:BB  WIFICORP  E03_S  555   Jun  2 08:13:39
    Num Mobility Trails:10
    

    In the mobility trail for the wifi user, we have seen that it is roaming between 2 APs from the same group where the 802.1ax has been enabled. Here are the outputs:

    (corpmc05) *#show ap association ap-name W02_S
    
    The phy column shows client's operational capabilities for current association
    
    Flags: A: Active, B: Band Steerable, H: Hotspot(802.11u) client, K: 802.11K client, M: Mu beam formee, R: 802.11R client, W: WMM client, w: 802.11w client, V: 802.11v BSS trans capable, P: Punctured preamble, U: HE UL Mu-mimo, O: OWE client, S: SAE client, E: Enterprise client, m: Agile Multiband client, C: Cellular Data Capable - network available, c: Cellular Data Capable - network unavailable, p: Pending GSM activation, T: Individual TWT client, t: Broadcast TWT client
    
    PHY Details: HT   : High throughput;      20: 20MHz;  40: 40MHz; t: turbo-rates (256-QAM)
                 VHT  : Very High throughput; 80: 80MHz; 160: 160MHz; 80p80: 80MHz + 80MHz
                 HE   : High Efficiency;       80: 80MHz; 160: 160MHz; 80p80: 80MHz + 80MHz
                 <n>ss: <n> spatial streams
    
    Association Table
    -----------------
    Name             bssid              mac                auth  assoc  aid  l-int  essid     vlan-id  tunnel-id  phy              assoc. time  num assoc  Flags   Band steer moves (T/S)  phy_cap
    ----             -----              ---                ----  -----  ---  -----  -----     -------  ---------  ---              -----------  ---------  -----   ----------------------  -------
    W02_S  BB:BB:BB:BB:BB:BB  CC:CC:CC:CC:CC:CC  y     y      4    20     WIFICORP  555      0x10737    a-HE-40-2ss      1h:19m:2s    1          WVKRAB  0/0                     a-HE-80-2ss-RKV
    W02_S  BB:BB:BB:BB:BB:BB  DD:DD:DD:DD:DD:DD  y     y      7    250    WIFICORP  555      0x10737    a-VHT-40sgi-2ss  41m:47s      1          WVKAB   0/0                     a-VHT-80sgi-2ss-KV
    W02_S  BB:BB:BB:BB:BB:BB  EE:EE:EE:EE:EE:EE  y     y      10   20     WIFICORP  555      0x10737    a-HE-40-2ss      11m:10s      2          WVKRAB  0/0                     a-HE-80-2ss-RKV
    W02_S  BB:BB:BB:BB:BB:BB  FF:FF:FF:FF:FF:FF     y      9    1      WIFICORP  555      0x10737    a-HE-40-2ss      1h:45m:10s   2          WVKRAB  0/0                     a-HE-80-2ss-RKV
    W02_S  BB:BB:BB:BB:BB:BB  GG:GG:GG:GG:GG:GG  y     y      5    1      WIFICORP  555      0x10737    a-HE-40-2ss      4h:49m:35s   1          WVKAB   0/0                     a-HE-80-2ss-KV
    

    Any idea why is this happening? I've perfomed some research but no info has been found. This issue has appeared right after enabling 802.1ax.

    Any help is appreciated :)



  • 2.  RE: Key Propagation Failed / STA has roamed to another AP

     
    Posted Jun 05, 2023 10:06 AM

    What kind of client is it?



    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 3.  RE: Key Propagation Failed / STA has roamed to another AP

    Posted Jun 05, 2023 10:44 AM

    It's a Windows Laptop. Is this what you are asking for?




  • 4.  RE: Key Propagation Failed / STA has roamed to another AP

     
    Posted Jun 05, 2023 10:53 AM

    Yes.  is it using WPA2 enterprise or PSK?  Also, can you upgrade the wifi driver on that laptop?



    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 5.  RE: Key Propagation Failed / STA has roamed to another AP

    Posted Jun 05, 2023 11:02 AM

    WPA2 Enterprise using ClearPass. 

    The wifi driver is what we have, we can't update it as they are corporate laptops.




  • 6.  RE: Key Propagation Failed / STA has roamed to another AP

     
    Posted Jun 05, 2023 11:08 AM

    What is the adapter model/manufacturer and do you have a driver date/version? 



    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------