Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
Original Message:
Sent: Jun 05, 2023 11:02 AM
From: AM87
Subject: Key Propagation Failed / STA has roamed to another AP
WPA2 Enterprise using ClearPass.
The wifi driver is what we have, we can't update it as they are corporate laptops.
Original Message:
Sent: Jun 05, 2023 10:52 AM
From: cjoseph
Subject: Key Propagation Failed / STA has roamed to another AP
Yes. is it using WPA2 enterprise or PSK? Also, can you upgrade the wifi driver on that laptop?
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
Original Message:
Sent: Jun 05, 2023 10:44 AM
From: AM87
Subject: Key Propagation Failed / STA has roamed to another AP
It's a Windows Laptop. Is this what you are asking for?
Original Message:
Sent: Jun 05, 2023 10:05 AM
From: cjoseph
Subject: Key Propagation Failed / STA has roamed to another AP
What kind of client is it?
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
Original Message:
Sent: Jun 05, 2023 06:02 AM
From: AM87
Subject: Key Propagation Failed / STA has roamed to another AP
Hi everyone,
We have recently enabled 802.1ax on an APGroup and we have noticed some errors in the AP logs. We have seen a Deauth Reason for "Key Propagation Failed" and an alert for "STA has roamed to another AP". Here are the outputs:
(corpmc05) *#show ap client trail-info AA:AA:AA:AA:AA:AAClient Trail Info-----------------MAC BSSID ESSID AP-name VLAN Deauth Reason Alert--- ----- ----- ------- ---- ------------- -----AA:AA:AA:AA:AA:AA BB:BB:BB:BB:BB:BB WIFICORP W02_S 555 Unspecified Failure STA has roamed to another APDeauth Reason-------------Reason Timestamp------ ---------Unspecified Failure Jun 2 13:39:37Unspecified Failure Jun 2 13:37:13Key Propagation Failed Jun 2 08:58:34Unspecified Failure Jun 2 08:13:39Key Propagation Failed Jun 2 08:13:13Key Propagation Failed Jun 2 08:12:49Key Propagation Failed Jun 2 08:11:37APAE Disconnect Jun 2 08:11:04Unspecified Failure Jun 2 08:10:36APAE Disconnect Jun 2 08:10:32 Num Deauths:10Alerts------Reason Timestamp------ ---------STA has roamed to another AP May 19 14:11:32STA has roamed to another AP May 16 12:58:05STA has roamed to another AP May 12 12:26:07STA has roamed to another AP May 12 12:25:12STA has roamed to another AP May 12 12:24:56STA has roamed to another AP May 12 12:24:45STA has roamed to another AP May 12 09:39:51STA has roamed to another AP May 8 08:57:31STA has roamed to another AP Apr 25 12:55:36STA has roamed to another AP Apr 24 10:40:24Num Alerts:10Mobility Trail--------------BSSID ESSID AP-name VLAN Timestamp----- ----- ------- ---- ---------BB:BB:BB:BB:BB:BB WIFICORP W02_S 555 Jun 2 13:39:37BB:BB:BB:BB:BB:BB WIFICORP W02_S 555 Jun 2 13:37:13BB:BB:BB:BB:BB:BB WIFICORP W02_S 555 Jun 2 13:37:13BB:BB:BB:BB:BB:BB WIFICORP W01_S 555 Jun 2 13:37:13BB:BB:BB:BB:BB:BB WIFICORP W01_S 555 Jun 2 08:58:34BB:BB:BB:BB:BB:BB WIFICORP W01_S 555 Jun 2 08:58:34BB:BB:BB:BB:BB:BB WIFICORP E02_S 555 Jun 2 08:58:34BB:BB:BB:BB:BB:BB WIFICORP E02_S 555 Jun 2 08:57:38BB:BB:BB:BB:BB:BB WIFICORP E02_S 555 Jun 2 08:57:38BB:BB:BB:BB:BB:BB WIFICORP E03_S 555 Jun 2 08:13:39Num Mobility Trails:10
In the mobility trail for the wifi user, we have seen that it is roaming between 2 APs from the same group where the 802.1ax has been enabled. Here are the outputs:
(corpmc05) *#show ap association ap-name W02_SThe phy column shows client's operational capabilities for current associationFlags: A: Active, B: Band Steerable, H: Hotspot(802.11u) client, K: 802.11K client, M: Mu beam formee, R: 802.11R client, W: WMM client, w: 802.11w client, V: 802.11v BSS trans capable, P: Punctured preamble, U: HE UL Mu-mimo, O: OWE client, S: SAE client, E: Enterprise client, m: Agile Multiband client, C: Cellular Data Capable - network available, c: Cellular Data Capable - network unavailable, p: Pending GSM activation, T: Individual TWT client, t: Broadcast TWT clientPHY Details: HT : High throughput; 20: 20MHz; 40: 40MHz; t: turbo-rates (256-QAM) VHT : Very High throughput; 80: 80MHz; 160: 160MHz; 80p80: 80MHz + 80MHz HE : High Efficiency; 80: 80MHz; 160: 160MHz; 80p80: 80MHz + 80MHz <n>ss: <n> spatial streamsAssociation Table-----------------Name bssid mac auth assoc aid l-int essid vlan-id tunnel-id phy assoc. time num assoc Flags Band steer moves (T/S) phy_cap---- ----- --- ---- ----- --- ----- ----- ------- --------- --- ----------- --------- ----- ---------------------- -------W02_S BB:BB:BB:BB:BB:BB CC:CC:CC:CC:CC:CC y y 4 20 WIFICORP 555 0x10737 a-HE-40-2ss 1h:19m:2s 1 WVKRAB 0/0 a-HE-80-2ss-RKVW02_S BB:BB:BB:BB:BB:BB DD:DD:DD:DD:DD:DD y y 7 250 WIFICORP 555 0x10737 a-VHT-40sgi-2ss 41m:47s 1 WVKAB 0/0 a-VHT-80sgi-2ss-KVW02_S BB:BB:BB:BB:BB:BB EE:EE:EE:EE:EE:EE y y 10 20 WIFICORP 555 0x10737 a-HE-40-2ss 11m:10s 2 WVKRAB 0/0 a-HE-80-2ss-RKVW02_S BB:BB:BB:BB:BB:BB FF:FF:FF:FF:FF:FF y 9 1 WIFICORP 555 0x10737 a-HE-40-2ss 1h:45m:10s 2 WVKRAB 0/0 a-HE-80-2ss-RKVW02_S BB:BB:BB:BB:BB:BB GG:GG:GG:GG:GG:GG y y 5 1 WIFICORP 555 0x10737 a-HE-40-2ss 4h:49m:35s 1 WVKAB 0/0 a-HE-80-2ss-KV
Any idea why is this happening? I've perfomed some research but no info has been found. This issue has appeared right after enabling 802.1ax.
Any help is appreciated :)